Privacy Policy
This Privacy Policy explains how Tairo Ventures Ltd ("Tairo Ventures", "we", "us", "our") collects, uses, discloses, and protects personal data when you visit tairoventures.com or otherwise interact with us. We act as the data controller of the personal data described here.
1. Who we are
Tairo Ventures Ltd is a private limited company incorporated in England and Wales under company number 17186608. Our registered office is at 66 Paul Street, London EC2A 4NA, United Kingdom.
For privacy questions, contact us at info@tairoventures.com.
Tairo Ventures Ltd is not required to appoint a statutory Data Protection Officer under Article 37 UK GDPR, and one has not been appointed. Privacy questions are handled by the director.
Tairo Ventures Ltd is established in the United Kingdom and currently directs its services to clients in the United Kingdom. We do not actively offer services to data subjects in the European Union or European Economic Area within the meaning of Article 3(2) of the EU GDPR, and we do not monitor the behaviour of users in those territories. Where we engage with EU-based individuals on an occasional basis, we rely on the exemption in Article 27(2)(a) of the EU GDPR. We will appoint an EU representative if and when our activities cross that threshold.
2. Personal data we collect
We collect the following categories of personal data:
- Contact data, such as name, email address, postal address, telephone number, and employer when you contact us, engage with us, or sign a contract.
- Communications data, such as the content of emails, messages, and meeting notes that you send or share with us.
- Engagement data, including project deliverables, contracts, invoices, and the records of services performed.
- Technical data, including IP address, browser type, device information, referring page, and timestamps, collected by our hosting infrastructure for security and operational logs.
We do not knowingly collect personal data from children. Where consent is required for the use of an information-society service, that consent must be given by the child's parent or guardian if the child is under 16, or under 13 in the United Kingdom and in EU member states applying that lower threshold.
3. How we collect personal data
We collect personal data when you (a) contact us by email or web form, (b) enter into a service agreement with us, (c) attend a meeting or call with us, or (d) visit our website (limited technical data only).
4. Lawful bases for processing (UK / EU)
We rely on the following lawful bases under Article 6 of the UK GDPR and EU GDPR:
- Performance of a contract, to deliver the services you have engaged us to provide.
- Legitimate interests, to operate, secure, and improve our business, communicate with prospective clients, and pursue or defend legal claims.
- Legal obligation, to comply with tax, accounting, anti-money-laundering, and other statutory requirements.
- Consent, where you have given specific consent for a particular use, which you may withdraw at any time.
5. How we use personal data
- To deliver and administer our services and engagements.
- To respond to enquiries and maintain client relationships.
- To issue invoices and process payments.
- To meet legal, tax, and regulatory obligations.
- To secure our systems and prevent fraud or abuse.
We do not sell personal data, and we do not use it for automated decision-making that produces legal or similarly significant effects.
6. Disclosure to third parties
We share personal data only where necessary, with:
- Service providers under written processing agreements (cloud hosting, email infrastructure, accounting platforms, payment processors).
- Professional advisers (accountants, lawyers, auditors) under their professional duties of confidentiality.
- Regulators, tax authorities, or courts where required by law.
- A successor entity in the event of a sale, merger, or reorganisation.
7. International transfers
Some of our service providers process personal data outside the United Kingdom and the European Economic Area, including in the United States. Where this happens, we rely on one or more of the following safeguards, as applicable to the recipient and the destination country:
- The UK adequacy regulations and the European Commission's adequacy decisions, where the recipient country benefits from one.
- The EU-US Data Privacy Framework (DPF) and the UK Extension to the DPF (the UK-US Data Bridge), where the recipient is certified.
- The UK International Data Transfer Agreement, the UK Addendum to the EU Standard Contractual Clauses, or the EU Standard Contractual Clauses, where neither of the above applies.
We carry out a transfer risk assessment where the law requires one, and we apply additional technical and organisational safeguards (such as encryption in transit and at rest) where the assessment recommends them.
8. Retention
We keep personal data only as long as necessary for the purposes for which it was collected and to meet legal obligations. Engagement records, contracts, invoices, and tax-relevant documents are kept for at least six years from the end of the financial year to which they relate, as required by UK company and tax law (Companies Act 2006 section 388 and Value Added Tax Act 1994 Schedule 11). Some categories may be kept longer where a legitimate interest, such as defending or pursuing legal claims under the Limitation Act 1980, justifies it. Marketing and prospect data are reviewed and deleted regularly.
9. Your rights (UK / EU)
If the UK GDPR or EU GDPR applies to you, you have the right to:
- Access the personal data we hold about you.
- Request correction of inaccurate or incomplete data.
- Request erasure of your personal data, in certain circumstances.
- Restrict or object to processing, in certain circumstances.
- Data portability, where processing is based on consent or contract and is automated.
- Withdraw consent at any time, where processing is based on consent.
- Lodge a complaint with the Information Commissioner's Office (ico.org.uk) in the UK, or with your local supervisory authority in the EU.
10. Your rights (US state privacy laws)
If you are a resident of a US state with a comprehensive consumer privacy law in force, including (without limitation) California, Virginia, Colorado, Connecticut, Utah, Texas, Oregon, Montana, Iowa, Delaware, New Hampshire, New Jersey, Tennessee, Minnesota, Maryland, Indiana, Kentucky, or Rhode Island, you may have the right to:
- Know or access the personal information we hold about you.
- Request deletion of your personal information.
- Request correction of inaccurate personal information.
- Opt out of the sale or sharing of personal information and of targeted advertising. We do not sell personal information, do not share it for cross-context behavioural advertising, and do not engage in cross-context behavioural advertising.
- Limit the use and disclosure of sensitive personal information (California CPRA and equivalent rights in some other states).
- Appeal a refusal of a privacy request, where the applicable law provides that right.
- Non-discrimination for exercising your privacy rights.
California residents may also use an authorised agent to make requests on their behalf, in line with section 1798.140 of the California Civil Code. We do not offer financial incentives in exchange for personal information. We do not disclose personal information to third parties for their direct-marketing purposes within the meaning of California Civil Code section 1798.83 ("Shine the Light").
To exercise any of these rights, contact us at info@tairoventures.com. We will respond within the period required by applicable law.
11. Security
We apply reasonable technical and organisational measures to protect personal data against unauthorised access, loss, or alteration. No system is perfectly secure; we will notify affected individuals and regulators of qualifying personal data breaches as required by law.
12. Cookies
We use only strictly necessary cookies, where any are used at all. See our Cookie Policy for details.
13. Changes to this policy
We may update this Privacy Policy from time to time. The "Last updated" date at the top of the page reflects the most recent revision. Material changes will be highlighted on the website.
14. Contact
For any privacy-related question, request, or complaint, write to info@tairoventures.com or to Tairo Ventures Ltd, 66 Paul Street, London EC2A 4NA, United Kingdom.