Last updated: 11/10/2025

At CIRTA AGENCY LTD ("we", "us", "our"), we are committed to protecting and respecting your privacy. This privacy policy explains how we collect, use, store, and protect your personal data when you use our website, in accordance with the General Data Protection Regulation (GDPR) and other applicable laws.

1. Information We Collect

We collect information when you interact with our site, fill in a form, or communicate with us.

• Information you provide directly: name, email address, telephone number, company name, and any other information you choose to provide to us via our contact forms or by email.
• Data collected automatically: technical information about your device, including your IP address, browser type and version, time zone setting, and operating system.
• Website usage data: information about how you navigate our site, such as pages visited, time spent on each page, and navigation paths.
• Cookies and similar technologies: we use cookies to distinguish visitors, improve our site, and personalise your experience. For more details, please see our section on cookies.

2. Use and Legal Basis for Processing Your Information

We only use your personal data when the law allows us to. Here are the purposes and corresponding legal bases:

• To provide our services and respond to your enquiries (Legal basis: contractual necessity and legitimate interest to manage our client relationship).
• To improve our website and services (Legal basis: legitimate interest to develop our business and marketing strategy).
• To manage our relationship with you, including notifying you about changes to our services or our privacy policy (Legal basis: contractual necessity and legal obligation).
• To send you marketing communications about our services, promotions, and news (Legal basis: your explicit consent. You can withdraw this consent at any time).

3. Data Sharing and International Transfers

We do not sell your personal information. We may share it with trusted third parties in the following cases:

• Service providers: companies that provide IT and system administration services to us (e.g., hosting, data analysis, CRM services). These third parties are required to respect the security of your data.
• Legal obligations: if we are required to disclose your data to comply with a legal obligation, a court order, or a governmental request.

Some of our service providers may be based outside the United Kingdom or the European Economic Area (EEA). In such cases, we ensure that an adequate level of protection is in place, including through the use of approved Standard Contractual Clauses (SCCs).

4. Data Security

We have implemented robust technical and organisational security measures to prevent your personal data from being accidentally lost, used, accessed in an unauthorised way, altered, or disclosed. These measures include encryption, access controls, and staff training. We also have procedures in place to deal with any suspected data breach.

5. Data Retention Period

We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. To determine the appropriate retention period, we consider the amount, nature, and sensitivity of the data, as well as the potential risk of harm.

6. Your Data Protection Rights

Under GDPR, you have several rights over your personal data:

• Right of access: to request a copy of the information that we hold about you.
• Right to rectification: to request the correction of inaccurate or incomplete data.
• Right to erasure ("right to be forgotten"): to request the deletion of your data under certain conditions.
• Right to restriction of processing: to request that we suspend the processing of your data.
• Right to data portability: to receive your data in a structured, machine-readable format.
• Right to object: to object to the processing of your data, particularly for direct marketing purposes.

You also have the right to lodge a complaint with the relevant supervisory authority. In the UK, this is the Information Commissioner's Office (ICO).

7. Use of Cookies

Our site uses cookies to improve your user experience. Cookies are small text files placed on your device. We use essential cookies (for the site to function), performance cookies (to analyse site usage), and marketing cookies (to personalise advertising). You can set your browser to refuse all or some cookies, but some parts of the site may become inaccessible or not function properly.

8. Changes to this Policy

We may update this policy from time to time. Any changes will be posted on this page with the new update date. In the event of a significant change, we will notify you by email or via a notice on our site.

9. Contact

For any questions about this privacy policy or to exercise any of your rights, please contact us:

CIRTA AGENCY LTD
71-75 Shelton Street, Covent Garden, London, United Kingdom, WC2H 9JQ
Email: hello@cirta-agency.co.uk
Phone / WhatsApp: +213 783 906 075