SPAPIAudit

Privacy Policy

Last updated: June 2025

1. Who We Are

This website is operated by Maia's Company Limited, a company registered in England and Wales (company number 07017219), with a registered office at 232 Shooters Hill Road, London, England, SE3 8UW (“we”, “us”, “our”).

We are the data controller for personal data collected through this website. Our ICO registration number is [ICO registration number — to be confirmed].

Questions about this policy or your personal data should be directed to: [PLACEHOLDER — contact email].

2. What Data We Collect

We collect personal data through the following means:

Contact and consultation forms

When you submit a contact form or book a consultation, we collect your name, company name, job title, email address, website URL, and any information you provide about your current situation or requirements.

Checklist download

When you request our free checklist, we collect your email address and, optionally, your name and company name.

Booking (Cal.com)

When you book a consultation via our calendar booking tool (provided by Cal.com), Cal.com collects your name, email address, and any details you provide in the booking form. Cal.com acts as a data processor on our behalf. Please also refer to Cal.com's privacy policy.

Usage data and cookies

We may collect standard server log data (IP address, browser type, pages visited, referrer) for security and operational purposes. Please see our Cookie Policy for details of cookies we use.

3. How We Use Your Data

We use the data we collect for the following purposes:

  • To respond to your enquiry and provide the advisory services you have requested.
  • To send you the checklist or other resources you have requested.
  • To manage consultation bookings and follow up after meetings.
  • To maintain records of our client relationships and service delivery.
  • To improve the website and our services.
  • To comply with legal obligations.

4. Lawful Basis for Processing

We rely on the following lawful bases under UK GDPR:

  • Legitimate interests: for responding to enquiries, sending requested resources, and maintaining client relationships — where our interest in doing so does not override your interests or rights.
  • Contract: where processing is necessary to perform a contract with you or take pre-contractual steps at your request.
  • Legal obligation: where we are required by law to retain certain records.

5. Data Retention

We retain personal data for as long as necessary to fulfil the purposes for which it was collected and to comply with legal obligations. Enquiry and lead data is reviewed annually and deleted when no longer required. Client engagement records may be retained for up to seven years for legal and accounting purposes.

6. Data Sharing and Sub-processors

We share personal data with the following third-party processors:

  • Supabase Inc. — our database provider, which stores form submissions and contact data.
  • Resend Inc. — our transactional email provider, which delivers notification emails and checklist delivery emails.
  • Cal.com, Inc. — our calendar booking provider.
  • Vercel Inc. — our hosting provider.

All processors are contractually bound to process personal data only on our instructions and in accordance with applicable data protection law.

We do not sell personal data to third parties and do not use it for advertising purposes.

7. International Transfers

Some of our processors are based outside the UK/EEA. Where data is transferred internationally, we ensure appropriate safeguards are in place (for example, the UK International Data Transfer Agreement or equivalent standard contractual clauses).

8. Your Rights

Under UK GDPR, you have the following rights:

  • The right to access the personal data we hold about you.
  • The right to rectification of inaccurate data.
  • The right to erasure (“right to be forgotten”) in certain circumstances.
  • The right to restrict processing.
  • The right to data portability.
  • The right to object to processing based on legitimate interests.
  • The right to lodge a complaint with the Information Commissioner's Office (ICO).

To exercise any of these rights, please contact us at the email address above. We will respond within one calendar month.

9. Security

We implement appropriate technical and organisational measures to protect personal data against accidental loss, destruction, alteration, disclosure, or unauthorised access.

10. Changes to This Policy

We may update this Privacy Policy from time to time. The “last updated” date at the top of this page indicates when the policy was last revised.