Privacy Policy

1. Data Controller

Disintermediate Ltd (company number 13799566, registered in England and Wales) is the data controller for personal data collected through this website and The GPU newsletter. We are registered with the Information Commissioner's Office (ICO) under reference ZB365083. Contact: ben@disintermediate.global.

2. What Data We Collect

We collect the following personal data:

Contact form submissions: name, email address, company name, job title, role/sector, enquiry type, and message content.

Newsletter subscriptions: email address, name (if provided), and any custom field data you provide (company, role, interests).

Newsletter engagement: open rates, click-through rates, and engagement metrics collected by Beehiiv in the course of delivering the newsletter.

Website analytics: anonymised usage data collected by Vercel Analytics, including page views, referral source, and device type. We do not use cookies for tracking.

3. How We Use Your Data

We use your personal data for the following purposes:

To deliver advisory services: processing enquiries, managing client relationships via Attio CRM, and communicating about engagements.

To deliver The GPU newsletter: sending weekly briefings, measuring engagement, and improving content quality.

To improve our services: understanding our audience, analysing engagement patterns, and refining our intelligence products.

We do not sell, rent, or share your personal data with third parties for their marketing purposes.

4. Legal Basis for Processing

Under the UK GDPR, we process your personal data on the following legal bases:

Consent: when you subscribe to The GPU newsletter or submit a contact form with the newsletter subscription checkbox enabled.

Legitimate interests: to respond to enquiries, manage client relationships, and improve our services.

Contract performance: to deliver advisory services under an engagement agreement.

5. Newsletter Subscription and Consent

When you submit the contact form on this website, the newsletter subscription checkbox is pre-selected. You may deselect it before submitting if you do not wish to receive The GPU newsletter. You can unsubscribe from The GPU at any time by clicking the unsubscribe link in any newsletter email.

Your newsletter subscription is managed by Beehiiv. By subscribing, you also agree to Beehiiv's terms and privacy policy.

6. Third-Party Processors

We use the following third-party services to process your data:

Beehiiv (USA) - newsletter delivery and subscriber management. Data processed: email, name, custom fields, engagement data.

Attio (UK/EU) - CRM and contact management. Data processed: name, email, company, job title, enquiry details.

Vercel (USA) - website hosting and analytics. Data processed: anonymised usage data.

Supabase (USA) - database hosting. Data processed: market intelligence data (not personal data). Transfer mechanism: Standard Contractual Clauses.

Zapier (USA) - workflow automation connecting our tools. Data processed: contact form submissions routed between services. Transfer mechanism: Standard Contractual Clauses and EU-US Data Privacy Framework.

Stripe (USA) - payment processing. Data processed: name, email, payment method details, invoice data. Transfer mechanism: Standard Contractual Clauses, EU-US Data Privacy Framework, and UK International Data Transfer Addendum.

Xero (Australia/UK) - accounting and invoicing. Data processed: name, email, company, invoice and payment data. Transfer mechanism: UK International Data Transfer Agreement and Standard Contractual Clauses.

Google Workspace (USA) - email, calendar, and document management. Data processed: name, email, message content, calendar events. Transfer mechanism: Standard Contractual Clauses and EU-US Data Privacy Framework.

Where data is transferred outside the UK, appropriate safeguards are in place including Standard Contractual Clauses (SCCs), the UK International Data Transfer Agreement (IDTA), and/or the EU-US Data Privacy Framework as applicable.

7. Social Media and External Links

This website contains links to third-party platforms, including our LinkedIn company page and personal LinkedIn profiles. When you click these links, you leave our website and are subject to the privacy policies and terms of those platforms. We do not collect, store, or process any data from LinkedIn or other social media platforms.

We do not use LinkedIn APIs to scrape, harvest, or otherwise collect LinkedIn member data. We do not use LinkedIn tracking pixels, social plugins, or embedded widgets on this website. Our use of LinkedIn is limited to maintaining a company page and sharing content in accordance with LinkedIn's Pages Terms and User Agreement.

If you interact with our content on LinkedIn (e.g. by following our company page, liking, or commenting), that data is governed by LinkedIn's own Privacy Policy. We may receive aggregated, anonymised analytics from LinkedIn about page followers and post engagement, but this data does not identify individuals.

8. Data Retention

Newsletter subscribers: we retain your data for as long as you remain subscribed. Upon unsubscribing, your data is retained in anonymised form for analytics purposes.

Contact form submissions: we retain enquiry data for up to 3 years to manage client relationships and for legitimate business purposes.

Advisory clients: engagement records are retained for 7 years in accordance with UK regulatory requirements.

9. Your Rights

Under the UK GDPR, you have the right to: access the personal data we hold about you; rectify inaccurate data; erase your data (subject to legal retention requirements); restrict processing; data portability; object to processing based on legitimate interests; and withdraw consent at any time.

To exercise any of these rights, contact us at ben@disintermediate.global. We will respond within 30 days.

You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.

10. Cookies

This website does not use tracking cookies. We use only essential cookies required for website functionality. No third-party advertising or tracking cookies are placed.

11. Data Breach Notification

In the event of a personal data breach that poses a risk to the rights and freedoms of individuals, we will notify the Information Commissioner's Office within 72 hours of becoming aware of the breach, as required by UK GDPR Article 33. Where a breach is likely to result in a high risk to your rights and freedoms, we will also notify affected individuals without undue delay.

12. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via our newsletter or website. The date at the top of this page indicates when the policy was last updated.

13. Contact

For privacy-related enquiries, contact:
Ben Baldieri
Disintermediate Ltd
ben@disintermediate.global