Beige&Co

Privacy notice

How we handle your data.

This notice covers personal data collected through this website. Data processed in the course of an engagement is governed separately by the terms agreed with the relevant client.

Who we are

The controller of personal data collected through this website is Beige Companies Ltd, a private limited company registered in England and Wales (company number 16424615), trading as Beige & Co. References to "we", "us" and "our" in this notice are to Beige Companies Ltd in that capacity.

The data we collect

Two categories of personal data are collected through this website:

  • Information you provide — name, email address, organisation, role, and the contents of any message you send through the contact form.
  • Technical information — IP address, device type, browser, language settings, and the pages you view. Collected automatically by our hosting infrastructure for security and operational purposes.

We do not use behavioural advertising trackers or third-party analytics that profile visitors. We do not place non-essential cookies.

Why we use your data

  • To respond to enquiries.
  • To maintain a record of correspondence with external parties for legal and regulatory reasons.
  • To operate, secure, and audit the website.

Lawful basis

We rely on the following lawful bases under the UK GDPR and, where they apply, the EU GDPR and the Swiss Federal Act on Data Protection (FADP):

  • Legitimate interests — for replying to correspondence, keeping records of communications, and operating the website.
  • Legal obligation — where retention or disclosure is required to comply with a legal duty in any jurisdiction to which the practice is subject.

Where we rely on legitimate interests we have undertaken a balancing assessment. A summary is available on request.

Who we share data with

  • Service providers who host the website or process correspondence on our behalf, under written processor terms.
  • Regulators, courts, and other public authorities, where required by law.
  • External advisors instructed in connection with a matter, under appropriate confidentiality terms.

We do not sell personal data and do not share it for the marketing purposes of any third party.

International transfers

Personal data is processed in the United Kingdom, the European Economic Area, and Switzerland. Where data is transferred outside any of those areas we rely on an appropriate transfer mechanism: an adequacy regulation or decision (UK, EU Commission, or Swiss FDPIC, as applicable), the UK International Data Transfer Agreement, the EU Standard Contractual Clauses (including the UK Addendum where relevant), or the FDPIC-recognised transfer instruments for transfers concerning Swiss data subjects.

How long we keep data

Personal data is retained only for as long as necessary for the purpose for which it was collected. Correspondence with external parties is kept for a period reflecting the limitation periods that may apply, after which it is deleted or anonymised. Server logs are kept for a short rolling window for security purposes only.

Your rights

Subject to the conditions in the UK GDPR (and, where they apply, the EU GDPR and the Swiss FADP), you have the right to:

  • Access the personal data we hold about you.
  • Have inaccurate data rectified.
  • Request erasure in certain circumstances.
  • Restrict processing in certain circumstances.
  • Object to processing carried out on the basis of legitimate interests.
  • Receive a portable copy of data you have provided.
  • Lodge a complaint with the supervisory authority of your jurisdiction: the UK Information Commissioner's Office (ico.org.uk), the supervisory authority of your EU member state of residence (a list is maintained by the European Data Protection Board at edpb.europa.eu), or the Swiss Federal Data Protection and Information Commissioner (edoeb.admin.ch).

To exercise any of these rights, write to us through the contact page. Tell us clearly which right you are exercising and provide enough information for us to identify your records.

Security

We use standard technical and organisational measures to protect personal data, including TLS encryption in transit, access controls, and regular review of our hosting and processor arrangements. No method of transmission over the internet is fully secure, and absolute security cannot be guaranteed.

Changes to this notice

This notice may be updated from time to time. The version in force at any time is the version published on this page. The date below shows the most recent review.

Contact

For any question about this notice or about the personal data we hold, write to us through the contact page, marking your message Privacy: Beige & Co website.

Last reviewed: May 2026.

← Return to the practice