Legal
Privacy Policy
This policy explains how Chartreuse AI handles personal data through this website and general business contact. It covers people who visit the site, get in touch with us, or whose information we hold in the course of running the business. Personal data handled inside the GAIA Impact Assessment Tool is covered by a separate policy provided to users of that service.
Chartreuse AI is the trading name of Chartreuse AI Ltd., a company registered in England and Wales under company number 16395691. Our registered details, including our registered office, are on the Companies House register. Chartreuse AI Ltd. is the controller for the personal data described here. Please address any questions to info@chartreuseanalysis.com.
Website enquiries and business contacts
When you contact us through the website or by email, or deal with us as a client, supplier, or prospective customer, we hold the information you give us. That normally means your name, role, organisation, email address, and the content of your message, along with a record of our exchange.
We use this to respond to you, to manage and develop the business relationship, and to keep records of what was agreed. Lawful basis: legitimate interests in running and developing our business, and, where we are entering into or performing a contract with you, contract. We keep it for as long as the relationship is active, and afterwards for as long as we need it to meet a legal, accounting, or contractual obligation.
Website operation and security
When you visit the website, some technical data is processed automatically so the site works and stays secure. This may include your IP address, browser and device information, and access timestamps. Lawful basis: legitimate interests in operating a secure and reliable website.
The site is hosted on Netlify, which also handles submissions from our contact form. We use only cookies that are strictly necessary for the operation and security of the website. We do not use analytics, advertising, or third-party tracking cookies, and our fonts are served from our own site rather than a third party.
Some pages link out to third-party services, such as our demo booking page on Google Calendar and our overview video on Loom. When you follow those links you are on the provider's own service, governed by their privacy terms rather than this policy.
Who we share personal data with
We share personal data only where needed to run the business: with our staff and contractors, with the technology providers that operate the website and our systems, and with professional advisers such as accountants, auditors, and lawyers. We also disclose personal data where the law requires it, or to establish, exercise, or defend legal claims. We do not sell personal data.
International transfers
We aim to keep processing within the UK and the European Economic Area. Some providers, including Netlify, may process personal data outside the UK or EEA, such as in the United States. Where they do, we rely on appropriate safeguards, such as an International Data Transfer Agreement or the UK Addendum to the EU Standard Contractual Clauses.
How long we keep personal data
We keep personal data only for as long as we need it for the purpose we collected it, and to meet our legal and accounting obligations. When we no longer need it, we delete it or anonymise it. Retention is reviewed periodically.
Automated decision-making
We do not use personal data to make automated decisions that produce legal or similarly significant effects about individuals.
Your rights
You have the rights under UK GDPR: access, rectification, erasure, restriction, objection, and portability. Not every right applies in every case, and we may decline a request where a legal exemption applies or where the request is unfounded or excessive; if we do, we explain why. Send requests to info@chartreuseanalysis.com and we respond within the statutory timescale.
Complaints
If you are unhappy with how we have handled your personal data, please contact us first at info@chartreuseanalysis.com so we can try to put it right. You also have the right to complain to the Information Commissioner's Office at ico.org.uk/make-a-complaint. If you are in the EEA, you may instead complain to your local supervisory authority.
Changes to this policy
We may update this policy from time to time. The current version is the one published on this page, and the date at the top shows when it last changed.