Privacy Policy

Keep Capital ("we", "us", "our") operates the website at keepcapital.co.uk and provides structural capital architecture assessments and advisory services to UK-based business owners and families.

For the purposes of UK data protection law, including the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018, Keep Capital is the data controller in respect of personal data collected through this website.

If you have any questions about this policy or how we handle your data, you can contact us at: [email protected].

We collect the following categories of personal data:

Capital Audit submissions, when you complete the Capital Audit, we collect your responses to the audit questionnaire, including information about your business structure, asset values, income levels, and financial objectives. This data is used to generate your personalised audit results.

Contact and enquiry data, if you contact us directly (by email or via any contact form), we collect your name, email address, and the content of your message.

Usage and analytics data, we collect anonymised data about how visitors interact with this website, including pages visited, time on site, and referral source. This data does not identify you personally.

Cookies, we use essential cookies to ensure the website functions correctly. We do not use advertising or tracking cookies. See Section 8 for full cookie details.

We process your personal data on the following legal bases under UK GDPR Article 6:

Legitimate interests (Article 6(1)(f)), we process audit submission data and enquiry data to respond to your request, assess your structural position, and follow up where appropriate. Our legitimate interest is providing a high-quality advisory service to individuals who have actively sought our assessment.

Consent (Article 6(1)(a)), where we send you marketing communications or updates, we do so only with your explicit consent, which you may withdraw at any time.

Performance of a contract (Article 6(1)(b)), where you engage us for paid services (such as the Capital Architecture or Discovery Call), we process your data as necessary to deliver those services.

We do not process special category data (such as health data or political opinions) and we do not make automated decisions with legal or similarly significant effects.

We use the personal data we collect for the following purposes:

To generate and deliver your personalised Capital Audit results.

To follow up with you if your audit results indicate that a Discovery Call or further engagement may be appropriate.

To respond to enquiries you send us directly.

To improve the quality and accuracy of our audit tool and advisory materials.

To send you updates or communications about our services, where you have consented to receive them.

We do not sell, rent, or share your personal data with third parties for their own marketing purposes.

We share personal data only where necessary to deliver our services or comply with legal obligations:

Technology providers, we use third-party platforms to host this website and store data securely. These providers act as data processors on our behalf and are contractually bound to handle your data in accordance with UK GDPR.

Professional advisers, where you proceed to a paid engagement, relevant structural information may be shared with the specialist barristers, solicitors, or tax advisers involved in designing your structure. This is done only with your knowledge and for the purpose of delivering the service.

Legal compliance, we may disclose your data where required to do so by law, court order, or regulatory authority.

We do not transfer personal data outside the United Kingdom except where adequate protections are in place as required by UK GDPR.

We retain personal data only for as long as necessary for the purposes described in this policy:

Audit submission data, retained for up to 3 years from the date of submission, to allow for follow-up and to maintain records of structural assessments.

Enquiry and contact data, retained for up to 2 years from the date of last contact.

Paid engagement data, retained for up to 7 years from the end of the engagement, in line with standard accounting and legal record-keeping requirements.

After the relevant retention period, data is securely deleted or anonymised.

Under UK GDPR, you have the following rights in relation to your personal data:

Right of access, you may request a copy of the personal data we hold about you.

Right to rectification, you may ask us to correct inaccurate or incomplete data.

Right to erasure, you may ask us to delete your personal data in certain circumstances.

Right to restriction, you may ask us to restrict how we process your data in certain circumstances.

Right to data portability, where processing is based on consent or contract, you may request your data in a structured, machine-readable format.

Right to object, you may object to processing based on legitimate interests at any time.

Right to withdraw consent, where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of prior processing.

To exercise any of these rights, contact us at [email protected]. We will respond within one month. You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.

This website uses cookies to ensure it functions correctly. A cookie is a small text file placed on your device when you visit a website.

Essential cookies, these are necessary for the website to operate. They enable core functionality such as session management and security. You cannot opt out of essential cookies without disabling the website entirely.

Analytics cookies, we may use anonymised analytics to understand how visitors use this website. Where we do, no personally identifiable information is collected or stored.

We do not use advertising, retargeting, or third-party tracking cookies.

You can manage cookie preferences through your browser settings. Note that disabling certain cookies may affect how the website functions.

We take the security of your personal data seriously. We implement appropriate technical and organisational measures to protect your data against unauthorised access, loss, or disclosure.

These measures include encrypted data transmission (HTTPS), access controls, and regular review of our security practices.

No method of transmission over the internet is completely secure. While we take all reasonable steps to protect your data, we cannot guarantee absolute security.

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. When we make material changes, we will update the 'Last Updated' date at the top of this page.

We encourage you to review this policy periodically. Continued use of this website after changes are posted constitutes your acceptance of the updated policy.