Privacy notice
Last Updated: 26 March 2026
Contents
About this privacy notice
This privacy notice explains how Applied Incantations Ltd ("we", "us", "our") collects, uses, and protects personal data we process in the course of our business, whether through our website, our products, or our services.
We process personal data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018 (DPA 2018).
How this notice applies to you
To make this notice easier to navigate, we have structured it based on your relationship with us:
| Relationship Type | Categories of personal data | Processing Context | Lawful Basis |
|---|---|---|---|
| Service user | Identity (name, job title), contact details (email, phone, address), usage information (IP address, browser type, device information, pages visited, interaction data), information shared in correspondence (enquiry details). | Using our software tools or professional services. Note: We do not process personal data for current public tools (Eur-Lex LegDiff, Enchanttments), but may receive data as part of support requests. | Legitimate interests |
| Site visitor | Technical and usage information (IP address, browser type, device information, pages visited, interaction data). | Browsing appliedincantations.com. Improving user experience and site security. | Legitimate Interests (Essential) / Consent (Tracking) |
| Subscriber | Identity (name), contact (email), preference (subscription choices). | Subscription to our newsletter or other direct updates and communications. | Consent |
| Lead | Identity (name), contact (email, phone), professional (company, role), enquiry (details of interest). | Expressing interest in our services; responding to sales and professional enquiries. | Legitimate Interests / Consent |
| Contact | Identity (name), contact (email, phone, address), professional (company, job title), correspondence (professional records). | Business relationship management and professional correspondence with partners and suppliers. | Legitimate Interests |
How we obtain the personal data
In the vast majority of cases, we obtain the personal data we process directly from the data subjects concerned. On occasion, we may receive personal data indirectly (for example, from our clients in relation to other individuals they are dealing with). In such cases, we process the data only as necessary for the professional services we provide and handle any specific notifications on a case-by-case basis.
Automated decision-making
We do not use automated decision-making or profiling in the course of our business.
Necessity of providing personal data
There are currently no statutory or contractual requirements for you to provide us with personal data. However, if you choose not to provide certain information (such as your contact details), we may not be able to respond to your enquiries, provide you with our newsletter, or deliver our services.
Other recipients of the personal data
We do not sell your personal data. We share it only with trusted categories of recipients necessary to operate our business and provide our services:
- Cloud infrastructure and hosting providers (to host and power our website and software tools).
- Contact management, CRM, and subscription system providers (to manage our communications and newsletter).
- Professional advisors (including accountants and legal counsel).
- Potential investors or acquirers (where we share data as part of a due diligence and/or transaction execution process for investment in or sale of our business).
- Regulatory authorities (where we are under a legal obligation to disclose information).
International transfers of personal data
We primarily store and process your data within the United Kingdom and the European Economic Area. Where we transfer data outside the UK (for example, to a service provider based in the US), we ensure appropriate safeguards are in place.
You can contact us using the details below to obtain further information on these transfers and a copy of the specific safeguards used where the transfer is not made on the basis of an adequacy decision.
Retention of personal data
We retain your personal data only for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
The criteria we use to determine our retention periods include current statutory limitation periods, the duration of our business relationship with you, and any specific requirements for financial record keeping.
Security
We have appropriate security measures to prevent personal data from being accidentally lost, used, or accessed in an unauthorised way.
Your rights and choices
Under the UK GDPR, you have several rights, including the right to access your personal data, to have it rectified or erased, and to restrict or port your data.
- The right to access your personal data.
- The right to rectification of inaccurate data.
- The right to erasure (the "right to be forgotten").
- The right to restrict processing.
- The right to data portability.
- The right to withdraw consent at any time (by contacting us at the address below).
The right to object: You have the right to object to the processing of your personal data for direct marketing purposes. You can also object in other specific circumstances (such as where we rely on legitimate interests) as set out in the UK GDPR.
Changes to this notice
We may update this privacy notice from time to time. The date of the most recent revision will be displayed at the top of this page. We encourage you to check this page periodically for any changes.
Contact us
For any privacy-related enquiries, please contact us at:
Email: privacy@appliedincantations.com
Applied Incantations Ltd
3rd Floor, 86-90 Paul Street
London EC2A 4NA
You also have the right to make a complaint at any time to the Information Commissioner's Office ("ICO"), the UK regulator for data protection issues (ico.org.uk).