Privacy Policy

Last updated: 17 April 2026

Introduction

Mystic Claim Limited ("we", "our", or "us") respects your privacy and is committed to protecting your personal data. This privacy policy explains how we collect, use, disclose, and safeguard your information when you visit our website or engage our services.

This policy applies to information we collect through our website, during business communications, and in the course of providing consulting services to our clients.

Information We Collect

We collect several types of information depending on how you interact with us:

Information You Provide Directly

  • Contact details such as name, job title, company name, email address, and postal address when you enquire about our services
  • Communication content when you correspond with us via email or other channels
  • Business information you share during consultations or project work
  • Feedback and survey responses if you choose to provide them

Information Collected Automatically

  • Technical data including IP address, browser type, operating system, and device information
  • Usage data such as pages visited, time spent on pages, and navigation paths through our website
  • Cookie data as described in our Cookies Policy

Information from Third Parties

  • Professional contact information from publicly available sources or business directories
  • Information from your organisation when they engage us for consulting services

How We Use Your Information

We use the information we collect for the following purposes:

Service Delivery

  • Responding to your enquiries and providing information about our services
  • Delivering consulting services as agreed in our engagement contracts
  • Communicating with you about active projects and engagements
  • Providing customer support and addressing your requests

Business Operations

  • Managing our relationship with clients and maintaining accurate records
  • Processing payments and maintaining financial records
  • Improving our services and developing new offerings
  • Conducting internal research and analysis

Legal and Compliance

  • Complying with legal obligations and regulatory requirements
  • Protecting our legal rights and interests
  • Preventing fraud and ensuring website security
  • Maintaining professional indemnity insurance

Marketing Communications

  • Sending relevant information about our services where we have appropriate consent or legitimate interest
  • Inviting you to events or webinars that may interest you
  • Sharing industry insights and thought leadership content

Legal Basis for Processing

Under UK GDPR, we process your personal data based on one or more of the following legal grounds:

  • Contractual necessity: Processing is necessary to perform our contract with you or your organisation
  • Legitimate interests: We have legitimate business interests in processing your data, such as improving our services or marketing to potential clients
  • Legal obligation: Processing is required to comply with legal or regulatory requirements
  • Consent: You have given clear consent for us to process your data for specific purposes

Data Sharing and Disclosure

We do not sell your personal data. We may share your information with the following categories of recipients:

Service Providers

We engage third-party companies to perform functions on our behalf, including:

  • IT infrastructure and hosting providers
  • Email delivery and communication platforms
  • Professional advisors including lawyers, accountants, and insurers
  • Payment processors for financial transactions

Business Transfers

If we merge with, are acquired by, or sell assets to another company, your information may be transferred as part of that transaction. We will notify you of any such change in ownership or control of your personal information.

Legal Requirements

We may disclose your information when required by law, court order, or governmental authority, or when we believe disclosure is necessary to protect our rights, your safety, or the safety of others.

International Data Transfers

Your information is primarily processed and stored within the United Kingdom. If we transfer data outside the UK or European Economic Area, we ensure appropriate safeguards are in place, such as:

  • Standard contractual clauses approved by the UK Information Commissioner's Office
  • Transfers to countries with adequacy decisions
  • Other legally approved transfer mechanisms

Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes outlined in this policy, unless a longer retention period is required by law.

  • Enquiry data: Retained for up to two years after last contact
  • Client data: Retained for seven years after project completion to meet professional and legal obligations
  • Marketing data: Retained until you opt out or for three years since last engagement
  • Website analytics: Typically retained for up to twenty-six months

Your Rights

Under data protection law, you have the following rights regarding your personal information:

  • Right to access: Request a copy of the personal data we hold about you
  • Right to rectification: Ask us to correct inaccurate or incomplete information
  • Right to erasure: Request deletion of your data in certain circumstances
  • Right to restrict processing: Ask us to limit how we use your data
  • Right to data portability: Receive your data in a structured, commonly used format
  • Right to object: Object to processing based on legitimate interests or for direct marketing
  • Right to withdraw consent: Withdraw consent where processing is based on consent

To exercise any of these rights, please contact us using the details provided at the end of this policy. We will respond to your request within one month.

Data Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. These measures include:

  • Encryption of data in transit and at rest
  • Regular security assessments and penetration testing
  • Access controls limiting who can view personal data
  • Employee training on data protection and security
  • Secure backup and disaster recovery procedures

While we strive to protect your personal information, no method of transmission or storage is completely secure. We cannot guarantee absolute security of your data.

Children's Privacy

Our services are directed at business users and we do not knowingly collect information from individuals under the age of sixteen. If we become aware that we have collected data from someone under sixteen without parental consent, we will take steps to delete that information.

Changes to This Policy

We may update this privacy policy from time to time to reflect changes in our practices or legal requirements. We will post any updates on this page and update the "Last updated" date. For material changes, we may provide additional notice such as email notification.

We encourage you to review this policy periodically to stay informed about how we protect your information.

Contact Information

If you have questions about this privacy policy or wish to exercise your data protection rights, please contact us:

Data Protection Contact
Mystic Claim Limited
42 Threadneedle Street
London EC2R 8AY
United Kingdom
Email: [email protected]

You also have the right to lodge a complaint with the Information Commissioner's Office (ICO), the UK supervisory authority for data protection issues:

Information Commissioner's Office
Wycliffe House, Water Lane
Wilmslow, Cheshire SK9 5AF
Website: mystic-claim.com