Privacy Policy
How Hirondelle & Co Ltd collects, uses, and protects your personal information when you visit hirondl.com or get in touch with us.
Last updated: 21 May 2026 · UK GDPR & Data Protection Act 2018
1. Who we are
This website is operated by Hirondelle & Co Ltd (trading as Hirondl & Co), a company registered in England & Wales under company number 09006684, with its registered office at 124 Wigmore Street, London W1U 3RY, United Kingdom.
For the purposes of UK GDPR and the Data Protection Act 2018, Hirondelle & Co Ltd is the data controller of personal information collected through this website.
If you have any questions about this policy or how we handle your information, please contact us at contact@hirondl.com.
2. The information we collect
We collect personal information directly from you when you choose to share it with us, and a limited amount of technical information automatically when you use our website.
Information you give us
- Contact and case study enquiries: name, work email, company, job title, and any message you choose to send.
- Booking a call: name, email, and any details you provide via OneCal when scheduling a meeting.
Information collected automatically
- Analytics data: if you accept analytics cookies, Google Analytics 4 records anonymised information about how you use the site, such as pages visited, approximate location (country/city level), device type, and referring source. Before you make a choice, and if you decline, Google Analytics runs in a cookieless mode (Google Consent Mode): it stores nothing on your device and does not identify you, sending only aggregated, anonymous signals so we can estimate overall site usage.
- Server logs: our hosting provider (Netlify) records standard request logs, including IP address and user-agent, for security and abuse prevention. These are retained for a short period and are not used for marketing.
We do not collect special category data (such as health, ethnicity, or political views), and we do not knowingly collect information from anyone under the age of 16.
3. How we use your information
We only use your personal information for the purposes set out below, and only where we have a lawful basis to do so under UK GDPR.
| Purpose | Lawful basis |
|---|---|
| Responding to enquiries you send via the contact form, case study form, or email | Legitimate interests (responding to a request you have made) |
| Scheduling and confirming meetings you book through OneCal | Performance of a contract / your request |
| Granting access to gated case study content you request | Legitimate interests (delivering the content you asked for) |
| Measuring website usage via Google Analytics cookies (after you accept) | Your consent (you may withdraw it at any time via the cookie banner) |
| Cookieless, aggregated measurement before or without consent (Google Consent Mode) | Legitimate interests (estimating overall site usage without setting cookies or identifying you) |
| Maintaining client records and complying with legal, tax and accounting obligations | Legal obligation |
| Protecting the website from abuse and securing our systems | Legitimate interests (network and information security) |
We do not sell your personal information, and we do not send unsolicited marketing communications. We will not use information you submit to enquire about our services for any unrelated marketing without first asking you.
4. Cookies and similar technologies
A cookie is a small text file stored on your device by your browser. We use the smallest possible number of cookies and only set non-essential cookies after you give consent through our cookie banner.
Our analytics uses Google Consent Mode. The Google Analytics tag loads on every visit, but until you accept it stays cookieless: it sets no cookies, stores nothing on your device, and sends only anonymous, aggregated signals (with no identifiers) that let us estimate overall visitor numbers. The analytics cookies listed below are only ever set after you click Accept; if you decline, analytics remains in this cookieless mode.
| Cookie / storage | Purpose | Type |
|---|---|---|
hirondl-cookie-consent (localStorage) | Remembers your cookie choice so we don't ask you again on every visit | Strictly necessary |
Google Analytics (_ga, _ga_*) | Anonymised website analytics, only set if you click Accept | Analytics (consent-based) |
You can change your cookie preferences at any time by clicking the button below. You can also clear cookies through your browser settings.
Embedded services such as OneCal (when you book a call) and HubSpot (when you submit a case study form) may set their own cookies once you actively interact with them. Please refer to their privacy policies for further details.
5. Who we share your information with
We share your information only with carefully selected service providers who help us run our website and respond to you. They process information on our instructions and under written data-processing agreements.
- Netlify, website hosting and request logs.
- Google Analytics (Google Ireland Ltd / Google LLC), anonymised website analytics: cookie-based measurement only with your consent, and cookieless, aggregated measurement (Google Consent Mode) otherwise.
- HubSpot, handles case study form submissions and stores contact details so we can respond.
- OneCal, handles meeting bookings and the information you provide when scheduling.
- Microsoft 365, our business email provider, used to communicate with you.
In addition, our site loads typefaces, JavaScript libraries, and images from established third-party content delivery networks. These providers receive the visitor's IP address as part of the standard HTTP request when assets are loaded:
- Google Fonts (Google Ireland Ltd / Google LLC), serves the website typeface.
- jsDelivr, unpkg, and Cloudflare CDN, serve standard JavaScript libraries (Chart.js, Leaflet, and similar).
- Unsplash, serves cover photography on case-study cards.
- Google favicon service, serves the small logos on the homepage "Trusted by" strip.
We may also disclose your information where required to do so by law, by a court order, or to protect our legal rights.
6. Personalised outreach links (magic links)
When a member of the Hirondl team sends you a personalised link to a specific case study or page on this website, that link contains a signed token that identifies you to us when you open it.
What we collect: your name and email address (which you have provided to us, or which our team member has otherwise lawfully obtained), the URL you opened, the date and time you opened it, and your IP address at the moment of opening.
Why we collect it: to evaluate engagement with outreach we have directly sent and to keep an internal record of which prospective clients have seen which content. We do not use this data to build advertising profiles or share it with third parties for marketing.
Lawful basis: legitimate interest under Article 6(1)(f) of the UK GDPR. We have weighed our interest in measuring outreach effectiveness against your reasonable expectation of privacy, and consider this proportionate given that the link is sent to you directly by a known member of the Hirondl team.
Retention: open events are retained for 24 months from the date of the open and then deleted.
Your rights: you can ask us to delete the record of your opens at any time, or to stop sending you tracked links going forward, by emailing contact@hirondl.com. The page itself remains accessible after deletion; only the record of your opens is removed.
If you have received a tracked link and prefer not to open a tracked URL, you can navigate to the same case study directly from our case studies index. You will be asked to complete a short contact form to access the content, the same as any other visitor.
7. International transfers
Some of our service providers are based outside the UK, including in the European Economic Area and the United States. Where personal data is transferred outside the UK, we rely on appropriate safeguards recognised under UK GDPR, such as the UK International Data Transfer Agreement, the UK Addendum to the EU Standard Contractual Clauses, or the UK Extension to the EU-US Data Privacy Framework.
8. How long we keep your information
- Enquiry and case study form submissions: up to 24 months from your last interaction with us, unless you become a client.
- Client records and correspondence: up to 7 years from the end of the engagement, in line with our legal, tax and professional obligations.
- Analytics data: retained by Google Analytics for 14 months, after which it is automatically deleted.
- Server logs: retained by our hosting provider for a short period for security purposes only.
You can ask us to delete your information at any time, subject to any legal retention obligations we are required to meet.
9. How we protect your information
We use HTTPS across the entire site, modern security headers (HSTS, CSP, X-Frame-Options), and reputable hosting and CRM providers with their own security certifications. Access to personal information inside Hirondl is restricted to staff who genuinely need it to do their job.
10. Your rights under UK GDPR
You have the following rights in relation to the personal information we hold about you:
- Access, ask for a copy of the personal information we hold about you.
- Rectification, ask us to correct information that is inaccurate or incomplete.
- Erasure, ask us to delete your information where we no longer need it.
- Restriction, ask us to limit how we use your information in certain circumstances.
- Portability, ask to receive your information in a structured, machine-readable format.
- Objection, object to processing based on our legitimate interests.
- Withdraw consent, where we rely on consent (such as for analytics cookies), you can withdraw it at any time without affecting prior processing.
To exercise any of these rights, please email contact@hirondl.com. We will respond within one month of receiving a valid request.
11. Complaints
If you are unhappy with how we have handled your personal information, please contact us first so we can try to put things right. You also have the right to complain to the UK's data protection regulator:
Information Commissioner's Office (ICO)
Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF
Helpline: 0303 123 1113
Website: ico.org.uk
12. Changes to this policy
We may update this Privacy Policy from time to time to reflect changes in our practices or in the law. The "Last updated" date at the top of this page will tell you when the policy was last revised. We encourage you to review it periodically.