Privacy Policy.

This is the privacy policy of Remiam Limited ("Remiam", "we", "us", "our"), a company registered in England & Wales under company number 10829191. We act as the data controller for the personal data described in this policy.

You can contact us at any time about your data at contact@remiam.co.uk or 020 3627 0613.

We try to collect as little as we can get away with. The personal data Remiam processes falls into four buckets:

• Enquiry data — name, company, email and the message you send when you contact us through the contact form, by email, or by phone. Used to reply to your enquiry and (if relevant) start a working relationship.
• Client / project data — names, emails, and the operational data needed to deliver a project under contract. Used to deliver the work, manage the relationship, and meet our legal and tax obligations.
• Site analytics — anonymised usage data (pages visited, approximate region, device type) gathered through Google Analytics 4 (via Google Tag Manager) only if you accept analytics cookies. IP addresses are anonymised by GA4 by default. No cookies, no analytics requests, no data sharing with Google happen before you opt in.
• Cookies — strictly-necessary cookies only by default. Analytics and marketing cookies are off until you explicitly opt in via the consent banner. We don't use third-party advertising cookies, fingerprinting, or cross-site tracking.

Three categories, only one of which is set without your permission:

• Strictly necessary — required for the site to function (session storage for your consent decision, the honey-pot for contact-form spam protection, hCaptcha to prevent automated submissions). Always on; not blockable.
• Analytics — Google Analytics 4 served through Google Tag Manager (container GTM-NQJNGBKS). When enabled, sets _ga and _ga_* cookies (~13 months) measuring page views, sessions, approximate country/region, device type. IP addresses are anonymised. Off by default in the UK and EEA.
• Marketing — reserved for any future advertising-measurement cookies. None are set today. Off by default.

We use Google's Consent Mode v2: until you accept, all advertising and analytics signals stay denied at the GTM layer, so Google receives no measurement requests for you. You can change your decision at any time via the Manage cookies link in the footer.

• Legitimate interest — replying to your enquiries and operating our site. We balance our interests against yours, and you can object at any time.
• Contract — delivering paid work under signed agreement.
• Legal obligation — meeting our tax, accounting and statutory record-keeping duties as a UK limited company.
• Consent — only where you've explicitly opted in (for example, replying to subscribe to anything we ask permission for).

• Enquiries — kept up to 24 months from the last interaction, then deleted.
• Client & project data — kept for the life of the project and then up to 7 years to meet HMRC and statutory record-keeping requirements.
• Site analytics — aggregated and anonymised; raw events expire within 26 months.
• Backups — encrypted backups roll on a 90-day cycle, so deletions propagate within that window.

We don't sell your data. We share it only with:

• Infrastructure providers we rely on to operate the studio — hosting, email, payments — all under data-processing agreements.
• Google (Tag Manager + Analytics 4) for anonymised site measurement, only if you accept analytics cookies. Data is processed by Google Ireland Limited; transfers to Google LLC in the US are governed by the EU-US Data Privacy Framework and SCCs.
• Web3Forms + hCaptcha on the contact form, to deliver enquiries and prevent spam.
• Our accountants and HMRC, to meet UK statutory obligations.
• Anyone you explicitly ask us to share with, or where we are legally required to.

Some of our infrastructure providers are based outside the UK. Where data leaves the UK, we rely on UK-approved transfer mechanisms (UK Addendum to the EU SCCs, or an adequacy decision).

Under UK GDPR you have the right to:

• Access the personal data we hold about you.
• Correct anything inaccurate or incomplete.
• Have your personal data deleted, in line with the retention limits above.
• Restrict or object to how we process your data.
• Receive your data in a portable format.
• Withdraw consent at any time where we relied on consent in the first place.
• Complain to the Information Commissioner's Office (the ICO) at ico.org.uk if we get it wrong.

To exercise any of these, email contact@remiam.co.uk. We aim to respond within one working day and to resolve the request within 30 days at the absolute latest.

We use industry-standard security controls: TLS everywhere, encrypted-at-rest storage, multi-factor authentication, least-privilege access, and regular review. No system is perfectly secure; if a breach affects you, we'll tell you and the ICO within 72 hours of becoming aware, as the law requires.

We don't knowingly collect personal data from anyone under 16. If we discover that we have, we will delete it.

We may update this page as Remiam grows. Significant changes will be flagged via the "Last updated" date at the top, and — where the change is material — via an in-page note for at least 30 days.

Any questions about this policy or about your data:

• Email — contact@remiam.co.uk
• Phone — 020 3627 0613
• Post — Remiam Limited, United Kingdom

You're also welcome to use the contact page: /contact.