Tomtit Capital Ltd is the data controller for personal information collected through this website and our services. Our appointed data protection contact is Mark Synytsia, reachable at mark@tomtitcapital.com.
Last updated: January 2025. This policy explains how Tomtit Capital collects, uses, and protects your personal information in compliance with UK GDPR and the Data Protection Act 2018.
Tomtit Capital Ltd is the data controller for personal information collected through this website and our services. Our appointed data protection contact is Mark Synytsia, reachable at mark@tomtitcapital.com.
Information you provide directly: When you submit a contact form, job application, or enquiry, we collect the information you choose to share — typically your name, email address, and the content of your message or application.
Technical data: Our web server collects standard log data including your IP address, browser type, pages visited, and the time and date of your visit. This data is used solely for security and operational purposes.
Cookies: We use only essential cookies required for the website to function. We do not use tracking, analytics, or advertising cookies. You may decline non-essential cookies and continue to use this website without restriction.
We use your personal information only for the purpose for which it was provided: to respond to your enquiry, process your application, or manage our business relationship with you. We do not sell, rent, or share your personal data with third parties for marketing purposes.
Our legal basis for processing is legitimate interests (responding to enquiries, operating this website) and contract performance (processing applications and service agreements).
General enquiry data is retained for 12 months. Job application data is retained for 6 months unless you are hired. Client data is retained for the duration of our relationship plus 7 years as required by financial regulation.
We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. This website is served over HTTPS. We do not store payment card data.
We use Cloudflare services for DDoS protection and web application firewall capabilities. Cloudflare may process connection metadata (IP addresses, request headers) in accordance with their own privacy policy.
Under UK GDPR you have the right to: access your personal data; correct inaccurate data; request deletion of your data; object to or restrict processing; and data portability. To exercise any of these rights, contact mark@tomtitcapital.com. You may also lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.
We may update this policy from time to time. Material changes will be noted at the top of this page with an updated date. Continued use of this website after changes are posted constitutes acceptance of the revised policy.