This Privacy Policy describes how Spectra Acquisition Ltd. (“Spectra,” “we”) processes personal data collected through spectraacquisition.com, our marketing operations, and our client engagements. For our website visitors, newsletter subscribers, and prospective clients we act as data controller. For personal data we process on behalf of a client during an active engagement we act as data processor; that processing is governed by our Data Processing Agreement.
Registered address: Kington, London, United Kingdom. US office: Dover, Delaware. Contact the privacy team at info@spectraacquisition.com.
| Category | Purpose | Legal basis |
|---|---|---|
| Contact details (name, work email, company, role) | Responding to enquiries, scheduling calls, sending briefs | Legitimate interest · contract performance |
| Business context (revenue band, meeting volume, timeline) | Qualifying fit and tailoring our response | Legitimate interest |
| Technical data (IP, device, referrer, pages viewed) | Website analytics, security, debugging | Legitimate interest · consent (where required) |
| Marketing data (opens, clicks, replies on our newsletter) | Measuring and improving our own outbound | Consent · legitimate interest (B2B, opt-out always) |
We use a minimal set of cookies and equivalent browser storage — strictly necessary cookies for the site to function, and privacy-respecting analytics to measure traffic in aggregate. We do not run third-party advertising pixels on spectraacquisition.com. A cookie banner is shown where consent is required.
We share personal data only with vetted sub-processors listed at /legal/sub-processors, and with regulators, auditors, or courts where required by law. We do not sell personal data. We do not share data with third-party advertisers.
Some of our sub-processors are located in the United States. Where personal data of UK or EEA residents is transferred, we rely on Standard Contractual Clauses and the UK International Data Transfer Addendum, together with supplementary technical measures (encryption in transit and at rest, access controls).
Under UK GDPR, EU GDPR, and CCPA/CPRA you have the right to access, correct, delete, port, restrict, or object to our processing of your personal data, and to withdraw consent where it is our legal basis. To exercise any of these rights, email info@spectraacquisition.com. We will respond within 30 days. If you believe we have handled your data unlawfully, you may complain to the UK Information Commissioner's Office (ico.org.uk) or your local supervisory authority.
We operate a defence-in-depth programme: TLS in transit, encryption at rest on managed platforms, role-based access controls, MFA on all operator accounts, least-privilege sub-processor access, and a documented incident response plan. Breaches affecting personal data are notified to affected parties and regulators within 72 hours where required by law.
We may update this Policy periodically. Material changes will be flagged on this page with the new effective date. Continued use of the site after the effective date constitutes acceptance of the revised Policy.