Privacy Policy
Last updated: 18 May 2026 ยท Effective immediately
Caveat: This Privacy Policy is provided for informational purposes and represents our current practices. It does not constitute legal advice. If you have specific questions about data protection in your jurisdiction, consult a qualified legal professional. Last reviewed by counsel: May 2026.
Encrypted in transit
TLS 1.3 ยท data never intercepted
Never sold
Your data is never sold to advertisers
GDPR aligned
Compliant with EU & UK data law
On-request deletion
We delete your data when you ask
General Policy
1. Information We Collect
When you contact us or engage our services we collect information you provide directly โ name, email address, company name, role, and the nature of your enquiry. We also collect certain technical data automatically: IP address, browser type, device identifiers, pages visited, and referring URLs. We do not collect payment card details directly; billing is handled by PCI-compliant processors.
2. How We Use Your Information
We use the information you provide to respond to enquiries, deliver the services you have engaged us for, send project-related communications, and โ where you have opted in โ share occasional firm updates. Technical data is used solely to understand aggregate website performance and to detect security issues. We do not sell, rent, or trade personal data with third parties for marketing purposes.
3. Legal Basis for Processing
Where applicable under the GDPR and similar frameworks, we process your data on the basis of: (a) your consent, where explicitly given; (b) the performance of a contract to which you are party; (c) our legitimate interests in operating and improving our services; or (d) compliance with a legal obligation. You may withdraw consent at any time without affecting the lawfulness of prior processing.
4. Data Retention
We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, or as required by law. Enquiry records are typically held for 24 months. Client project data is retained for the duration of the engagement and for a reasonable period thereafter for audit purposes. Technical logs are retained for up to 90 days and then deleted or anonymised.
5. Your Rights
Depending on your jurisdiction, you may have the right to access, rectify, or erase your personal data; to restrict or object to its processing; and to receive it in a portable format. You also have the right to lodge a complaint with a supervisory authority. To exercise any of these rights, write to privacy@mapleandchen.com. We will respond within 30 days.
6. Cookies and Tracking
We use a small number of cookies to ensure the website functions correctly and to understand aggregate visitor behaviour. We do not use advertising cookies or third-party tracking pixels. See our Cookie Policy for full details.
7. Security
We implement appropriate technical and organisational measures to protect personal data against unauthorised access, loss, or disclosure โ including encrypted data transmission (TLS), restricted access controls, and regular security reviews. We cannot guarantee absolute security, but we will notify affected individuals promptly in the event of a breach where required by law.
8. Third-Party Links
Our website may contain links to third-party sites. This policy does not apply to those sites. We encourage you to review the privacy policies of any external services you visit.
9. Changes to This Policy
We may update this policy from time to time. Material changes will be noted on this page with an updated effective date. Your continued use of our website after any change constitutes acceptance of the revised policy.
10. Contact
Questions about this policy or our data practices should be directed to: privacy@mapleandchen.com. You may also write to us at Maple & Chen Consulting, attn: Privacy.