Legal
Privacy notice
Last updated: 20 June 2026
This notice explains how Cortel Ltd (“Cortel”, “we”, “us”) collects and uses personal data, and the rights you have over it. It covers people who visit our website or get in touch, and business contacts we approach about our service. We collect some business contact details from public sources, so this notice also explains where that data comes from.
Who we are
Cortel Ltd is the data controller responsible for your personal data. We are a company registered in England and Wales, company number 17198012, and our registered office is Suite RA01, 195-197 Wood Street, London, E17 3NU. We are registered with the Information Commissioner’s Office (ICO), registration reference ZC151430.
Cortel helps UK small businesses find and automate repetitive admin work. If you have any questions about this notice, or about how we handle your data, email us at hello@cortel.io.
The personal data we collect
Depending on how you come into contact with us, we may hold the following kinds of personal data:
- Contact and enquiry details: your name, business email address, job title, the name of the business you work for, and anything you choose to tell us in a form, email, booking note, or call.
- Resource and email sign-up details: when you download a checklist or other resource, we receive the name and email address you enter. If you tick the optional box to receive our follow-up emails, we record that consent so we can send them and so you can unsubscribe.
- Booking details: when you book a call or audit through our scheduling links, we receive the information you enter, such as your name, email address, and any notes.
- Business contact details for outreach: where we contact a business we think our service is relevant to, we may hold a named contact’s business email address, job title, and the name and public details of their employer.
- Website usage data: anonymous, aggregated statistics about how people use our site. Our analytics tool is cookieless and does not identify you.
We do not seek out special category data (such as health, ethnicity, or political views), and we ask that you do not send it to us.
Where we get your data
We get personal data from two main places:
- Directly from you: when you fill in a form, book a call, reply to an email, or speak with us.
- From public sources: when we identify a business that may benefit from our service, we may collect a named contact’s business details from publicly available sources. These sources include Companies House (the UK’s public register of companies) and publicly accessible business websites and professional listings.
Where we obtain your details from a public source rather than from you, the data we collect is limited to business contact information: your name, job title, business email address, and your employer’s name and public business details. We will tell you that we hold your data the first time we contact you.
Why we use your data, and our lawful basis
We only use your personal data where the law allows. The reasons we use it, and the lawful basis under UK GDPR for each, are set out below.
- To respond to your enquiry and provide our services. Lawful basis: our legitimate interests in replying to people who contact us, and, where you become a client, performance of our contract with you.
- To send you the short series of follow-up emails you ask for when you download a resource and tick the consent box. Lawful basis: your consent, which you can withdraw at any time using the unsubscribe link in any email or by emailing us.
- To send a small number of relevant, business-to-business messages introducing our service. Lawful basis: our legitimate interests in promoting our business to other businesses that are likely to find our service relevant to their work.
- To run and improve our website using cookieless analytics. Lawful basis: our legitimate interests in understanding how our site is used.
- To meet our legal, tax, and accounting obligations. Lawful basis: compliance with a legal obligation.
Where the law requires consent rather than legitimate interests, for example if we were to market to an individual or a sole trader in their personal capacity, we will ask for your consent first, and you can withdraw it at any time.
Our legitimate interests for business outreach
Because we rely on legitimate interests for our business-to-business outreach, we have weighed our interests against your rights and freedoms (a “legitimate interests assessment”). In short:
- Purpose: we have a genuine interest in offering a useful service to businesses that are likely to need it.
- Necessity: we send a small, targeted number of messages to named business contacts whose role makes our service relevant, rather than mass, untargeted email.
- Balance: we only use business contact details in a business context, we make it easy to opt out at any time, and we do not contact individuals or sole traders in their personal capacity on this basis.
Under the Privacy and Electronic Communications Regulations (PECR), we may send business-to-business marketing by email to corporate subscribers. You can ask to see more detail about our assessment by emailing hello@cortel.io.
Direct marketing and how to opt out
You have an absolute right to object to direct marketing at any time, and we will always honour it.
To opt out, reply STOP to any email from us, or email hello@cortel.io. We will stop contacting you for marketing promptly, and we keep a minimal record of your request so that we do not contact you again.
Who we share your data with
We do not sell your personal data, and we never share it for other organisations’ marketing. We do use a small number of trusted service providers (“processors”) who handle data on our behalf and only on our instructions:
- Google Workspace (Google), for our email, documents, file storage, and Google Calendar appointment scheduling for bookings.
- Formspree, which processes submissions from our contact and resource forms.
- Airtable, where we securely store enquiry and resource sign-up details, such as your name and email address, so we can respond to you and manage our contact with you.
- EmailOctopus, which we use to send the follow-up emails you have asked for and to manage unsubscribes.
- Plausible Analytics, for cookieless website analytics.
- Cloudflare, which hosts and serves this website and provides anti-spam protection (Turnstile) on our forms.
Some of these providers may process data outside the UK. Where they do, we rely on safeguards approved for UK data transfers, such as the UK extension to the EU Standard Contractual Clauses. We may also share data where we are required to by law.
How long we keep your data
We keep personal data only for as long as we need it:
- If you opt out of marketing, we keep the minimum information needed to make sure we do not contact you again.
- If we contact you about our service and you do not respond, we delete your details within a short period.
- If you make an enquiry that does not become a project, we keep your details for up to 12 months.
- If you become a client, your business and workflow data is deleted within 30 days of our engagement ending. Records we are legally required to keep — invoices and contractual records — are retained for up to six years to meet our tax and accounting obligations.
Your rights
Under UK GDPR you have the right to:
- ask for a copy of the personal data we hold about you (the right of access);
- ask us to correct data that is wrong or incomplete (rectification);
- ask us to delete your data (erasure);
- object to our use of your data, including an absolute right to object to direct marketing;
- ask us to restrict how we use your data;
- ask us to transfer your data to another organisation (portability), where this applies;
- withdraw your consent at any time, where we rely on consent.
To exercise any of these rights, email hello@cortel.io. We will respond within one month, and you will not normally have to pay a fee.
Complaints
We hope to resolve any concern you have, so please contact us first. You also have the right to complain to the Information Commissioner’s Office (ICO), the UK’s data protection regulator, at ico.org.uk or on 0303 123 1113.
Changes to this notice
We may update this notice from time to time. The date at the top of this page shows when it was last changed.