Privacy

Privacy notice

Last reviewed: 2026-07-06.

This notice covers the public Bowline Compliance website at bowlinecompliance.com, including website analytics.

1. Who we are

Bowline Compliance Limited is the data controller for personal data collected through this website.

  • Company number: 17192155
  • Registered in: England and Wales
  • Registered office: 11 Poplar Grove, London W6 7RF
  • Email: hello@bowlinecompliance.com

2. Data we collect and why

Contact enquiries

The website currently invites enquiries by email rather than through a website contact form. If you email Bowline, we receive the personal data you choose to include in that message, such as your name, email address, organisation, and the content of your enquiry.

We use this data to respond to your enquiry, arrange an initial conversation, and decide whether our services are likely to be relevant to you. We do not use contact enquiry data for marketing without a separate basis.

The lawful basis is legitimate interests (Article 6(1)(f) UK GDPR). Our interest is in responding to business enquiries from organisations that may benefit from our services. The processing is limited to what is necessary for that purpose.

Please do not include confidential, sensitive, or special category personal data in a website enquiry.

The Bowline Health Check

The Bowline Health Check asks questions about your organisation to suggest a suitable service route. All answers are processed on your device only — nothing is submitted to us, no account is created, and no personal data is collected through the health check itself. Personal data is only collected if you choose to contact Bowline.

Technical logs

Like most websites, our server may keep limited technical logs such as IP address, user agent, requested URL, response status, and timestamp. We use these logs to keep the site secure, investigate faults, and understand basic service operation.

Analytics

We use self-hosted Umami analytics to understand how this website is used in aggregate. Umami does not use cookies, does not track individuals across sessions, and does not fingerprint browsers.

Analytics may record: page URL, referrer URL, approximate country (derived from IP address at the point of the request — IP addresses are not stored), browser type, device category, and aggregate event counts such as button clicks. No names, email addresses, message content, or other directly identifiable data are collected through analytics.

We host Umami on infrastructure we control ourselves. Analytics data is not shared with advertising platforms and is not used for profiling or targeting.

Technical logs and analytics

We rely on legitimate interests under Article 6(1)(f) UK GDPR to keep the website secure, investigate faults, understand basic use of the site, and improve the service. We have considered the limited nature of the data, the absence of advertising tracking, the absence of session replay, and the analytics opt-out available on this page.

Retention: 13 months.

Analytics choice

You can disable analytics for this browser. This stores a small preference in your browser so the site knows not to send analytics events from this browser.

3. How long we keep enquiry data

Contact enquiry records are kept for up to 24 months from the date of the enquiry or the date of last relevant contact, whichever is later. Records are reviewed and deleted when they are no longer needed for the purpose for which they were collected.

Technical logs are kept only for as long as needed for security, fault investigation, and service operation.

4. Who we share data with

We do not sell personal data.

We use service providers where necessary to run the website, receive email, and protect the service. They may process personal data only for those purposes.

Website analytics is self-hosted on infrastructure we control and is not shared with advertising platforms.

5. Your rights

Under UK data protection law you have the right to:

  • Access — request a copy of the personal data we hold about you
  • Rectification — ask us to correct inaccurate data
  • Erasure — ask us to delete your data where we have no overriding reason to keep it
  • Restriction — ask us to pause processing in certain circumstances
  • Portability — receive a copy of your data in a structured, machine-readable format
  • Object — object to processing based on legitimate interests

To exercise any of these rights, contact us at hello@bowlinecompliance.com. We will respond within one month.

If you are not satisfied with our response, you have the right to complain to the Information Commissioner's Office at https://ico.org.uk/ or by post at Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF.

6. Changes to this notice

We will update this notice if our data practices change. The date at the top of the page shows when it was last reviewed.