Hereditas Conservatio
Home
Our Team
Hereditas Conservatio
Home
Our Team
More
  • Home
  • Our Team
  • Home
  • Our Team

Privacy Policy

Effective Date: 07.08.2025
Last Updated: 07.09.2025


Hereditas Conservatio Ltd (“we”, “our”, “us”) is committed to protecting the privacy and security of your personal data. This Privacy Policy explains how we collect, use, store, and protect personal information when you use our website, digital services, or interact with us.

We comply with the UK General Data Protection Regulation (UK GDPR), the EU General Data Protection Regulation (EU GDPR) where applicable, the Data Protection Act 2018, and other relevant privacy and data protection laws.


1. Who We Are

Hereditas Conservatio Ltd develops the Heritage Risk & Preservation Index (HRPI), an AI-powered platform for cultural heritage risk assessment. We are registered in England and Wales and headquartered in London, United Kingdom.


For any questions about this Privacy Policy, please contact:


Data Protection Officer (DPO)
Hereditas Conservatio Ltd
Email: info@heritagerisk.io


2. What Data We Collect

We may collect and process the following categories of personal data:

  • Identity Data: Name, organisation, job title.
     
  • Contact Data: Email address, phone number, postal address.
     
  • Technical Data: IP address, browser type, operating system, cookies, and analytics data.
     
  • Usage Data: How you interact with our website, services, and applications.
     
  • Communications Data: Records of correspondence when you contact us.
     

We do not intentionally collect sensitive personal data (special category data) unless explicitly provided and necessary for a specific purpose, in which case we will seek your explicit consent.


3. How We Collect Data

We collect personal data in the following ways:

  • Directly from you when you register interest, subscribe to updates, request demonstrations, or contact us.
     
  • Automatically when you visit our website (through cookies and analytics tools).
     
  • From trusted third parties, such as partner organisations or publicly available sources, where lawful to do so.
     

4. How We Use Your Data

We process your personal data for the following purposes:

  • To provide, maintain, and improve our website and services.
     
  • To respond to enquiries, requests, or feedback.
     
  • To send updates, newsletters, or policy briefings (where you have opted in).
     
  • To conduct research, analytics, and service development.
     
  • To comply with legal and regulatory obligations.
     
  • To protect our rights, property, and security, and that of our users.
     

We will only process your personal data where we have a lawful basis under data protection law, including consent, contract performance, legal obligation, or legitimate interest.


5. Data Sharing and Transfers

We will never sell your personal data. We may share data with:

  • Service providers who support our operations (e.g., IT hosting, analytics, professional services).
     
  • Partner organisations where collaboration is necessary to deliver our services, with appropriate safeguards.
     
  • Regulators, law enforcement, or other authorities where required by law.
     

If data is transferred outside the UK or European Economic Area (EEA), we ensure adequate safeguards, such as the UK International Data Transfer Agreement (IDTA), EU Standard Contractual Clauses (SCCs), or equivalent protections.


6. Data Retention

We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, including for legal, regulatory, or reporting requirements. When no longer required, data will be securely deleted or anonymised.


7. Your Rights

Under UK and EU GDPR, you have the following rights:

  • Access: To request a copy of the personal data we hold about you.
     
  • Rectification: To correct inaccurate or incomplete data.
     
  • Erasure: To request deletion of your data (“right to be forgotten”).
     
  • Restriction: To limit processing of your data in certain circumstances.
     
  • Data Portability: To receive your data in a structured, commonly used format.
     
  • Objection: To object to processing based on legitimate interests or direct marketing.
     
  • Withdraw Consent: To withdraw consent where processing is based on consent.
     

To exercise any of these rights, please contact our DPO using the details above.


8. Cookies and Tracking

Our website uses cookies and similar technologies to enhance user experience and analyse website traffic. You may manage or disable cookies through your browser settings. A separate Cookie Policy is available on our website.


9. Security

We commit to/will implement appropriate technical and organisational measures to protect personal data, including:

  • Encryption at rest and in transit.
     
  • Role-based access control.
     
  • Regular security testing and audits.
     
  • Compliance with ISO 27001 standards (as part of our roadmap).
     

However, no system can guarantee absolute security, and transmission of information is at your own risk.


10. Children’s Privacy

Our services are not directed at children under 16 years of age. We do not knowingly collect data from children. If you believe we have collected such data, please contact us and we will delete it.


11. Changes to This Policy

We may update this Privacy Policy from time to time. The most recent version will always be available on our website, with the effective date clearly shown.


12. Complaints

If you have concerns about our use of your personal data, please contact us first. You also have the right to lodge a complaint with:

  • The Information Commissioner’s Office (ICO) in the UK: www.ico.org.uk
     
  • Your local supervisory authority if you are based in the EU.

  • Privacy Policy

Copyright © 2025 Hereditas Conservatio - All Rights Reserved.

To Protect and Conserve

This website uses cookies.

We use cookies to analyse website traffic and optimise your website experience. By accepting our use of cookies, your data will be aggregated with all other user data.

DeclineAccept