Privacy Notice
1. Who we are
This Privacy Notice explains how FITS Capital Ltd. ("we", "us", "our") collects, uses and protects personal data when you visit inhause.pro or get in touch with us. INHAUSE is a brand operated by FITS Capital Ltd.
FITS Capital Ltd. is the data controller for the purposes of the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and — where applicable to visitors located in the European Union — the EU General Data Protection Regulation (Regulation (EU) 2016/679).
FITS Capital Ltd.6 Butts Road, Horspath
Oxford, OX33 1RH
United Kingdom
Telephone (Oxford): +44 7442 986 787
Telephone (Limassol): +357 95 615 422
Email: wedare@inhause.pro
2. What personal data we collect
2.1 Information you give us directly
When you submit our contact form or write to us, we collect:
- your name;
- the name of the company you represent;
- your email address;
- the situation category you select (e.g. "Fundraising is approaching");
- any further information you choose to include in the free-text "Tell us more" field.
2.2 Information collected automatically
When you visit our website, our hosting provider and content delivery network may automatically log basic technical information such as your IP address, browser type, referring URL and pages visited. This information is used solely to operate and secure the website and is not combined with information you provide via the contact form.
Our website does not currently use analytics, advertising, or tracking cookies. If we introduce any, your preferences set via our cookie banner will apply. See our Cookie Policy for detail.
3. Why we use your data and on what legal basis
The table below sets out, for each purpose, the corresponding lawful basis under data protection law. The Article references are to Article 6 of both the UK General Data Protection Regulation (UK GDPR) and the EU General Data Protection Regulation (EU GDPR, Regulation (EU) 2016/679) — Article numbering and substantive content are the same in both regulations following the UK's retention of the EU GDPR text in domestic law, so a single reference covers both.
| Purpose | Lawful basis under UK GDPR and EU GDPR |
|---|---|
| Responding to your enquiry and discussing how we might work together. | Legitimate interests — UK GDPR / EU GDPR Article 6(1)(f). Our legitimate interest is running a professional advisory practice and responding to people who proactively contact us. |
| Negotiating and entering into a client engagement, if that follows. | Performance of a contract, or steps prior to entering into one — UK GDPR / EU GDPR Article 6(1)(b). |
| Keeping records of advice given and engagements completed, for our own quality and professional-conduct purposes. | Legitimate interests — UK GDPR / EU GDPR Article 6(1)(f). Our legitimate interest is maintaining accurate records of professional work. |
| Complying with legal, accounting, sanctions-screening or anti-money-laundering obligations. | Legal obligation — UK GDPR / EU GDPR Article 6(1)(c). This includes obligations under the UK Companies Act 2006, the UK Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017, and equivalent Cyprus and EU legislation where applicable. |
| Sending you occasional insights or updates, only where you have opted in. | Consent — UK GDPR / EU GDPR Article 6(1)(a). You can withdraw your consent at any time. |
If we rely on legitimate interests for any of the purposes above, you have the right to object to that processing — see Section 8 (Your rights).
We do not use your personal data for automated decision-making or profiling.
4. How we use AI
Transparency about how we work with artificial intelligence matters to us, and it matters legally. We want you to know exactly where AI sits in our process.
We use commercial AI tools to assist with drafting, structuring and reviewing internal materials — for example, summarising research, generating first drafts of frameworks, or checking written work for clarity. We do not delegate to AI any of the following: client-specific judgement, fact-checking against primary sources, conclusions, final wording or tone, negotiations, relationships with media or partners, or anything else where human professional expertise is the value our clients pay for.
The AI providers we use are commercial enterprise services from Anthropic (Claude) and OpenAI (ChatGPT / API). We use these tools under their enterprise terms, which means that data we submit is not used to train the providers' public models. Where a client engagement requires strict information handling, we either disable AI assistance for that engagement entirely, or use only on-device / local tools.
We do not enter sensitive personal data of contact-form submitters into any AI tool as part of our standard processing.
5. Who we share your data with
We do not sell your personal data. We do not share it for marketing purposes. We may share it with:
- Service providers acting on our behalf ("processors"), such as our email hosting provider, website hosting and content delivery network, and document storage. Each of these is bound by a written data-processing agreement and is permitted to use your data only as instructed by us.
- FITS Capital Ltd. group entities, where this is necessary to evaluate or deliver an integrated service involving both communications and financial advisory.
- Professional advisers (lawyers, accountants, auditors), where strictly necessary and on a confidential basis.
- Public authorities or regulators, where we are legally required to do so — for example, under sanctions, anti-money-laundering or tax legislation.
6. International transfers
Because we work with clients and use service providers across the United Kingdom, the European Union, and other jurisdictions, your personal data may be transferred outside the country from which you contacted us.
Where we transfer personal data outside the UK or the European Economic Area, we rely on one of the following safeguards:
- an adequacy decision adopted by the UK government or the European Commission;
- the UK International Data Transfer Agreement (IDTA) or the UK Addendum to the EU Standard Contractual Clauses;
- the EU Standard Contractual Clauses (2021).
You can request a copy of the safeguards in place by writing to wedare@inhause.pro.
7. How long we keep your data
| Category | Retention period |
|---|---|
| Contact-form enquiries that do not result in engagement. | Up to 24 months from the last meaningful contact, then deleted. |
| Client engagement records (correspondence, deliverables, invoices). | Up to 7 years after the end of the engagement, in line with UK accounting and professional record-keeping requirements. |
| Newsletter subscriptions. | Until you unsubscribe, after which we retain only the minimum data needed to honour your unsubscribe request. |
| Server logs. | Typically retained for up to 90 days by our hosting providers. |
8. Your rights
Under UK GDPR and EU GDPR you have the right to:
- Be informed about how your data is used — this Notice exists for that purpose;
- Access a copy of the personal data we hold about you;
- Rectify inaccurate or incomplete data;
- Erase your data ("right to be forgotten"), where applicable;
- Restrict processing in specific circumstances;
- Object to processing based on legitimate interests, including direct marketing;
- Data portability — to receive your data in a structured, machine-readable format;
- Withdraw consent at any time, where we rely on consent.
To exercise any of these rights, email wedare@inhause.pro. We will respond within one month of a valid request, in line with our statutory obligations.
Right to complain. If you are not satisfied with how we handle your data, you can lodge a complaint with:
— the UK Information Commissioner's Office (ICO) at ico.org.uk, or
— if you are based in the European Union, your national data protection authority (for visitors connected to Cyprus, this is the Cyprus Office of the Commissioner for Personal Data Protection at dataprotection.gov.cy).
We would, however, appreciate the chance to address your concern first.
9. Security
We take reasonable technical and organisational measures to protect personal data from accidental loss and from unauthorised access, alteration or disclosure. These include encrypted transport (HTTPS), access controls on our systems, vendor due diligence, and limited internal access on a need-to-know basis.
No method of transmission over the internet is completely secure. If you have particularly sensitive information to share, please tell us first and we will arrange a more appropriate channel.
10. Children
Our services are intended for businesses and the professionals who lead them. We do not knowingly collect personal data from anyone under 18. If you believe a child has provided us with personal data, please contact us so we can delete it.
11. Changes to this Notice
We may update this Privacy Notice from time to time. The "Last updated" date at the top of the page indicates the most recent revision. Material changes will be highlighted on the homepage or notified by email to clients on an active engagement.
12. Contact
For any question about this Privacy Notice or how we handle your personal data, please write to:
FITS Capital Ltd. — Data Protection6 Butts Road, Horspath
Oxford, OX33 1RH
United Kingdom
Telephone (Oxford): +44 7442 986 787
Telephone (Limassol): +357 95 615 422
wedare@inhause.pro