Biographica

Privacy policy

Who we are

Biographica Ltd (“we”, “us”, or “our”) is the controller responsible for the personal data described in this notice.

Registered Address: 68 Hanbury Street, London, E1 5JL, United Kingdom.

Email: info@graphica.bio.

If you have any questions about how we use your personal data, or wish to exercise your rights, you can contact us at the email above.

Scope

This privacy notice explains how we collect, use and protect personal data relating to:

  • visitors to our website,
  • business contacts and prospects,
  • customers and suppliers,
  • job applicants.

If any of our products or services have their own specific privacy terms, we will provide or link to those separately.

1) What data we collect

We collect only what we need for the purposes below:

  • Identity & contact: Your name, job title, employer, email address and phone number.
  • Business account & billing: Company details, purchase history, invoices and payment confirmations (we do not store full payment card details).
  • Communications & meetings: Emails, support messages, and, where participants are notified, call recordings and meeting transcripts used for note-taking, training or quality assurance purposes.
  • Website/analytics (optional): Device and usage data collected through cookies or SDKs to help us understand how our website is used and improve its performance. Non-essential cookies are used only if you provide consent (see the section on “Cookies”).
  • Recruitment: Details provided as part of a job application, such as your CV, cover letter, interview notes and right-to-work documentation.

Special Category Data

We do not intentionally collect special category (sensitive) personal data. If such information is provided incidentally — for example, in a CV, during a meeting, or in correspondence — we handle it securely, limit its use to what is strictly necessary, and delete it if it is not required for the purpose collected.

Children’s Data

Our services are not intended for children under 18, and we do not knowingly collect their personal data. If you believe a child has provided us with personal information without parental consent, please contact info@graphica.bio so we can promptly remove it from our servers.

Sources of Data

We collect information directly from you, from your colleagues who introduce you, from our business partners who help deliver our services, and from publicly available sources such as LinkedIn or company websites.

2) How we use information (and our lawful bases)

Depending on how you interact with us, we use your personal data for the following purposes:

  • To provide and support our services: We use your information to set up and manage accounts, deliver projects, process payments and issue invoices. Legal bases: Contract performance (including steps taken prior to entering a contract).
  • To manage B2B relationships and service communications: We process your details to maintain our ongoing working relationships, respond to enquiries, send proposals, manage renewals, and keep you informed about service-related matters. No unsolicited marketing is sent to individuals’ personal email addresses without consent. Legal bases: Legitimate interests (to maintain reasonable business-to-business contact; you may object at any time).
  • To record and transcribe meetings: We may record or transcribe meetings for note-taking, quality assurance, training, and ensuring accurate follow-up actions. Participants are notified when recording or transcription is active. You can object, ask not to be recorded, or request redaction of specific portions that are not needed. Legal bases: Legitimate interests (to maintain accurate and efficient records of discussions).
  • To send newsletters or invitations to events: Where you sign up to receive updates, newsletters, or attend our events, we will use your details to communicate these to you. Legal bases: Consent (which you can withdraw at any time).
  • To analyse and improve our website and services: We use analytics and cookies to understand how our website and digital tools are used, to improve usability and performance. Non-essential cookies are only used if you consent. Legal bases: Consent (for non-essential cookies).
  • To manage recruitment processes: We use your personal data to assess job applications, communicate about roles, and conduct right-to-work and background checks as required by law. Legal bases: Legitimate interests / Contract (for candidate assessment and communication); Legal obligation (for right-to-work verification).
  • To meet legal and compliance requirements: We may process personal data to comply with legal, regulatory, or tax obligations, prevent fraud, enforce our terms, or defend our rights. Legal bases: Legal obligation; Legitimate interests (to protect our business and comply with applicable requirements).

We do not make automated decisions that have legal or similarly significant effects on you.

We also do not carry out profiling or automated analysis of individuals for marketing, behavioural, or scoring purposes.

3) Who we share information with

We do not sell or rent personal data. We share it only where necessary to operate our business, deliver services, or meet our legal and contractual obligations.

  • Service providers (processors): We use trusted third parties to help us deliver and support our services. These include providers of cloud hosting and storage, productivity and collaboration tools, meeting transcription, analytics (where you have consented to non-essential cookies), CRM, email/newsletter systems, recruitment platforms, and IT or security services.
  • Professional advisers: We may share personal data with our accountants, lawyers, insurers, auditors, or similar advisers where this is necessary for obtaining professional advice or managing our business.
  • Business transactions: If we are involved in a merger, acquisition, investment, or restructuring, we may share limited personal data as part of due diligence or transition processes, subject to strict confidentiality agreements.
  • Legal and regulatory obligations: We may disclose personal data where required by law, regulation, or court order, or to protect our rights, property, or safety (including preventing fraud or other unlawful activity).

We maintain an up-to-date list of our main processors and transfer safeguards. You can contact us at any time if you would like more information or copies of the relevant contractual protections.

4) How we handle international transfers

Some of our service providers and partners are based outside the UK. Where we transfer personal data internationally, we ensure that suitable safeguards are in place to protect it.

When we transfer personal data outside the UK, we rely on one of the following mechanisms:

  • UK adequacy regulations — for example, transfers to the EEA or to US organisations certified under the UK Extension to the EU–US Data Privacy Framework; or
  • Appropriate safeguards — such as the ICO’s International Data Transfer Agreement (IDTA) or the UK Addendum to the EU Standard Contractual Clauses, supported by a transfer risk assessment (TRA).

You can contact us at any time for more information about these safeguards or to request copies of the relevant contractual terms (with any confidential details redacted where necessary).

5) How long we keep information

We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, including to meet legal, regulatory, accounting or reporting requirements. Once personal data is no longer needed, we securely delete or anonymise it to prevent identification.

Retention periods vary depending on the nature of the data and our operational or legal obligations. In general, most business and correspondence records are retained for a limited period (typically up to two years) after the relationship ends or the purpose has been fulfilled. Certain categories, such as contracts, financial and tax records, may be retained for up to six years in line with statutory requirements.

We periodically review the personal data we hold and delete or anonymise anything that is no longer required.

Where legal claims, investigations or regulatory duties require us to keep information for longer, we retain only what is necessary for that purpose.

Further details on our standard retention periods and data deletion procedures are available on request.

6) Cookies and similar technologies

Our website and online tools use cookies and similar technologies to help them function properly, improve performance, and (where you consent) to understand how people use our site.

What are cookies?

Cookies are small text files placed on your device (computer, tablet, or phone) when you visit a website. They help the site remember your preferences, enable certain features, and provide insights into how the site is used.

We also use similar technologies such as pixels, SDKs and local storage, which perform comparable functions.

How we use cookies

We group the cookies we use into categories such as:

  • Strictly necessary cookies: Required for the site to operate and cannot be switched off.
  • Performance or analytics cookies: Help us understand how visitors use our website (for example, which pages are most visited, how long users stay, or which features are used most) so we can improve usability.

Managing your preferences

You can manage or withdraw your consent for cookies at any time.

Reset cookie consent

Clicking this link will remove your saved choice and the cookie banner will appear again.

You can also adjust your browser settings to block or delete cookies; however, some parts of the website may not function properly if you disable certain types of cookies.

7) Your rights

Under UK and EU data protection laws, you have the following rights in relation to your personal data:

  • Access – to request a copy of the personal data we hold about you.
  • Rectification – to correct any inaccurate or incomplete information.
  • Erasure – to ask us to delete your personal data where there is no lawful reason to continue processing it.
  • Restriction – to request that we limit how we process your data in certain circumstances.
  • Objection – to object to our processing where we rely on legitimate interests (including B2B communications or profiling for marketing purposes).
  • Data portability – to receive the personal data you provided to us in a structured, commonly used format, and to ask us to transfer it to another controller.
  • Withdraw consent – where we rely on consent (for example, for newsletters or analytics cookies), you can withdraw it at any time. This does not affect any processing carried out before withdrawal.

If you object to receiving business-to-business communications from us, we will stop sending them and maintain a minimal suppression record to ensure your preference is respected.

To exercise any of these rights, please contact us at info@graphica.bio. We will respond without undue delay and within one month of receiving your request, in line with our legal obligations.

8) How we protect your data

We implement appropriate technical and organisational measures to protect personal data against unauthorised access, loss, misuse, or disclosure. These include access controls, encryption in transit and at rest (where supported by our service providers), least-privilege access policies, staff training, and regular reviews of our vendors and data retention practices.

While no system can be completely secure, we continually monitor our systems and take steps to detect and respond to potential security incidents. Where a personal data breach occurs that poses a risk to individuals’ rights or freedoms, we will notify the affected individuals and/or the relevant supervisory authority as required by law.

9) How to contact us

If you have any questions about this notice, our data practices, or wish to exercise any of your data protection rights, please contact us at: info@graphica.bio

You have the right to lodge a complaint with the Information Commissioner’s Office (ICO) if you are concerned about how we handle your personal data. You can write to: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF, or contact them via the helpline at 0303 123 1113.

10) Updates

We reserve the right to update this privacy notice at any time, and we will provide you with a new privacy notice when we make any substantial updates. We may also notify you in other ways from time to time about the processing of your personal information.

Last updated: 17 October 2025

We use cookies to improve your experience on our website. You can read our privacy policy for more information.