Get Started
Get Started

Last Updated: 29 May 2026

1. INTRODUCTION

This Privacy Policy explains how CIRCLE GREEN LIMITED (“Circle Green”, “we”, “us”, or “our”) collects, uses, stores, and protects personal data when you access or use the website https://circen.net/ (the “Website”) and the services provided through it (the “Services”).

Circle Green operates an online SaaS platform that enables users to edit, convert, process, and manage documents in a cloud-based environment (Circle Green).

This Policy is drafted in accordance with:

  • UK General Data Protection Regulation (UK GDPR) as retained in UK law by the European Union (Withdrawal) Act 2018, and as supplemented by the Data Protection Act 2018;

  • Privacy and Electronic Communications Regulations 2003 (SI 2003/2426, as amended) (PECR);

  • EU General Data Protection Regulation (Regulation (EU) 2016/679) (EU GDPR), where applicable to EU data subjects;

Please read this Policy carefully. If you have any questions, contact us at [email protected].

2. DATA CONTROLLER AND CONTACT DETAILS

2.1 Identity of the Controller

Circle Green is the data controller for personal data collected directly from website visitors, account holders, and individuals contacting us (including Identity, Contact, Technical, Usage, and Communication Data).

  • Company Name: CIRCLE GREEN LIMITED

  • Company Number: 11989378

  • Registered Address: Office 2 Little Winters Farm, Roundbush Road, Layer Marney, Colchester, Essex, CO5 9UR, United Kingdom

  • Email: [email protected]

  • VAT Number: GB323599680

  • ICO Registration Number: ZB362994

3. CIRCLE GREEN AS DATA PROCESSOR

Where users upload files containing personal data of third parties for processing through the Services, the user acts as the data controller and Circle Green acts strictly as a data processor in respect of that personal data. In that capacity:

  • Circle Green processes such document data solely on the automated instructions of the user and for no other purpose;

  • Circle Green does not use document data for its own commercial purposes;

  • Circle Green’s processing obligations as a data processor are governed by the Data Processing Terms set out in Schedule 1 of the Terms and Conditions, which satisfy the requirements of UK GDPR, Article 28

  • Users, as data controllers, are solely responsible for ensuring they have a valid lawful basis under UK GDPR, Article 6 (and Article 9 where special category data is involved) for instructing Circle Green to process that personal data.

4. SCOPE OF THIS POLICY

This Privacy Policy applies to:

  • visitors to the Website, regardless of location;

  • registered users of the document processing platform;

  • individuals contacting us via forms, email, or other channels;

  • EU and EEA data subjects (who retain rights under EU GDPR in addition to the rights described in this Policy);

  • California residents (who retain rights under the CCPA/CPRA as set out in Section 17 of this Policy).

This Policy does not apply to third-party websites linked from the Website. Those websites have their own privacy policies, which we encourage you to review.

5. CATEGORIES OF PERSONAL DATA COLLECTED

We may collect and process the following categories of personal data:

5.1 Identity Data

Name, where provided during account registration or contact.

5.2 Contact Data

Email address, where provided during account registration, contact form submissions, or support requests.

5.3 Communication Data Messages submitted via contact forms and correspondence with us.

5.4 Technical Data IP address, browser type and version, device type and operating system, time zone, referring URL. Collected automatically when you access the Website.

Login credentials (stored in hashed form), account preferences, and settings, where account functionality is implemented.

5.5 Document Data

Files uploaded by users for processing, including file contents and file metadata (type, size, timestamps). Such files may incidentally contain personal data, confidential information, or business data, depending on user input. Circle Green processes this data as a data processor only (see Section 3). Circle Green does not access, analyse, or retain document contents beyond what is technically necessary to perform the requested processing operation.

5.6 Financial and Transaction Data

Payment card details and transaction records, where payment functionality is implemented. Card data is processed by our payment processor and is not stored by Circle Green in unencrypted form.

Circle Green does not intentionally collect special category personal data (UK GDPR, Article 9) as part of its own data controller activities. See Section 8 regarding the risk of special category data in uploaded documents.

6. PURPOSES OF PROCESSING AND LEGAL BASES

We process personal data for the following purposes, relying on the legal bases identified. Where we rely on legitimate interests (UK GDPR, Article 6(1)(f)), we have conducted a legitimate interests assessment (LIA) and have determined that our interests are not overridden by your interests or fundamental rights and freedoms.

6.1. Providing and Delivering the Services (UK GDPR Article 6(1)(b))

Purpose: Registering accounts, processing uploaded files, enabling platform functionality, and fulfilling our contractual obligations to users.

6.2 Platform Security and Fraud Prevention Purpose: Monitoring access patterns, detecting abuse, malware, and unauthorised access, and protecting the integrity of the platform and other users.

Legal basis: legitimate interests. Our interest: maintaining a secure and trustworthy platform. We have assessed that this interest is not overridden by user interests, as security measures protect all users. You have the right to object to this processing (see Section 13).

6.3 Platform Improvement and Analytics

Purpose: Understanding how users interact with the platform, identifying performance issues, and improving features and usability.

Legal basis: UK GDPR Article 6(1)(f), legitimate interests. Our interest: improving service quality. Data is used in aggregated or pseudonymised form where possible. You have the right to object to this processing (see Section 13).

6.4 Responding to Enquiries and Support

Purpose: Responding to contact form submissions, support requests, and other communications.

Legal basis: UK GDPR Article 6(1)(b), steps taken at the request of the data subject before entering a contract; and Article 6(1)(f), legitimate interests in responding to communications directed at us.

6.5 Legal Compliance

Purpose: Complying with applicable laws, regulations, court orders, and lawful requests from public authorities.

Legal basis: UK GDPR Article 6(1)(c), compliance with a legal obligation.

6.6 Marketing Communications

Purpose: Sending marketing communications about our Services, where you have opted in.

Legal basis: UK GDPR Article 6(1)(a), consent. You may withdraw consent at any time by clicking ‘unsubscribe’ in any marketing email or by contacting [email protected]. Withdrawal does not affect the lawfulness of processing carried out before withdrawal.

7. DOCUMENT DATA, FILE PROCESSING AND RETENTION

7.1 Processing Scope

Uploaded files are processed automatically using server-side tools. Processing is limited to the specific operation requested (e.g., conversion, merge, split, compression). Circle Green does not read, analyse, index, or otherwise use file contents for any purpose beyond executing the requested operation.

7.2 Temporary Storage

In compliance with e-commerce service delivery requirements, all uploaded files are processed automatically and without undue delay. Files are stored on secure servers temporarily and solely for the purpose of completing your requested automated operation:

● Processed output files are made available for immediate download for a limited period; and

● All uploaded source files and completed output files are automatically and permanently deleted from our infrastructure within 24 hours of processing completion.

7.3 No Storage Service

The platform is not designed or operated as a file storage service. Circle Green does not guarantee the availability, recovery, or retention of any uploaded file beyond the processing window. Users are solely responsible for maintaining copies of all files.

7.4 No Human Review

Files are not reviewed by Circle Green employees or contractors, except where: (a) technically necessary for security incident response; or (b) required by law or court order. In either case, access is restricted to authorised personnel only.

8. SENSITIVE AND SPECIAL CATEGORY DATA

Circle Green’s platform is a general-purpose document processing tool. Users must not upload documents containing special category personal data as defined in UK GDPR, Article 9 (including data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data for identification purposes, health data, sex life or sexual orientation data) unless they have a valid condition under Article 9(2) and are acting as data controller.

Circle Green does not intentionally collect special category data as part of its own controller activities. However, given the nature of the platform, uploaded documents may incidentally contain such data. In that scenario:

• Circle Green processes such data as a data processor only, on the user’s instructions, without accessing or using such data for any independent purpose;

• the 24-hour automatic deletion schedule (Section 7.2) applies equally to files containing special category data; and

• Circle Green will notify affected users where it becomes aware of a data breach involving special category data, in accordance with Section 12.

Circle Green accepts no liability arising from a user’s failure to obtain an appropriate Article 9(2) condition before uploading documents containing special category data.

9. DATA RETENTION

We retain personal data only for as long as necessary:

  • contact data: retained for communication purposes;

  • technical and usage data: retained for analytics and security;

  • document data:

  • processed temporarily

  • stored only for the duration necessary to provide the service

  • automatically deleted thereafter

Retention periods may vary depending on operational and legal requirements.

10. DATA SHARING AND RECIPIENTS

10.1 Third-Party Sub-Processors

We do not sell, rent, or trade personal data. We may share personal data with the following categories of third-party processors, each of whom processes data under contractual terms consistent with UK GDPR, Article 28:

• Cloud hosting and infrastructure providers (servers on which the platform operates);

• File processing and conversion service providers (where third-party tools are used to perform operations);

• Analytics providers (where analytics involve processing of personal data such as IP addresses);

• Email and communication service providers (for support and transactional communications);

• Payment processors (where payment functionality is implemented); and

• Security and fraud prevention providers.

A current list of sub-processors is available upon written request to [email protected].

10.2 Disclosure Required by Law

We may disclose personal data to law enforcement, regulatory authorities, or courts where required to do so by applicable law, court order, or to protect the rights, property, or safety of Circle Green, its users, or the public. We will notify affected users of such disclosures where legally permitted to do so.

10.3 Business Transfers

In the event of a merger, acquisition, or sale of all or a material part of Circle Green’s business or assets, personal data may be transferred to the acquirer. We will notify users of any such transfer and the acquirer will be bound by this Policy or an equivalent policy offering no less protection.

11. INTERNATIONAL USERS

11.1 EU / EEA Users

If you access the Website from the EU or EEA, cookie use is also subject to the EU ePrivacy Directive (2002/58/EC, Article 5(3)) as transposed into your country’s national law. Circle Green applies the ePrivacy Directive consent standard for all EU/EEA users as a matter of policy, which is substantively equivalent to or stricter than PECR.

EU/EEA users have rights under EU GDPR (Regulation (EU) 2016/679), including the right to lodge a complaint with your national data protection supervisory authority. See our Privacy Policy, Section 16.2 for details of EU supervisory authorities.

11.2 Other Jurisdictions

Users accessing the Website from other jurisdictions are responsible for ensuring that their use of the Services is lawful under their applicable local law.

12. DATA SECURITY

Circle Green implements appropriate technical and organisational measures to protect personal data against accidental loss, unauthorised access, disclosure, alteration, or destruction, in accordance with UK GDPR, Article 32. These measures include:

• encryption of personal data in transit (TLS/HTTPS) and, where appropriate, at rest;

• access controls restricting personal data access to authorised personnel only;

• pseudonymisation where appropriate and proportionate;

• regular security testing and vulnerability assessments;

• system monitoring and anomaly detection; and

• staff training on data protection obligations.

No system is completely secure. In the event of a personal data breach that is likely to result in a risk to the rights and freedoms of natural persons, Circle Green will:

• notify the Information Commissioner’s Office (ICO) without undue delay and within 72 hours of becoming aware of the breach, in accordance with UK GDPR, Article 33; and

notify affected data subjects without undue delay where the breach is likely to result in a high risk to their rights and freedoms, in accordance with UK GDPR, Article 34.

13. USER RIGHTS

Under UK GDPR (and EU GDPR where applicable), you have the following rights in respect of personal data for which Circle Green is the data controller. These rights do not apply to document data processed by Circle Green as a data processor on your behalf (for which you, as controller, are responsible for responding to data subject requests).

13.1 Right of Access (Article 15)

You have the right to obtain confirmation of whether we process your personal data, and to receive a copy of that data together with supplementary information about our processing.

13.2 Right to Rectification (Article 16)

You have the right to require us to correct inaccurate personal data and to complete incomplete personal data.

13.3 Right to Erasure (Article 17)

You have the right to request deletion of your personal data where: it is no longer necessary for the purpose it was collected; you withdraw consent and no other lawful basis applies; you object to processing based on legitimate interests and there are no overriding legitimate grounds; the data has been unlawfully processed; or deletion is required to comply with a legal obligation.

13.4 Right to Restriction of Processing (Article 18)

You have the right to require us to restrict processing of your personal data in certain circumstances, including where you contest the accuracy or have objected to processing pending verification of our legitimate grounds.

13.5 Right to Data Portability (Article 20)

Where processing is based on consent or contractual necessity and carried out by automated means, you have the right to receive your personal data in a structured, commonly used, and machine-readable format, and to transmit it to another controller.

13.6 Right to Object (Article 21)

You have the right to object at any time to processing of your personal data based on legitimate interests (UK GDPR, Article 6(1)(f)). We will cease processing unless we can demonstrate compelling legitimate grounds that override your interests, rights, and freedoms, or for the establishment, exercise, or defence of legal claims.

13.7 Right to Withdraw Consent (Article 7(3))

Where processing is based on consent, you may withdraw that consent at any time. Withdrawal does not affect the lawfulness of processing carried out before withdrawal.

13.8 Rights in Relation to Automated Decision-Making (Article 22)

You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal or similarly significant effects.

13.9 How to Exercise Your Rights

To exercise any of the above rights, contact us at [email protected]. We will respond within one calendar month of receiving your request. We will not charge a fee unless your request is manifestly unfounded or excessive, in which case we may charge a reasonable fee or refuse to act, providing written reasons.

We may require you to verify your identity before processing your request. This is to protect against unauthorised access to your data.

14. RIGHT TO COMPLAIN

14.1 UK Users

If you are based in the United Kingdom and are concerned about our processing of your personal data, you have the right to lodge a complaint with the Information Commissioner’s Office (ICO):

• Website: https://ico.org.uk

• Telephone: 0303 123 1113

• Address: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF

14.2 EU/EEA Users

If you are habitually resident in an EU or EEA member state, you also have the right to lodge a complaint with the data protection supervisory authority in your country of habitual residence under EU GDPR, Article 77.

A full list of EU supervisory authorities is available at: https://edpb.europa.eu/about-edpb/about-edpb/members_en

14.3 Internal Complaints

We encourage you to contact us in the first instance at [email protected]. We will acknowledge your complaint within 5 business days and aim to resolve it within 28 days.

15. COOKIES AND TRACKING TECHNOLOGIES

Circle Green uses cookies and similar tracking technologies (including web beacons and pixels) on the Website in accordance with the Privacy and Electronic Communications Regulations 2003 (SI 2003/2426, as amended) (PECR).

For more details, please refer to the Cookie Policy.

16. THIRD-PARTY LINKS

The Website may contain links to third-party websites. We are not responsible for the privacy practices of such websites.

17. CHANGES TO THIS POLICY

We review this Privacy Policy at a minimum on an annual basis, and additionally whenever required to reflect changes in our automated processing activities, data protection laws, or statutory regulatory guidance.

Where we make material updates affecting data subject rights or the legal bases on which we process your data, we will notify you by email (where we hold your address) or by a prominent notice on the Website at least 30 days before the changes take effect. This timeline ensures you have the necessary information to exercise your statutory right to object or withdraw consent before the updated processing rules are enforced.

18. CONTACT

For any questions, concerns, or requests relating to this Privacy Policy or to the exercise of your data subject rights:

• Email: [email protected] (mark subject: “Privacy / Data Protection”)

• Postal Address: Office 2 Little Winters Farm, Roundbush Road, Layer Marney, Colchester, Essex, CO5 9UR, United Kingdom

We aim to respond to all privacy-related enquiries within 5 business days.

PRIVACY POLICY

Contact

Questions? Reach out anytime, we're here.

Email

Left your email

[email protected]

© 2026 Circle Green Limited

address

Office 2 Little Winters Farm, Roundbush Road, Layer Marney, Colchester, Essex, England, CO5 9UR

Terms and Conditions

Privacy Policy

Cookie Policy

Acceptable Use Policy