Legal

Privacy Policy

Last updated: 26 April 2026

Short version: we don't track you on this website. No analytics, no advertising cookies, no third-party pixels. If you email us, we keep your message and reply — that's it. You can ask us to delete your data at any time by emailing hello@pangandchiu.com.

Who we are

This website is operated by Pang and Chiu Company Limited, a private limited company registered in England and Wales. We are the data controller for any personal data described in this policy.

Company number: 06922982
VAT number: 972 2985 78
Registered office: 70 Hutton Grove, London, N12 8DR
Contact for privacy: hello@pangandchiu.com

What we collect, and why

When you visit this site

This website is hosted on Vercel and serves static HTML. We don't run analytics or tracking scripts. Vercel records standard server logs (IP address, request time, user agent) for security and performance — these logs are retained by Vercel for up to 30 days and are not used by us for marketing or profiling.

When you email us

If you email hello@pangandchiu.com or any other Pang and Chiu address, we keep your message in our inbox. We use this to reply to you and to manage any subsequent professional relationship.

Information we may end up holding about you includes: your name, email address, employer or company, the contents of your message, and any information you choose to share with us during a conversation.

When we cold-email you for business development

We sometimes contact decision-makers at UK companies whose business profile suggests we could be useful to them. We rely on the legitimate interests lawful basis under UK GDPR Article 6(1)(f) for B2B outreach. Where we contact you, we will identify ourselves clearly, explain why we're writing, and stop contacting you if you reply asking us to. Our interest in marketing our services is balanced against your reasonable expectations as a senior decision-maker in your role.

Lawful bases we rely on

Legitimate interest (Article 6(1)(f)) — for replying to enquiries, B2B cold outreach to decision-makers, and operating this website
Contract (Article 6(1)(b)) — when you engage us for client work, we process information necessary to deliver that engagement
Legal obligation (Article 6(1)(c)) — for tax, accounting, and other statutory record-keeping

How long we keep your data

Email enquiries — retained while in active discussion and for 12 months after last contact, then deleted
Client engagement records — retained for the duration of the engagement plus 6 years (UK statutory tax/accounting period)
Server logs — Vercel retention, typically up to 30 days

Cookies

This site does not set advertising or analytics cookies. The only storage that may be set is essential — for example, your browser's normal handling of font caches and the WebGL canvas that draws the orb on the homepage. You don't need to accept anything to use the site.

If we ever add analytics or marketing tools in the future, we will introduce a proper consent banner and update this policy before they go live.

Third parties that process data on our behalf

Vercel Inc. — website hosting and edge logs (United States, with EU data processing agreements in place)
Google LLC (Workspace) — email delivery and storage for hello@pangandchiu.com and related addresses
Google Fonts — fonts delivered from fonts.googleapis.com when you load the site (your IP address is visible to Google during that request)
jsDelivr — delivers the WebGL library used for the homepage orb (your IP is visible to jsDelivr's CDN during that request)

We do not sell or rent personal data to third parties.

Your rights under UK GDPR

You have the right to:

Access the personal data we hold about you
Have it corrected if it's wrong
Have it deleted ("right to erasure")
Restrict or object to how we process it
Receive a copy of it in a portable format
Withdraw consent at any time, where consent is the lawful basis

To exercise any of these rights, email hello@pangandchiu.com. We will respond within one calendar month.

Complaints

If you're unhappy with how we've handled your data, please email us first so we can put it right. You also have the right to complain to the UK's Information Commissioner's Office (ICO) at ico.org.uk/make-a-complaint.

Changes to this policy

We may update this policy from time to time. The "Last updated" date at the top of this page reflects the most recent version. Material changes will be flagged on the homepage for at least 30 days.