Privacy Policy

Effective date:

26

January 2026

Rafiki Works LTD — Privacy Policy

Effective date: 22 January 2026

1. Company Information

Rafiki Works LTD is the data controller for this Privacy Policy.

Registered Address: 86–90 Paul Street, London, United Kingdom, EC2A 4NE
Company Type: Private Limited Company
Contact Email: nick@rafiki.works

Rafiki Works LTD (“Rafiki”, “we”, “us”, or “our”) is committed to protecting your privacy. This Privacy Policy explains how we collect, use, store, share, and protect personal data when you engage with our website, communications, and professional services (collectively, the “Services”).

By accessing or using our Services, you agree to this Privacy Policy. If you do not agree, you should not use our Services.

2. Who We Are

Rafiki is a creative, product, engineering, and growth agency providing professional services including (but not limited to):

  • Brand and creative strategy
  • Website and product design
  • Software and platform development
  • Marketing, PR, SEO, SEM, and growth services
  • AI-enabled tools and automation
  • Project-based and retainer-based delivery

This Privacy Policy applies only to Rafiki’s agency and consultancy activities.

Where separate software or payment tooling is referenced (including Petl Pay, a product 100% owned by Rafiki Works LTD), such products operate under their own Privacy Policies and Terms.

3. Information We Collect

We collect personal data in the following categories:

3.1 Information You Provide Directly

  • Name, email address, phone number
  • Company name, role, and business details
  • Communications with us (email, calls, forms, proposals)
  • Project-related information provided for delivery of Services
  • Preferences and settings

3.2 Client and Project Data

When delivering Services, we may process information provided by clients, including:

  • Project briefs and requirements
  • Content, assets, and materials
  • Feedback, approvals, and communications

Clients remain responsible for ensuring they have the right to share such data with us.

3.3 Website and Usage Data

  • Pages visited
  • Referring URLs
  • Interaction patterns
  • Date and time of access

3.4 Device and Technical Data

  • IP address
  • Browser type and version
  • Operating system
  • Device identifiers
  • Log and diagnostic data

3.5 Marketing and Communications Data

  • Newsletter subscriptions
  • Event registrations
  • Marketing preferences
  • Campaign interaction data

4. How We Use Your Information

We use personal data for the following purposes:

4.1 Service Delivery

  • Providing and managing our agency Services
  • Communicating about projects and deliverables
  • Managing client relationships and contracts

4.2 Business Operations

  • Invoicing and accounting
  • Internal reporting and forecasting
  • Supplier and contractor coordination

4.3 Communications

  • Responding to enquiries
  • Sending service-related updates
  • Issuing proposals, contracts, and invoices
  • Marketing communications (where permitted or consented to)

4.4 Improvement and Analytics

  • Understanding how our website and Services are used
  • Improving performance, content, and offerings
  • Internal research and analysis (using aggregated data where possible)

4.5 Legal and Compliance

  • Meeting legal and regulatory obligations
  • Enforcing agreements
  • Protecting Rafiki’s rights and interests

5. How We Share Information

We do not sell personal data.

We may share personal data only as follows:

5.1 Service Providers

Trusted third-party providers who support our operations, such as:

  • Cloud hosting and storage
  • Analytics tools
  • Email and communications platforms
  • Accounting and professional advisers

These providers act only on our instructions and are bound by confidentiality and data protection obligations.

5.2 Contractors and Partners

Where necessary to deliver Services, we may share limited data with:

  • Contractors
  • Freelancers
  • Specialist partners

Only data strictly required for delivery is shared.

5.3 Legal Obligations

We may disclose data if required to:

  • Comply with applicable law or regulation
  • Respond to lawful requests from authorities
  • Protect the rights, safety, or property of Rafiki or others

5.4 Business Transfers

In the event of a merger, acquisition, or restructuring, personal data may be transferred subject to appropriate safeguards.

6. International Data Transfers

We may process personal data in the:

  • United Kingdom
  • European Economic Area
  • South Africa
  • Other jurisdictions where our service providers operate

Where data is transferred internationally, we rely on appropriate safeguards such as:

  • UK International Data Transfer Agreement (IDTA)
  • EU Standard Contractual Clauses (SCCs)
  • Contractual and organisational protections

7. Data Retention

We retain personal data only for as long as necessary to:

  • Deliver our Services
  • Comply with legal, tax, and accounting obligations
  • Resolve disputes
  • Enforce agreements

Retention periods vary depending on the nature of the data and applicable legal requirements.

8. Your Rights

Depending on your location (including under UK GDPR, EU GDPR, and applicable local laws), you may have the right to:

  • Access your personal data
  • Correct inaccurate or incomplete data
  • Request deletion (subject to lawful exceptions)
  • Restrict or object to processing
  • Request data portability
  • Withdraw consent (where processing is consent-based)
  • Lodge a complaint with a supervisory authority

To exercise your rights, contact info@rafiki.works.

9. Your Choices

You may:

  • Update or correct your information
  • Opt out of marketing communications
  • Request deletion of your account or data
  • Control cookies through browser settings

Some data may need to be retained for legal or contractual reasons.

10. Security

We implement appropriate technical and organisational measures, including:

  • Secure cloud infrastructure
  • Access controls
  • Encryption where appropriate
  • Monitoring and regular reviews

Users are responsible for keeping their own devices and credentials secure.

11. Children’s Privacy

Our Services are not intended for individuals under 18.
We do not knowingly collect personal data from minors. If such data is identified, it will be deleted.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time.
Material changes will be communicated via our website or email.

The “Effective date” will reflect the most recent version.
Continued use of our Services constitutes acceptance.

13. Contact Us

For privacy-related questions or requests, contact:

Rafiki Works LTD
86–90 Paul Street
London, EC2A 4NE
United Kingdom

📧 nick@rafiki.works