Sonde Data ยท Last updated 28 May 2026
Who we are. Sonde Data (“the Service”) is operated by Syndicate Room Ltd (“SyndicateRoom”, “we”, “us”). SyndicateRoom is the data controller for the personal data described in this notice and is registered with the UK Information Commissioner’s Office (ICO). This notice is specific to the Service. It sits under SyndicateRoom’s wider privacy framework; for company-level matters please also see our main privacy policy.
Who this notice is for. This notice explains how we handle personal data in two situations: (1) information about company directors and individual shareholders that the Service draws from public sources; and (2) information about the people who register for and use the Service. The two are explained separately below.
The Service helps users research UK companies and the people connected to them. To do this we process limited personal data about company directors and individual shareholders.
| Information | Source | Notes |
|---|---|---|
| Director names | Companies House public register (officer appointments) | Business-capacity information already on the public record. |
| Individual shareholder names and their shareholding (number and class of shares) | Companies House CS01 confirmation statements | Applies to individual shareholders. Corporate shareholders are not personal data. |
| An indicative, estimated value of a shareholding | Calculated by us using share prices from SH01 filings | This figure is produced by us, not taken from the register, and is an estimate only. It may not reflect later funding rounds, dilution, different share classes, or buy-backs. |
| Company website and a short business description | Retrieved via a third-party service (Serper.dev) | Company-level information; any personal data is incidental. |
What we do not collect: we do not ingest dates of birth, residential or service addresses, signatures, or any special category data.
Source attribution. The Service contains public sector information licensed under the Open Government Licence v3.0. Source: Companies House.
Purpose. We make public-register information more useful for legitimate business research — investment screening, due diligence and market mapping — by our users (typically angel investors and small funds).
Lawful basis: legitimate interests (Article 6(1)(f) UK GDPR). Our legitimate interests, and those of our users and the wider interest in corporate-register transparency, are in providing and using this research tool. We have weighed these interests against your rights in a documented Legitimate Interests Assessment, and have minimised what we hold (names and holdings only) and how it can be used. You can ask us for a summary of that assessment.
We keep the information for as long as it remains relevant to the Service and refresh it against Companies House filings so it reflects the current public record. Superseded records are removed or updated in line with our retention policy. If you ask us to remove you, we will suppress your data promptly.
Because this information comes from public sources rather than from you directly, the law requires us to make this notice available to you (rather than, in most cases, to contact each person individually). Given the number of individuals on the public register, contacting everyone would involve disproportionate effort. Instead we publish this notice prominently and make it easy for you to exercise your rights, including asking us to remove you.
If you register for or use the Service, we also process personal data about you as a user.
We keep account information for as long as you have an account and for a reasonable period afterwards, and usage/log information for a limited period in line with our retention policy. Details are available on request.
We use a single, strictly necessary cookie, set by us, to keep you signed in and to protect forms against cross-site request forgery. It lasts up to 7 days, refreshing while you stay active, and your sign-in is cleared when you sign out. It is essential to providing the Service you have asked for and is exempt from consent requirements under UK PECR, so there is no cookie banner. If you block this cookie you will not be able to sign in. We do not use any advertising, profiling, or cross-site tracking cookies.
Analytics. To understand how the Service is used — which features people use, where they get stuck — we use Plausible Analytics, a privacy-focused analytics tool hosted in the European Union. Plausible is cookieless, sets no persistent identifiers, does not track you across sites, and does not retain personal data about visitors. What we receive is anonymous, aggregate usage statistics (for example, how many people viewed a page or used a feature).
Lawful basis and your rights. Because Plausible is cookieless and does not collect personal data about you individually, no consent is required under UK PECR. We rely on legitimate interests for this aggregate analytics. You can use browser settings (such as Do Not Track or content blockers) if you prefer not to be counted in our statistics.
Server logs. We also keep server logs (including IP address, request URL, timestamps and basic device/browser information) for security, abuse-prevention and audit purposes. These are strictly necessary to operate the Service and are not used for analytics or marketing.
Note on our main website. Our main SyndicateRoom website uses advertising and analytics cookies and a cookie-consent banner (CookieHub). That is managed separately; the Service’s privacy posture (no tracking cookies, no banner — only the essential sign-in cookie above) is deliberately different.
Whether you are an individual in our data or a user of the Service, you have rights under UK data protection law. These include the right to:
How to exercise your rights. Contact us at privacy@sondedata.co.uk. We will respond without undue delay and within one month. There is usually no charge. To protect your data we may need to verify your identity.
Right to object — quick route. If you simply want us to remove you from the Service, email privacy@sondedata.co.uk and we will deal with it. (A self-service option is planned for the future.)
Some of our service providers are based outside the UK. For example, the company-enrichment provider (Serper.dev) is based in the United States. Where personal data is transferred to a country without a UK adequacy decision, we use an appropriate safeguard recognised under UK data protection law, such as the UK International Data Transfer Agreement or the UK Addendum to the EU Standard Contractual Clauses. Our analytics provider (Plausible) is hosted in the European Union, which is covered by a UK adequacy decision, so no separate transfer mechanism is required there.
If you have concerns about how we handle your personal data, please contact us first at privacy@sondedata.co.uk so we can try to resolve them. You also have the right to complain to the ICO (ico.org.uk).
We may update this notice from time to time. Where changes are significant we will take reasonable steps to bring them to your attention. The date at the top shows when it was last updated.
Controller: Syndicate Room Ltd. Privacy contact for the Service: privacy@sondedata.co.uk. For company-level matters, see our main privacy policy.