Privacy Policy

This Privacy Policy explains how we collect, use, and protect personal data when you visit [WEBSITE DOMAIN] (the "Website") or contact us through it. We process personal data in accordance with the EU General Data Protection Regulation (GDPR) and applicable national law.

This Policy applies to our Website only. Personal data processed under a signed services agreement with a client is governed by that agreement and, where applicable, a separate Data Processing Agreement.

The data controller is [LEGAL ENTITY NAME], [REGISTERED ADDRESS], [COUNTRY]. For privacy matters contact [PRIVACY CONTACT EMAIL].

We collect personal data in two ways. Directly, when you submit the contact form: your name, email address, company name (if provided), and message content. Automatically, when you browse the Website: IP address, browser and operating system, device type, referring URL, pages viewed, time spent, and interaction events, collected through cookies and similar technologies as described in our Cookie Policy. We do not knowingly collect special categories of personal data (as defined in Art. 9 GDPR). Please do not include such data in messages submitted through the Website.

Under Article 6 GDPR we process your personal data for the following purposes:

Purpose Legal basis

Respond to enquiries submitted via the contact form

Pre-contractual measures at your request (Art. 6(1)(b)) and/or our legitimate interest in replying to inbound messages (Art. 6(1)(f))

Measure and improve Website performance through analytics Your consent (Art. 6(1)(a)), given via the cookie banner

Understand user behaviour through session recordings and heatmaps Your consent (Art. 6(1)(a)), given via the cookie banner

Keep the Website operational and secure Our legitimate interest (Art. 6(1)(f))

Comply with legal obligations Legal obligation (Art. 6(1)(c))

We share personal data only with the following categories of recipients:

Service providers acting as processors on our behalf, including hosting and email providers, and analytics and behavioural analytics providers (currently Google LLC and Hotjar Ltd). The authoritative list of third-party providers that may set cookies on the Website is available in the cookie preferences panel.

Professional advisors, such as lawyers, accountants, and auditors, under confidentiality obligations and only where necessary.

Competent authorities, where we are legally required to disclose data.

Acquirers, in the event of a merger, acquisition, or asset transfer. In such cases your data may be transferred to the acquiring entity, and you will be notified in advance where required by law.

We do not sell personal data.

Some of our processors operate outside the European Economic Area (EEA). When we transfer personal data outside the EEA, we rely on appropriate safeguards under Chapter V GDPR, including:

Adequacy decisions by the European Commission, where the destination country is recognised as providing an adequate level of protection.

EU-US Data Privacy Framework certification, where the recipient is certified.

Standard Contractual Clauses approved by the European Commission, with supplementary measures where necessary.

This applies in particular to our analytics and behavioural analytics providers. You can request a copy of the specific safeguards applicable to a transfer by contacting [PRIVACY CONTACT EMAIL].

We retain personal data only for as long as necessary for the purposes for which it was collected, unless a longer period is required by law.

Contact form submissions: up to [24] months after the last interaction, unless a business relationship develops, in which case we retain records for as long as required by law or legitimate business need.

Analytics and behaviour data: as configured with the respective tools, disclosed in the cookie preferences panel on the Website.

Server logs: typically up to [30] days, for security and troubleshooting.

Accounting and tax records: for the period required by applicable law (typically 5 to 10 years depending on jurisdiction).

After the retention period expires, we delete or anonymise the data.

We do not carry out automated decision-making or profiling that produces legal or similarly significant effects on you.

We apply appropriate technical and organisational measures to protect personal data against unauthorised access, loss, or misuse.

Under GDPR you have the right to access your personal data, have inaccurate data corrected, request erasure (where applicable), restrict processing (where applicable), object to processing based on legitimate interests, request data portability (where applicable), and withdraw consent at any time without affecting the lawfulness of processing carried out before withdrawal.

To exercise these rights contact [PRIVACY CONTACT EMAIL]. We reply within one month, as required by Art. 12(3) GDPR. This period may be extended by up to two further months where the request is complex or where we receive a high number of requests, in which case we will inform you of the extension and the reasons for it. We may ask for additional information to verify your identity before acting on a request.

If you believe we process your personal data unlawfully you may lodge a complaint with the competent data protection supervisory authority, [SUPERVISORY AUTHORITY], or the authority in the EU Member State where you live or work.

Our use of cookies and similar technologies is described in our Cookie Policy.

We may update this Policy. The updated version takes effect when published on the Website, with the "Last updated" date above reflecting the latest change. For any question or request contact [PRIVACY CONTACT EMAIL].