Privacy Notice

Information you provide directly

When you submit our contact form, email us or engage our consultancy services, we may collect:

• Your name and job title
• Your email address and phone number
• Your company name and website URL
• The content of your enquiry or message
• Any other information you choose to share with us

Information collected automatically

When you browse our website, we may automatically collect:

• IP address and approximate geographic location
• Browser type, version and operating system
• Pages visited, time on site and referring URL
• Device type and screen resolution
• Interaction data (clicks, scroll depth, session duration)

Information collected through our services

If you engage our consultancy services, we may also collect business-related information necessary to deliver these, including access credentials for agreed platforms, analytics data and performance data relating to your website.

We will never sell your personal data to third parties or use it for purposes incompatible with those stated above.

Under UK GDPR, we rely on the following lawful bases:

• Contract - processing necessary to fulfil a contract with you (e.g. delivering our consultancy services)
• Legitimate Interests - processing necessary for our legitimate business interests, such as responding to enquiries and analysing website usage, provided these are not overridden by your rights
• Consent - where you have given explicit consent, for example to receive marketing communications. You may withdraw consent at any time
• Legal Obligation - where processing is required by law or regulation

Our website uses cookies - small text files stored on your device - to help us understand how visitors use the site and to improve your experience.

You can control and manage cookies through your browser settings. Disabling certain cookies may affect the functionality of the website. For more information, visit allaboutcookies.org.

We do not sell or rent your personal data. We may share data with carefully selected third parties only where necessary:

• Service providers: hosting providers, email platforms and analytics tools that process data on our behalf under a data processing agreement
• Professional advisers: lawyers, accountants or insurers where required
• Regulatory authorities: where required by law or to protect our legal rights

Analytics

We use analytics tools (such as Google Analytics) to collect aggregated, anonymised data about how visitors use our website. You can opt out of Google Analytics tracking via the Google Analytics Opt-out Browser Add-on available at tools.google.com/dlpage/gaoptout.

Some third-party service providers we use may store or process your data outside the UK or European Economic Area (EEA). Where this occurs, we ensure appropriate safeguards are in place, such as:

• UK adequacy regulations or equivalent transfer mechanisms
• Standard contractual clauses approved by the ICO
• Binding corporate rules or other legally recognised safeguards

We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, or as required by law.

Once data is no longer required, it is securely deleted or anonymised.

Under UK GDPR, you have the following rights regarding your personal data:

• Right of access - request a copy of the personal data we hold about you
• Right to rectification - ask us to correct inaccurate or incomplete data
• Right to erasure - request deletion of your personal data in certain circumstances
• Right to restrict processing - ask us to limit how we use your data
• Right to data portability - ask that we transfer the personal information you gave us to another organisation, or to you, in certain circumstances
• Right to object - object to processing based on legitimate interests or for direct marketing
• Rights related to automated decision-making - we do not make solely automated decisions with significant effects on individuals
• Right to withdraw consent - where processing is based on consent, you may withdraw it at any time without affecting prior processing

To exercise any of these rights, please contact us using the details in section 13. We will respond within 30 days. We may need to verify your identity before fulfilling a request.

We take appropriate technical and organisational measures to protect your personal data against unauthorised access, accidental loss, disclosure or destruction. These include:

• Encrypted connections (HTTPS/TLS) across our website
• Access controls limiting data to authorised personnel only
• Regular review of our data handling practices

While we take reasonable steps to safeguard your data, no internet transmission is completely secure. If you believe your data has been compromised, please contact us immediately.

Our website and services are directed at business professionals and are not intended for children under the age of 13. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us and we will delete it promptly.

We may update this Privacy Notice from time to time to reflect changes in our practices, technology or legal requirements. When we do, we will update the “Last updated” date at the top of this document.

We encourage you to review this notice periodically. Continued use of our website and services after changes have been posted constitutes your acceptance of the notice.

If you have any questions, concerns or requests relating to your personal data or this Privacy Notice, please contact dpo@position1.io.

If you are not satisfied with our response, you have the right to lodge a complaint with the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection:

• Website: ico.org.uk
• Helpline: 0303 123 1113