Privacy Policy

Privacy Policy - Datazed Ltd

Last updated: 22 July 2025

1. Introduction

This Privacy Policy explains how Datazed Ltd ("we," "us," or "our") collects, uses, and protects your personal information when you visit our website at www.datazed.co.uk or use our services.

We comply with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and the Data (Use and Access) Act 2025 (DUAA).

2. Contact Information

Data Controller: Datazed Ltd

Senior Responsible Individual (SRI): Charles Joseph, Director

Email: dp@datazed.co.uk

Address: 42 Lytton Road, Barnet, EN5 5BY

3. Legal Bases for Processing

Processing Purpose Legal Basis

Providing services and fulfilling contracts Contract

Responding to enquiries and customer support Legitimate interests

Email marketing to existing customers Legitimate interests

Website analytics and improvement Legitimate interests

Legal compliance (e.g., tax records) Legal obligation

Direct marketing to prospects Consent

Security and fraud prevention Recognised legitimate interests (DUAA)

Where we rely on legitimate interests, we have conducted Legitimate Interest Assessments (LIAs), available on request. Recognised legitimate interests under DUAA do not require an LIA.

4. Information We Collect

4.1 Information You Provide Directly

Name, email address, business details

Enquiry details and correspondence

Payment data (for services and invoicing)

Marketing preferences

4.2 Information Collected Automatically

IP address, browser, and device details

Website usage patterns (via cookies and analytics)

4.3 Information from Third Parties

Business contact data from legitimate sources

Social profiles (publicly available)

5. How We Use Your Information

Delivering services and customer support

Managing accounts and processing payments

Email and newsletter communication (with consent or legitimate interest)

Event or webinar registration (via Fillout forms)

Improving website and services

Meeting legal obligations

Security and fraud prevention

6. Third-Party Data Sharing

We share your data with:

Third Party Role Purpose Safeguards

Strikingly Data Processor Website hosting & management SCCs with UK Addendum

Pipedrive Data Processor CRM and email marketing SCCs with UK Addendum

Beehiiv Data Processor Newsletter management SCCs with UK Addendum

Fillout.com Data Processor Registration forms & surveys SCCs (EU-hosted), encryption

FreeAgent Data Processor Invoicing & payment tracking SCCs, industry security

Google Workspace Data Processor Email hosting & office tools SCCs with UK Addendum

Payment processors Data Processor Processing payments Standard security measures

Legal/professional advisors Data Processor Legal/professional support Professional confidentiality

Some personal data may be transferred outside the UK; we use standard contractual clauses (SCCs) and the UK Addendum where required, or rely on adequacy decisions.

7. Data Retention

Data Type Retention Period

Customer enquiries 2 years from last contact

Active business records 6 years + current accounting year

Marketing contacts 3 years from last engagement

Marketing analytics 2 years

Website analytics 26 months

Email suppression lists Indefinite (hashed, suppression only)

Master Service Agreements 6 years from contract end

Statements of Work 6 years from completion

Payments/invoices (FreeAgent) 6 years + current accounting year

Cookie consent records 3 years from consent

Data is deleted when it is no longer required for its original purpose, and all retention periods reflect the company’s start dates and actual use.

8. Cookies and Tracking Technologies

We use cookies and trackers to enhance your experience and for analytics.

8.1 Cookie Categories

Category Purpose Consent Required

Strictly necessary Site functionality, security, logins No

Analytics Measure site visits, improve content No (first-party)

Marketing Advertising, remarketing, personalisation Yes

Functional Remember preferences, enhance features Yes

8.2 Cookie Consent Management

You can manage cookie preferences via our cookie banner.

Accept/reject non-essential cookies

Update preferences at any time

Google Consent Mode v2:

If not already implemented by site infrastructure, we will add support to ensure Google Analytics and Ads respect user consent, as recommended by Google and regulators. Cookie choices are honored to the best technical standard available.

9. Your Rights

You have the right to:

Be informed about data collection and use

Access your personal data (free first copy)

Rectify inaccurate data

Erase your data in qualifying circumstances

Restrict use of your data

Data portability (CSV or JSON format)

Object to use of data for legitimate interests or marketing

Not be subject to automated decisions with significant effects (we do not currently use automated decision-making)

10. Exercising Your Rights

To make a rights request:

Email: dp@datazed.co.uk

Write: 42 Lytton Road, Barnet, EN5 5BY

We respond within 30 days, with possible extension for complex cases (you’ll be notified if more time is needed). We may need to verify your identity.

11. Data Protection Complaints

If you wish to raise a concern, please:

Email dp@datazed.co.uk or write to 42 Lytton Road, Barnet, EN5 5BY.

We will acknowledge receipt within 30 days.

We aim to investigate and reply promptly.

If unsatisfied, you can contact the UK Information Commissioner’s Office (ICO):

ico.org.uk

0303 123 1113

Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF

12. Security Measures

We apply the following to protect your data:

Encryption in transit (TLS 1.2+) and at rest (AES-256) via providers

Multi-factor authentication for admin accounts

Security updates managed by platforms/providers

Annual security reviews, configuration, and patch checks

Staff training on confidentiality and restricted access by role

We continually evaluate and improve security practices.

13. Data Breaches

In case of a personal data breach likely to result in risk to individuals:

ICO is notified within 72 hours where required

Impacted individuals are notified without delay (if necessary)

Full investigation and mitigation measures are taken

14. Children’s Data

Our services are aimed at business professionals. We do not knowingly collect data from individuals under 18. If aware of such data, we act promptly to delete it.

15. Marketing Communications

15.1 Consent

Separate, granular consent is required for:

Email marketing

SMS (if used)

LinkedIn messaging

Phone calls

15.2 Opt-Out

You can opt out at any time by:

Clicking “unsubscribe” in emails

Replying “STOP” to SMS

Contacting dp@datazed.co.uk

We manually maintain opt-out flags in our CRM (Pipedrive).

15.3 Consent Records

We keep a record (via CRM) of:

When and how consent was given

Policy version at the time

Current marketing preference

16. Changes to This Policy

This policy is reviewed annually and updated for changes in law or practices.

Notices of major changes are sent to users and posted on our website.

The effective date at the top will always be updated after a review.

17. Automated Decision-Making

We do not currently use fully automated decision-making that produces legal or similarly significant effects on individuals. If that changes:

We will update this policy

Inform you of your additional rights

18. Definitions

Personal Data: Information identifying or able to identify a natural person

Data Controller: Entity determining purposes/means of processing

Data Processor: Entity processing data under controller’s instructions

UK GDPR: UK General Data Protection Regulation

DUAA: Data (Use and Access) Act 2025

PECR: Privacy and Electronic Communications Regulations

Policy reviewed and updated: 22 July 2025. Next review by: 22 July 2026.

For queries, contact dp@datazed.co.uk.