PhoenAIx Ltd (“we,” our or us) is committed to protecting the privacy and security of your personal data.  This privacy policy explains how and why we collect, store, use and share personal data when you visit our website or use our services.  It also explains the rights you have under the UK General Data Protection Regulation (UK GDPR) and the UK Data Protection Act 2018 (DPA 2018) and how you can exercise them.  The policy applies to anyone whose personal data we process, including customers, business partners and visitors to our website.

We comply with the UK’s data‑protection framework, which includes the UK GDPR and the DPA 2018gov.uk.  These laws control how organisations use personal information and require us to process personal data fairly, lawfully and transparently.  They also place duties on us and give you rights over your personal datagov.uk.  Additional guidance published by the Information Commissioner’s Office (ICO) is under review following the Data (Use and Access) Act 2025; we will update this policy if material changes occurico.org.uk.

• PhoenAIx Ltd – a company registered in England and Wales (company number …).  Our registered office is … (complete address, Banbury, United Kingdom).
   
• Data‑controller: PhoenAIx Ltd determines how and why personal data is processed.  If you have questions about this policy or wish to exercise your data‑protection rights, please contact:
   
  • Email: [insert email]
     
  • Postal address: PhoenAIx Ltd, [insert address], Banbury, United Kingdom.
     
• Supervisory authority: If you are concerned about how we handle your personal data, you may also contact the Information Commissioner’s Office (ICO) via its helpline on 0303 123 1113 or online (www.ico.org.uk):contentReference[oaicite:3]{index=3}.
   

We collect different categories of personal data depending on how you interact with us:

• Contact and identity data – such as name, job title, postal address, email address and telephone number.  We obtain this data when you fill in forms on our website, sign up for newsletters, register an account, request a service or contact us.
   
• Transactional data – records of products and services you purchase from us, payment details and invoices.
   
• Usage data – information about how you use our website and services (including your IP address, browser type and device information).  This may be collected automatically via cookies or similar technologies.  Please see our cookies section below for more information.
   
• Marketing preferences and communications – records of your preferences about receiving marketing from us and your communications with us.
   
• Special category data – we do not intentionally collect sensitive categories of personal data (for example, information about health, ethnicity or political opinions).  If we need to collect such information for legitimate purposes (e.g., for diversity monitoring), we will only do so with explicit consent and in accordance with the enhanced protections under the lawgov.uk.
   

We may collect personal data directly from you, from publicly available sources (e.g., Companies House), from third‑party service providers (e.g., credit‑reference agencies) and from our group companies.

Under the UK GDPR we must have a lawful basis for each purpose for which we process personal data.  Our main purposes and lawful bases are:

PurposeLawful basisDescriptionProviding and managing servicesPerformance of a contractWe process personal data to register you as a customer, deliver our services, process payments and provide customer support.  Processing is necessary to perform our contractual obligations or to take steps at your request before entering into a contract (UK GDPR Art. 6(1)(b)).CommunicationsLegitimate interests / consentWe use contact information to respond to enquiries, send service messages and notify you of updates.  We have a legitimate interest in communicating with you about our services, provided your rights and interests do not override those interests.  Where required by law (for example, email marketing to prospects), we will obtain your consent beforehand and you can withdraw it at any time.Analytics and website improvementLegitimate interestsWe analyse usage data to administer and improve our website, to ensure network and information security and to develop new products or services.  This is necessary for our legitimate interests in running our business and improving user experience, provided this does not override your rights.Compliance with legal obligationsLegal obligationWe may need to process personal data to comply with laws such as anti‑money‑laundering, tax and accounting laws or to cooperate with law‑enforcement bodies.  The UK GDPR and the DPA 2018 require us to process data lawfully, fairly and transparentlygov.uk.MarketingConsent / legitimate interestsWe may send you marketing communications about our products, services and events if you have given us consent to do so or if you are an existing customer and we have a legitimate interest in marketing similar goods or services.  You can opt out of marketing at any time.RecruitmentPerformance of a contract / legitimate interests / legal obligationWhen you apply for a job with us we process your personal data to assess your suitability, to manage the recruitment process and to comply with employment laws.Automated decision‑making or profilingConsent / legitimate interestsWe do not usually make decisions based solely on automated processing.  If we intend to implement profiling or automated decision‑making that has legal or similarly significant effects, we will inform you and seek your consent or rely on a lawful basis and provide safeguards as required by the UK GDPRnibusinessinfo.co.uk. 

We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason compatible with the original purpose.  If we need to use your data for an unrelated purpose, we will notify you and explain the legal basis that allows us to do so.

We process personal data in accordance with the seven principles set out in Article 5 of the UK GDPRico.org.uk:

1. Lawfulness, fairness and transparency – we process personal data lawfully and fairly, and we provide clear information about our processing activitiesgov.uk.
    
2. Purpose limitation – we collect personal data for specified, explicit and legitimate purposes and do not further process it in a way incompatible with those purposesico.org.uk.
    
3. Data minimisation – we ensure that personal data is adequate, relevant and limited to what is necessaryico.org.uk.
    
4. Accuracy – we keep personal data accurate and up to date, and we take reasonable steps to rectify or erase inaccurate data without delayico.org.uk.
    
5. Storage limitation – we retain personal data only for as long as necessary for the purposes for which it was collectedico.org.uk.  There are no set time limits in law; we regularly review our retention periods and erase or anonymise data when it is no longer neededico.org.uk.
    
6. Integrity and confidentiality (security) – we process personal data in a manner that ensures appropriate security, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damageico.org.uk.
    
7. Accountability – we are responsible for, and able to demonstrate compliance with, all of these principlesico.org.uk.
    

We take appropriate technical and organisational measures to safeguard personal data and to comply with the security principle of the UK GDPRico.org.uk.  These measures include:

• Risk assessment: We regularly evaluate the risks presented by our processing and implement measures to mitigate those risksico.org.uk.
   
• Policies and procedures: We maintain an information‑security policy and review it periodicallyico.org.uk.
   
• Access controls and encryption: We use role‑based access controls, encryption and pseudonymisation where appropriateico.org.uk.
   
• Physical and network security: We ensure the confidentiality, integrity and availability of our systems and servicesico.org.uk.  We have procedures to restore access to personal data in a timely manner in the event of a physical or technical incidentico.org.uk.
   
• Testing and audits: We regularly test, assess and evaluate the effectiveness of our security measures and make improvements where neededico.org.uk.
   
• Third‑party processors: Where we use third parties to process personal data on our behalf, we ensure they implement appropriate technical and organisational measures and that our contracts impose data‑protection obligationsico.org.uk.
   

Our website uses cookies and similar technologies to collect usage data and improve your browsing experience.  We obtain your consent for non‑essential cookies and provide clear information about the purposes of each cookie.  You can manage your cookie preferences at any time via our cookie banner.

We may share your personal data with:

• Service providers who act as processors (e.g., IT‑hosting providers, analytics providers, payment processors) who provide services on our behalf.  We require them to respect the security of your data and treat it in accordance with the lawico.org.uk.
   
• Professional advisers such as lawyers, bankers, auditors and insurers who provide consultancy, banking, legal, insurance and accounting services.
   
• Regulators and law‑enforcement authorities where disclosure is required by law, such as to the ICO, HM Revenue & Customs, courts or other authorities.
   
• Business partners or acquirers in the context of a sale, merger, acquisition or transfer of our business or assets.  We will ensure that the recipient respects the security of personal data and complies with applicable laws.
   

We do not sell personal data to third parties.  If we need to share your personal data for a new purpose, we will inform you and, where required, obtain your consent.

We may transfer personal data to countries outside the UK.  The UK GDPR contains specific rules on such restricted transfersico.org.uk.  We only transfer personal data to recipients in countries deemed to provide an adequate level of protection, or we put in place appropriate safeguards (such as the International Data Transfer Agreement, Standard Contractual Clauses or Binding Corporate Rules)ico.org.uk.  We also carry out a risk assessment to ensure that data subjects’ rights are not underminedico.org.uk.  In limited cases where no adequacy decision or safeguard is available, we may rely on a specific exception permitted under the UK GDPRico.org.uk.

We keep personal data only for as long as necessary for the purposes set out in this policy.  There are no fixed retention periods in data‑protection law; the appropriate retention period depends on the nature of the data and the purposes of processingico.org.uk.  We use the following criteria to determine retention periods:

• The requirements of the law (e.g., tax or accounting regulations).
   
• The purpose for which the data was collected and whether we still need it.
   
• Whether there is a contractual or legal obligation to keep the data.
   
• Any relevant industry guidelines or regulatory requirements.
   

When we no longer need personal data, we securely delete or anonymise itico.org.uk.  If we anonymise data, it is no longer personal data and we may keep it for statistical or research purposes.

Under the UK GDPR you have certain rights regarding your personal datagov.uk.  These rights are summarised below and are subject to conditions and exceptions:

1. Right to be informed – you have the right to be informed about how we collect and use your personal data.  We must provide information including our purposes for processing, retention periods and who we share it withnibusinessinfo.co.uk.  We provide this information at the time we collect your data or within one month if obtained from another sourcenibusinessinfo.co.uk.
    
2. Right of access – you can request a copy of personal data we hold about you and certain supplementary informationnibusinessinfo.co.uk.  We must respond within one month (extendable by two months for complex requests).
    
3. Right to rectification – you can ask us to correct inaccurate personal data or complete incomplete datanibusinessinfo.co.uk.  We must respond within one month and may extend this period when justified.
    
4. Right to erasure – in certain circumstances you have the right to have your personal data erased (the “right to be forgotten”).  This applies, for example, where we no longer need the data for the original purpose or where processing is unlawfulnibusinessinfo.co.uk.
    
5. Right to restrict processing – you can ask us to restrict processing of your personal data in specific circumstances, such as when the data’s accuracy is contested or processing is unlawfulnibusinessinfo.co.uk.  We may continue to store the data but will not process it further unless you agree or certain limited conditions apply.
    
6. Right to data portability – you can request that we transfer personal data to you or another organisation.  This right only applies where the processing is based on consent or a contract and is carried out by automated meansnibusinessinfo.co.uk.
    
7. Right to object – you can object to processing where we rely on legitimate interests, public interest or direct marketing.  If you object to direct marketing, we must stop processing your personal data for that purposenibusinessinfo.co.uk.
    
8. Rights relating to automated decision‑making and profiling – you have the right not to be subject to a decision based solely on automated processing (including profiling) that has legal or similarly significant effectsnibusinessinfo.co.uk.
    

If you wish to exercise any of these rights, please contact us using the details above.  We may need to request specific information to confirm your identity and ensure your right to access data (or exercise any other right).  There is no fee to exercise your rights, although we may charge a reasonable fee if your request is manifestly unfounded, repetitive or excessive.

If you have concerns about our use of your personal data, please contact us in the first instance.  You also have the right to lodge a complaint with the ICO, the UK supervisory authority for data protection, using the contact details provided above gov.uk.

We may update this privacy policy from time to time to reflect changes in the law, our processing practices or the services we offer.  We will post the updated policy on our website with a new “last updated” date and, where appropriate, notify you by email.  We recommend that you review this policy periodically to stay informed about how we process your personal data.