AlphaQuad Ltd – Privacy Policy

1. Who we are (the Controller)

AlphaQuad Ltd (“we”, “us”, “our”) is the controller of the personal data described in this notice.

• Company number: 04133355
• Registered office: Unit 1, Wixford Park, George’s Elm Lane, Bidford-on-Avon, Warwickshire, B50 4JS, United Kingdom
• Contact (Data Protection Lead): Timothy Purslow – tim@alphaquad.co.uk – 01789 491610

This notice explains how we process personal data under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

2. What this notice covers

This notice applies to visitors to our website, prospective and existing clients, and people who contact us. When we act as a processor on behalf of our clients, we process personal data under their instructions and our Data Processing Agreements (DPAs). In those cases, our clients remain the controllers and should provide their own privacy information.

3. Personal data we collect

The personal data we collect depends on how you interact with us and may include:

• Identity and contact details (name, email address, phone number, job title, company).
• Business information (enquiry details, project context, correspondence, meeting notes).
• Technical information (IP address, device/browser data, and cookie identifiers).
• Marketing preferences (subscriptions and consent status).
• Financial / billing details where required to administer contracts.

4. How we collect your data

• Directly from you (contact forms, emails, calls, meetings).
• Automatically via our website and analytics (see “Cookies and Consent”).
• From third parties (e.g., referrals, publicly available sources like LinkedIn/Companies House).

5. Purposes and legal bases for processing

We process personal data only where we have a lawful basis. Typical purposes and legal bases include:

• Providing and managing services – performance of a contract or steps prior to entering into a contract.
• Responding to enquiries and maintaining records – legitimate interests in running our business and providing services.
• Improving our website and services (analytics) – consent for non‑essential cookies/analytics; legitimate interests for strictly necessary operations.
• Marketing communications – consent, or “soft opt‑in” where permitted for existing clients/contacts; you can opt out at any time.
• Legal and regulatory obligations – where processing is required by law.

6. Cookies and Consent

Our website uses a cookie consent tool powered by CookieYes. It lets you choose which categories of cookies to allow and change your choices at any time. Essential cookies do not require consent. For non‑essential cookies (e.g., analytics and marketing), we will only use them with your consent. The up‑to‑date list of cookie categories and providers is available in the CookieYes banner/settings on our site. For the use of cookies and similar technologies we also comply with the Privacy and Electronic Communications Regulations (PECR).

7. Sharing your personal data

We may share personal data with:

• Service providers / processors (e.g., hosting, email, collaboration, analytics) such as Google Workspace and Google Analytics.
• Professional advisers (accountants, lawyers, insurers) where necessary.
• Regulators and public authorities where we are legally required to do so.

We have Data Processing Agreements in place with all processors handling personal data on our behalf.

8. International data transfers

Some of our service providers are located outside the UK, including in the United States. Where we transfer personal data internationally, we ensure that appropriate safeguards are in place to protect it in accordance with UK data protection law. You can contact us for more information about these safeguards.

9. Retention

We retain personal data for the period of an active client or business relationship and for a further three years thereafter, unless a longer period is required by law. We carry out periodic reviews and securely delete or anonymise data that is no longer needed. You may request earlier deletion, and we will comply unless we are legally required to keep the data.

10. Security

We apply appropriate technical and organisational measures, which include (as appropriate): encryption in transit and at rest, role‑based access controls, strong authentication, secure configuration, firewalls and anti‑malware, logging and monitoring, regular training for staff, audits and risk assessments. We also operate business continuity and disaster recovery planning, and conduct vulnerability scanning and automated penetration testing on systems under our control.

Security responsibilities are assigned to our Data Protection Lead. We also maintain records of processing activities (RoPA) and conduct DPIAs where required. Tracking and change logs provided by third‑party systems support our accountability.

11. Children

Our services and website are not intended for children under 16. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us and we will delete it promptly.

12. Your rights

You have the following rights under UK data protection law: access; rectification; erasure; restriction; portability; objection; and rights in relation to automated decision‑making and profiling.

We do not carry out automated decision‑making that produces legal or similarly significant effects. If this changes, we will update this notice.

To exercise any right, contact us using the details above. We will respond without undue delay and within one month (extendable by up to two months for complex requests). We may need to verify your identity. Requests are free of charge unless manifestly unfounded or excessive.

13. Personal data breaches

If we become aware of a personal data breach that is likely to result in a risk to individuals’ rights and freedoms, we will assess and contain the incident, notify the Information Commissioner’s Office (ICO) without undue delay and, where feasible, within 72 hours, and notify affected individuals without undue delay where there is a high risk. We keep internal records of all personal data breaches.

14. Marketing preferences

You can opt out of marketing emails at any time by using the unsubscribe link in our emails or by contacting us. Where permitted by law, we may rely on the “soft opt‑in” for existing clients and contacts; you will always be able to opt out.

15. Links to other websites

Our website may contain links to other sites we do not control. We are not responsible for their privacy practices. We encourage you to read the privacy notices on those websites.

16. Changes to this notice

We may update this notice from time to time. Any changes will be posted on this page with an updated “Last updated” date. If we make significant changes to the way we process personal data, we will take reasonable steps to notify you.

17. How to complain

If you have concerns about our use of your personal data, please contact us first so we can try to resolve the issue. You also have the right to complain to the UK Information Commissioner’s Office (ICO): ico.org.uk.