Privacy Policy
Your privacy is our priority. Learn how we protect and handle your personal data.
Last Updated: 15 September 2025
This privacy policy complies with UK GDPR and Data Protection Act 2018
Table of Contents
1. Who We Are
Praxibility is a UK-based enterprise architecture and data analytics consultancy specialising in AI-driven solutions and the Archailign platform. We are committed to protecting your personal data and respecting your privacy rights in accordance with UK GDPR and the Data Protection Act 2018.
Data Controller Details:
Company: Praxibility Limited
Registered Office: 71-75 Shelton Street, Covent Garden, London, WC2H 9JQ
Email: privacy@praxibility.com
Data Protection Contact: info@praxibility.com
When we refer to "we", "us", or "our" in this privacy policy, we mean Praxibility Limited. When we refer to "you" or "your", we mean you as the individual whose personal data we process.
2. What Data We Collect
We collect and process the following categories of personal data:
2.1 Information You Provide Directly
- Contact Information: Name, email address, company name, job title
- Communications: Messages, enquiries, and correspondence you send to us
- Service Information: Information about your business needs and project requirements
- Marketing Preferences: Your communication preferences and consent choices
2.2 Information We Collect Automatically
- Technical Data: IP address, browser type, device information, operating system
- Usage Data: Pages visited, time spent on site, click patterns, referral sources
- Cookie Data: Information collected through cookies and similar technologies (see Section 5)
- Location Data: General location information based on IP address
2.3 Information from Third Parties
- Business Information: Publicly available business information from professional networks
- Referral Data: Information provided by business partners or referrers with your consent
3. How We Use Your Data
We process your personal data for the following purposes:
3.1 Service Provision
- Responding to your enquiries and providing information about our services
- Delivering consulting services and technical solutions
- Managing client relationships and project communications
- Providing customer support and technical assistance
3.2 Business Operations
- Processing and fulfilling service requests
- Managing contracts and billing
- Maintaining business records and documentation
- Improving our services and website functionality
3.3 Marketing and Communications
- Sending relevant business communications (with your consent)
- Sharing insights about enterprise architecture and AI trends
- Promoting our services and the Archailign platform
- Measuring marketing effectiveness and engagement
3.4 Legal and Compliance
- Complying with legal obligations and regulatory requirements
- Protecting our legitimate business interests
- Preventing fraud and ensuring website security
- Resolving disputes and enforcing agreements
4. Legal Basis for Processing
Under UK GDPR, we must have a lawful basis for processing your personal data. We rely on the following legal bases:
| Purpose | Legal Basis | Description |
|---|---|---|
| Service delivery and client management | Contract Performance | Processing necessary to perform our contract with you |
| Business development and marketing | Legitimate Interest | Promoting our services to relevant business contacts |
| Email marketing and newsletters | Consent | Your explicit consent to receive marketing communications |
| Legal compliance and record keeping | Legal Obligation | Compliance with UK tax, employment, and business laws |
| Website security and fraud prevention | Legitimate Interest | Protecting our business and users from security threats |
6. Data Sharing and Third Parties
We do not sell your personal data. We may share your data in the following limited circumstances:
6.1 Service Providers
- Cloud Hosting: Website hosting and data storage (AWS, Google Cloud)
- Analytics: Website performance and usage analysis
- Email Services: Transactional and marketing email delivery
- Professional Services: Legal, accounting, and business advisory services
6.2 Business Partners
- Technology partners for joint service delivery (with your consent)
- Subcontractors working on your projects (under strict confidentiality)
6.3 Legal Requirements
- UK law enforcement or regulatory authorities (when legally required)
- Courts or tribunals (under legal proceedings)
- Professional advisors (under legal privilege)
Data Processing Agreements: All third-party processors are bound by strict data processing agreements ensuring your data is protected to the same standard we maintain.
7. Data Retention
We retain your personal data only as long as necessary for the purposes outlined in this policy:
| Data Type | Retention Period | Reason |
|---|---|---|
| Contact enquiries | 3 years from last contact | Business development and relationship management |
| Client project data | 7 years after project completion | Legal obligations and potential warranty claims |
| Marketing communications | Until you withdraw consent | Ongoing marketing relationship |
| Website analytics | 26 months | Business analysis and improvement |
| Financial records | 7 years | UK tax and accounting requirements |
After the retention period expires, we securely delete or anonymise your personal data unless we have a legal obligation to retain it longer.
8. Your Rights Under UK GDPR
You have the following rights regarding your personal data:
8.1 Right of Access
Request a copy of the personal data we hold about you and information about how we process it.
8.2 Right to Rectification
Request correction of inaccurate or incomplete personal data.
8.3 Right to Erasure ("Right to be Forgotten")
Request deletion of your personal data in certain circumstances.
8.4 Right to Restrict Processing
Request that we limit how we use your personal data in specific situations.
8.5 Right to Data Portability
Request a copy of your data in a structured, machine-readable format.
8.6 Right to Object
Object to processing based on legitimate interests or for direct marketing purposes.
8.7 Right to Withdraw Consent
Withdraw consent for processing where consent is the legal basis.
8.8 How to Exercise Your Rights
To exercise any of these rights, contact us at:
Email: privacy@praxibility.com
Subject: Data Subject Rights Request
Response Time: Within 30 days of receipt
Right to Complain: You have the right to lodge a complaint with the UK Information Commissioner's Office (ICO) at ico.org.uk if you believe your data protection rights have been violated.
9. Data Security
We implement robust technical and organisational measures to protect your personal data:
9.1 Technical Safeguards
- Encryption: Data encrypted in transit (TLS/SSL) and at rest (AES-256)
- Access Controls: Multi-factor authentication and role-based access
- Network Security: Firewalls, intrusion detection, and monitoring
- Regular Updates: Security patches and software updates
9.2 Organisational Safeguards
- Staff Training: Regular data protection and security awareness training
- Data Minimisation: Collecting and retaining only necessary data
- Incident Response: Procedures for handling data breaches
- Regular Audits: Security assessments and compliance reviews
9.3 Data Breach Notification
In the unlikely event of a data breach that poses a risk to your rights and freedoms, we will:
- Notify the ICO within 72 hours of becoming aware of the breach
- Inform affected individuals without undue delay if required
- Take immediate steps to contain and remedy the breach
- Conduct a thorough investigation and implement preventive measures
10. International Data Transfers
We primarily process data within the UK. When we transfer data internationally, we ensure adequate protection:
10.1 Adequacy Decisions
We may transfer data to countries with UK adequacy decisions (such as EU member states under transitional arrangements).
10.2 Appropriate Safeguards
For transfers to other countries, we use:
- Standard Contractual Clauses: UK-approved data transfer clauses
- Binding Corporate Rules: For multinational service providers
- Certification Schemes: Industry-recognised security certifications
10.3 Cloud Service Providers
Our cloud providers (AWS, Google Cloud) have appropriate safeguards in place, including data localisation options and compliance with UK data protection requirements.
11. Contact Us
If you have any questions about this privacy policy or our data practices, please contact us:
Data Protection Enquiries:
Email: privacy@praxibility.com
General Enquiries: info@praxibility.com
Website: praxibility.com
Response Time: We aim to respond within 5 business days
External Resources:
- UK Information Commissioner's Office: ico.org.uk
- UK GDPR Guidance: ICO GDPR Guide
- Cookie Guidance: ICO PECR Guide
12. Changes to This Privacy Policy
We may update this privacy policy from time to time to reflect:
- Changes in our data processing practices
- Updates to UK data protection laws
- New features or services we offer
- Feedback from regulators or industry best practices
12.1 Notification of Changes
When we make significant changes, we will:
- Update the "Last Updated" date at the top of this policy
- Highlight major changes in our next communication with you
- Post notifications on our website homepage
- Email active clients about material changes affecting their data
12.2 Your Continued Use
By continuing to use our website and services after changes take effect, you acknowledge that you have read and understood the updated privacy policy.
Previous Versions: You can request previous versions of this privacy policy by contacting us at privacy@praxibility.com