Privacy Policy

Last Updated on: 20th November, 2025.

1. Introduction

This Privacy Policy explains how Priivora (“Company”, “we”, “us”, “our”) collects, uses, and protects personal data in compliance with the UK GDPR, EU GDPR, and the Data Protection Act 2018.

We act as a Data Controller for website interactions and marketing. For client engagements, we may act as a Data Processor depending on the service.

2. Personal Data We Collect

We may collect and process the following categories of personal data:

a. Information You Provide

  • Name
  • Email address
  • Phone number
  • Company name & role
  • Billing details
  • Service-related information
  • Uploaded documents or forms

b. Data Collected Automatically

  • IP address
  • Browser type and version
  • Device information
  • Pages visited, time on site, navigation paths
  • Cookies (see Cookie Policy)

c. Service Delivery Data

When performing GDPR consultancy services, we may receive documents that include:

  • Employee data
  • Customer data
  • Vendor data
  • Data protection documentation

We process this strictly as required for service delivery.

3. How We Use Your Data

We use personal data to:

  • Provide and improve our services
  • Communicate with you
  • Respond to enquiries
  • Process payments
  • Provide compliance documents
  • Send updates or service-related notices
  • Maintain website functionality
  • Comply with legal obligations

We do not sell personal data.

4. Legal Basis for Processing

Under GDPR, we rely on:

  • Contractual necessity (service delivery)
  • Legitimate interests (business operations, security)
  • Consent (marketing communications)
  • Legal obligations (record keeping, compliance)

5. Data Sharing

We may share personal data with:

  • Professional service providers (IT, email hosting, payment processors)
  • Regulatory authorities (if legally required)
  • Contractors or consultants under strict confidentiality agreements

We do not transfer data to third countries without valid GDPR safeguards.

6. Data Retention

We retain data only for as long as necessary for:

  • Service delivery
  • Legal and accounting obligations
  • Business record purposes

Client documents are deleted after project completion unless otherwise agreed.

7. Data Security

We use industry-standard technical and organisational controls including:

  • Encryption
  • Secure servers
  • Access restrictions
  • GDPR-compliant storage

No system is fully secure; however, we ensure reasonable security based on current standards.

8. Your GDPR Rights

You have rights to:

  • Access your data
  • Rectify incorrect data
  • Erase your data (“right to be forgotten”)
  • Restrict processing
  • Object to processing
  • Data portability
  • Withdraw consent
  • Lodge a complaint with the ICO (UK) or your EU supervisory authority

To exercise rights: 28priivora@gmail.com

9. Third-Party Links

We are not responsible for external website privacy practices.

10. Updates to This Policy

We may update this Privacy Policy from time to time. Updates are posted on our website.

11. Contact

For privacy enquiries:
Email: 28priivora@gmail.com