Privacy Policy

1. Introduction

Zygens Consulting Ltd ("we", "us", "our") is committed to protecting your privacy and personal data. This Privacy Policy explains how we collect, use, store, and protect your information when you interact with our website (https://www.zygens.com) or engage with our services.

We are a B2B technology consulting company, and we only collect the personal data necessary to communicate with clients and potential clients about our services.

2. Information We Collect

2.1 Information You Provide to Us

When you contact us through our website enquiry forms or communicate with us directly, we collect:

• Contact Information: Your name, email address, phone number
• Professional Information: Your company name, job title
• Communication Content: Project details, messages, and any other information you choose to share with us
• Correspondence: Records of our communications with you

2.2 Information We Collect Automatically

When you visit our website, we automatically collect certain information through cookies and similar technologies:

• Usage Data: Pages visited, time spent on pages, navigation paths
• Technical Information: IP address, browser type and version, device information, operating system
• Analytics Data: Website performance metrics, user interaction data

For detailed information about our cookie usage, please see our separate Cookie Policy.

2.3 Information We Receive from Third Parties

If you interact with us through third-party platforms (such as LinkedIn or professional networking events), we may receive basic professional information about you from those platforms.

3. Legal Basis for Processing Your Data

Under the General Data Protection Regulation (GDPR) and UK GDPR, we process your personal data based on the following legal grounds:

• Legitimate Interests (Article 6(1)(f)): Processing enquiries, managing client relationships, improving our services, and conducting business operations. We have assessed that our legitimate interests do not override your rights and freedoms.
• Contract Performance (Article 6(1)(b)): When we have a contractual relationship with you or your organization, or when processing is necessary to enter into a contract at your request.
• Consent (Article 6(1)(a)): Where we have obtained your explicit consent for specific processing activities (such as marketing communications), which you can withdraw at any time.
• Legal Obligation (Article 6(1)(c)): Where we are required to process your data to comply with legal or regulatory obligations (such as tax and accounting requirements).

4. How We Use Your Information

4.1 Primary Business Purposes

• Responding to Enquiries: To answer your questions and provide information about our services
• Client Relationship Management: To manage our relationship with you and your organization
• Service Delivery: To provide consulting services and complete projects
• Communication: To contact you about your project, service updates, or business matters
• Contract Management: To negotiate, execute, and manage contracts

4.2 Business Operations

• Record Keeping: To maintain accurate business records and archives
• Legal Compliance: To comply with legal, regulatory, and tax obligations
• Quality Improvement: To improve our services and website functionality
• Security: To protect our systems, detect fraud, and ensure information security

4.3 Analytics and Website Improvement

• Website Analytics: To understand how visitors use our website and improve user experience
• Performance Monitoring: To identify technical issues and optimize website performance

We do not use your personal data for automated decision-making or profiling.

5. How We Share Your Information

We do not sell, rent, or trade your personal data. We only share your information in the following circumstances:

5.1 Service Providers and Processors

We share data with trusted third-party service providers who help us operate our business:

• Cloud Infrastructure Providers: AWS, Google Cloud Platform (GCP), Microsoft Azure – for secure data storage and hosting
• Customer Relationship Management: HubSpot – for managing client communications and relationships
• Website Hosting and Analytics: Squarespace – for website hosting and analytics
• Analytics Services: Google Analytics and other analytics tools – for website usage analysis and improvement

These providers are contractually bound to process your data only on our instructions and in compliance with GDPR requirements.

5.2 Legal Requirements

We may disclose your information if required by law, court order, or governmental authority, or if necessary to:

• Comply with legal obligations
• Protect our legal rights or property
• Prevent fraud or illegal activities
• Protect the safety of individuals

5.3 Business Transfers

In the event of a merger, acquisition, or sale of all or part of our business, your personal data may be transferred to the acquiring entity, subject to the same privacy protections outlined in this policy.

6. International Data Transfers

6.1 Data Storage Location

We primarily store and process your data within the United Kingdom and European Economic Area (EEA). Our cloud service providers (AWS, GCP, Azure) are configured to maintain data residency in UK/EU regions unless otherwise required by a specific client engagement.

6.2 Transfers Outside UK/EEA

In some circumstances, your data may be transferred to countries outside the UK/EEA:

• Client Requirements: When a client specifically requires data to be stored in a particular jurisdiction
• Service Provider Operations: Some of our service providers (such as HubSpot) may process data in the United States or other countries

When we transfer data outside the UK/EEA, we ensure appropriate safeguards are in place, including:

• Standard Contractual Clauses (SCCs): EU-approved contractual terms that provide data protection guarantees
• Adequacy Decisions: Transfers to countries deemed by the UK or EU to provide adequate data protection
• Additional Security Measures: Technical and organizational measures to ensure data security

7. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes outlined in this policy and to comply with legal obligations.

7.1 Retention Periods

• Active Clients: During the engagement period plus 7 years after the relationship ends (to comply with tax, accounting, and legal requirements)
• Inactive Leads: 3 years after last contact, after which data is securely deleted
• Completed Projects: 7 years after project completion (for business records and potential liability purposes)
• Marketing Communications: Until you unsubscribe or request deletion

7.2 Deletion

After the retention period expires, we securely delete or anonymize your personal data. In some cases, we may retain anonymized data for statistical purposes, which cannot be used to identify you.

8. Your Rights Under GDPR

You have the following rights regarding your personal data:

8.1 Right of Access (Article 15)

You can request a copy of the personal data we hold about you.

8.2 Right to Rectification (Article 16)

You can ask us to correct inaccurate or incomplete data.

8.3 Right to Erasure / "Right to be Forgotten" (Article 17)

You can request deletion of your personal data in certain circumstances, such as when:

• The data is no longer necessary for the purposes it was collected
• You withdraw consent (where consent was the legal basis)
• You object to processing and there are no overriding legitimate grounds
• The data has been unlawfully processed

8.4 Right to Restriction of Processing (Article 18)

You can request that we limit how we use your data in certain situations.

8.5 Right to Data Portability (Article 20)

You can request your data in a structured, commonly used format to transfer to another service provider.

8.6 Right to Object (Article 21)

You can object to processing based on legitimate interests or for direct marketing purposes.

8.7 Rights Related to Automated Decision-Making (Article 22)

You have the right not to be subject to decisions based solely on automated processing. We do not use automated decision-making or profiling.

8.8 Right to Withdraw Consent

Where we process your data based on consent, you can withdraw that consent at any time.

8.9 How to Exercise Your Rights

To exercise any of these rights, please contact us at:

• Email: infosec@zygens.com
• Post: Zygens Consulting Ltd, Platform, New Station St, Leeds, West Yorkshire, LS1 4JB, UK

We will respond to your request within one month. In complex cases, we may extend this by up to two additional months and will inform you of any such extension.

8.10 Right to Lodge a Complaint

If you believe we have not handled your personal data properly, you have the right to lodge a complaint with the supervisory authority:

9. Data Security

We take the security of your personal data seriously and implement appropriate technical and organizational measures to protect it against unauthorized access, alteration, disclosure, or destruction.

9.1 Security Measures

Our security measures include:

• Encryption: Data encryption in transit (HTTPS/TLS) and at rest
• Access Controls: Strict access controls and authentication requirements
• Security Policies: Comprehensive information security policies and procedures (see our Core Security Policy)
• Staff Training: Regular security training for all team members
• Monitoring: Continuous monitoring for security threats and vulnerabilities
• Incident Response: Established procedures for responding to data breaches

9.2 Data Breach Notification

In the unlikely event of a data breach that poses a risk to your rights and freedoms, we will:

• Notify the ICO within 72 hours of becoming aware of the breach
• Notify affected individuals without undue delay if the breach poses a high risk
• Take immediate steps to contain and remediate the breach

10. Third-Party Websites

Our website may contain links to third-party websites. This Privacy Policy does not apply to those websites, and we are not responsible for their privacy practices. We encourage you to review the privacy policies of any third-party sites you visit.

11. Children's Privacy

Our services are directed at businesses and professional users. We do not knowingly collect personal data from individuals under the age of 18. If you believe we have inadvertently collected data from a minor, please contact us immediately at infosec@zygens.com so we can delete it.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or business operations. When we make significant changes, we will:

• Update the "Last Updated" date at the top of this policy
• Notify active clients via email if the changes materially affect how we process their data
• Post the updated policy on our website

We encourage you to review this policy periodically to stay informed about how we protect your information.

13. Cookie Policy

For detailed information about how we use cookies and similar technologies on our website, please refer to our separate Cookie Policy available on our website.

In summary, we use cookies for:

• Essential website functionality
• Analytics and performance monitoring
• Understanding user preferences and behavior

You can control cookie settings through your browser preferences. For more information, see our Cookie Policy.

14. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or how we handle your personal data, please contact us: