1. Who we are
Opyx Digital Ltd (“Opyx Digital”, “we”, “us”, “our”) is a company registered in England and Wales (Company Registration Number: [COMPANY REGISTRATION NUMBER]) with our registered office at [REGISTERED ADDRESS].
We are the data controller for the personal data we process in connection with our services and this website. We are registered with the Information Commissioner’s Office (ICO) under registration number [ICO REGISTRATION NUMBER].
You can contact us regarding data protection matters at: [email protected] or by post to our registered address above.
2. What personal data we collect
2.1 Data you provide directly
When you contact us, request an Infrastructure Audit, or engage us as a client, we may collect:
- Full name and job title
- Business name and website URL
- Email address and telephone number
- Business address
- Information you provide in correspondence, forms, or calls
2.2 Payment data
Payment card details are processed directly by Stripe, Inc., our payment processor. We do not store, process, or have access to your full payment card details. Stripe is a data processor acting on our behalf and operates under its own privacy policy and applicable data protection law.
2.3 Technical and usage data
When you visit our website, we may collect:
- IP address and general location data
- Browser type and version
- Pages viewed and time spent on the site
- Referring website or search terms
This data is collected via Google Analytics 4 (GA4), which uses cookies. We obtain your consent before placing analytics cookies. See our Cookie Policy for further details.
2.4 Client service data
In providing services to clients, we may process data relating to their business operations, website configuration, DNS records, hosting environment, and email setup. This is processed strictly for the purpose of delivering our services under contract.
3. How we use your personal data
| Purpose | Data used | Lawful basis (UK GDPR) |
|---|---|---|
|
To provide and deliver our services |
Name, contact details, business information |
Performance of a contract (Article 6(1)(b)) |
|
To process payments for our services |
Name, email, payment reference via Stripe |
Performance of a contract (Article 6(1)(b)) |
|
To respond to enquiries and audit requests |
Name, email, business details |
Pre-contractual steps / Legitimate interests (Article 6(1)(f)) |
|
To send marketing communications (with consent) |
Email address, name |
Consent (Article 6(1)(a)) |
|
To comply with legal and regulatory obligations |
Financial records, correspondence |
Legal obligation (Article 6(1)(c)) |
|
To improve our website and services |
Anonymised usage data via GA4 |
Legitimate interests (Article 6(1)(f)) |
4. Who we share your data with
We share personal data with third parties only where necessary to provide our services. All third parties acting as data processors are bound by data processing agreements and operate in compliance with UK data protection law.
| Processor | Purpose | Location |
|---|---|---|
|
Cloudflare, Inc.
|
Web application firewall, DDoS protection, and CDN services for client sites |
USA (SCCs in place) |
|
Google LLC |
Google Workspace email and productivity services; Google Analytics 4 website analytics |
USA (adequacy / SCCs in place) |
|
Microsoft Corporation |
Microsoft 365 services where selected by clients |
USA (SCCs in place) |
|
Stripe, Inc. |
Payment processing |
USA (SCCs in place) |
5. International transfers
Some of our data processors are based outside the United Kingdom. Where personal data is transferred to a country not subject to a UK adequacy decision, we rely on the International Data Transfer Agreement (IDTA) or UK Standard Contractual Clauses (SCCs) to ensure adequate protection.
6. How long we keep your data
Some of our data processors are based outside the United Kingdom. Where personal data is transferred to a country not subject to a UK adequacy decision, we rely on the International Data Transfer Agreement (IDTA) or UK Standard Contractual Clauses (SCCs) to ensure adequate protection.
| Data type | Retention period |
|---|---|
|
Client contractual records and financial data |
7 years from the end of the contract (Companies Act / HMRC requirements) |
|
Enquiry and audit request data (non-clients) |
2 years from last contact, unless converted to a client relationship |
|
Marketing contact data (with consent) |
Until consent is withdrawn |
|
Website analytics data (GA4) |
14 months (Google Analytics default retention period) |
|
Correspondence and support records |
3 years from last contact |
7. Your rights under UK GDPR
You have the following rights regarding your personal data:
- Right of access — to request a copy of the personal data we hold about you
- Right to rectification — to request correction of inaccurate or incomplete data
- Right to erasure — to request deletion of your data in certain circumstances
- Right to restrict processing — to request we limit how we use your data
- Right to data portability — to receive your data in a structured, machine-readable format
- Right to object — to object to processing based on legitimate interests or for direct marketing
- Rights relating to automated decision-making — we do not use automated decision-making that produces legal effects
To exercise any of these rights, contact us at [email protected]. We will respond within one calendar month. There is no charge for making a request.
If you are not satisfied with how we handle your request or how we process your data, you have the right to lodge a complaint with the Information Commissioner’s Office (ICO) at ico.org.uk or by calling 0303 123 1113.
8. Data security
We implement appropriate technical and organisational measures to protect personal data against unauthorised access, loss, or disclosure. These measures include Cloudflare WAF and DDoS protection on our web infrastructure, encrypted data transmission (HTTPS), access controls, and regular security reviews.
In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the ICO within 72 hours and, where required, notify affected individuals without undue delay.
9. Cookies
We use cookies on this website. See our Cookie Policy for full details.
10. Changes to this policy
We may update this Privacy Policy from time to time. We will notify you of material changes by email (where we have your email address) and will update the “Last updated” date at the top of this page. Continued use of our services after the effective date of any update constitutes acceptance of the updated policy.
11. Contact us
For any questions about this policy or your personal data: [email protected]