Privacy Policy

Privacy Policy

Last reviewed: February 2026

1. Introduction

This Privacy Policy explains how Infuzest Ltd ("Infuzest", "we", "us", or "our") processes personal data collected through the Infuzest corporate website (infuzest.co.uk) and through corporate communications.

This policy applies only to:

  • visitors to the Infuzest corporate website;
  • individuals who contact us via corporate email addresses or enquiry channels;
  • individuals communicating with us in connection with partnerships, recruitment, compliance, or business enquiries.

Each software platform operated by Infuzest Ltd maintains its own separate privacy policy governing personal data processed within those services. This corporate policy does not apply to users of such platforms and should not be relied upon for platform-specific processing activities.

2. Data Controller

The data controller responsible for personal data processed under this policy is:

Infuzest Ltd
Registered in England and Wales
Email: privacy@infuzest.co.uk

Infuzest Ltd determines the purposes and means of processing personal data described in this policy.

3. Regulated Platform Services

Infuzest Ltd develops and operates software platforms that may integrate with authorised third-party service providers, financial institutions, and government digital services.

Where individuals use platforms operated by Infuzest Ltd that involve the processing of financial account information or other regulated data categories, personal data is processed in accordance with the privacy policy specific to the relevant platform or service.

Platform-specific privacy policies provide detailed information regarding:

  • categories of personal data processed;
  • lawful bases for processing;
  • the role of authorised third-party providers;
  • consent mechanisms;
  • retention practices; and
  • user rights applicable to those services.

Infuzest Ltd does not access financial account data through this corporate website. Any access to regulated data occurs only where an individual has provided explicit authorisation within a platform environment governed by its own privacy documentation and user consent processes.

4. Information We Collect

We collect limited personal data through our corporate website and communications.

4.1 Contact Information

  • Name
  • Email address
  • Telephone number
  • Organisation or affiliation (where provided)

4.2 Enquiry Content

Information included in correspondence or enquiries sent to corporate contact addresses.

4.3 Technical Data

Standard server log information may be collected automatically, including:

  • IP address
  • browser type and version
  • referring pages
  • access timestamps
  • device and connection metadata

This information is used for security and operational purposes and is not used for behavioural profiling.

4.4 Recruitment Information

Where submitted voluntarily:

  • CVs
  • professional background information
  • covering letters
  • employment enquiries

We do not operate advertising trackers, behavioural profiling tools, or third-party marketing analytics on this website.

5. Lawful Bases for Processing

We process personal data under Article 6 of the UK GDPR on the following bases:

Legitimate Interests — Article 6(1)(f)

To:

  • respond to enquiries;
  • manage business relationships;
  • operate corporate functions;
  • maintain website security.

We have assessed that these interests are not overridden by individual rights.

Legal Obligation — Article 6(1)(c)

Where processing is required to comply with legal or regulatory obligations.

Consent — Article 6(1)(a)

Where specific consent is provided for defined purposes. Consent may be withdrawn at any time.

6. How We Use Personal Data

Personal data collected through corporate channels may be used to:

  • respond to enquiries and correspondence;
  • manage partnerships and business relationships;
  • handle compliance or legal requests;
  • process recruitment enquiries;
  • administer responsible disclosure reports;
  • maintain operational and security records;
  • operate and improve the corporate website.

We do not sell personal data or share it for third-party marketing purposes.

7. Third-Party Processors

We engage a limited number of service providers acting as data processors on our behalf, including:

  • cloud hosting and infrastructure providers;
  • corporate email service providers;
  • IT security and monitoring providers.

All processors operate under contractual obligations requiring appropriate technical and organisational safeguards.

In connection with certain software platforms operated by Infuzest Ltd, authorised regulated service providers may act as independent data controllers or processors under applicable financial data access regulations. Details are provided within the relevant platform privacy policy.

8. International Data Transfers

Where personal data is transferred outside the United Kingdom, appropriate safeguards are implemented in accordance with UK GDPR requirements, including:

  • adequacy regulations;
  • UK International Data Transfer Agreements (IDTAs); or
  • UK Addendum to EU Standard Contractual Clauses.

Our primary infrastructure providers operate within the UK or European Economic Area wherever possible.

9. Data Retention

We retain personal data only as long as necessary.

Typical retention periods include:

  • General correspondence: up to three years after last interaction.
  • Legal or compliance records: typically six years or longer where required by law.
  • Server log data: generally retained no longer than 90 days unless required for security investigations.
  • Recruitment data: retained for the duration of recruitment processes and deleted thereafter unless consent for retention is obtained.

10. Your Rights Under UK GDPR

You have the following rights, subject to applicable conditions:

  • Right of access
  • Right to rectification
  • Right to erasure
  • Right to restriction of processing
  • Right to data portability
  • Right to object to processing
  • Rights relating to automated decision-making

Infuzest Ltd does not carry out automated decision-making producing legal or similarly significant effects through this website.

Requests may be submitted to:

privacy@infuzest.co.uk

We will respond within one calendar month.

11. Complaints

If you have concerns regarding how we process personal data, please contact us first so we may address the issue.

You also have the right to lodge a complaint with:

Information Commissioner's Office (ICO)
Wycliffe House
Water Lane
Wilmslow
Cheshire SK9 5AF
Website: ico.org.uk
Helpline: 0303 123 1113

12. Cookies

The Infuzest corporate website uses only cookies strictly necessary for technical operation.

We do not use advertising cookies, tracking pixels, or behavioural analytics tools.

Server-side logging may record IP addresses as part of normal web server operation.

You may configure your browser to refuse cookies without affecting access to website content.

13. Updates to This Policy

We may update this Privacy Policy periodically to reflect changes in legal requirements or corporate processing activities.

The latest version will always be available at: infuzest.co.uk/privacy

14. Contact

For privacy enquiries, data subject requests, or questions regarding this policy:

Infuzest Ltd — Privacy
Email: privacy@infuzest.co.uk

Privacy Contact

For privacy enquiries or to exercise your data protection rights, please contact:

Infuzest Ltd — Privacy Team

Email: privacy@infuzest.co.uk

We aim to respond to all requests in accordance with applicable data protection laws.

Supervisory Authority

If you believe your personal data has been processed in a way that does not comply with data protection law, you have the right to lodge a complaint with the UK supervisory authority:

Information Commissioner's Office (ICO)

Website: ico.org.uk

Telephone: 0303 123 1113

We encourage you to contact us first so that we have the opportunity to address your concerns.