Privacy Policy
TRENZ SPACE LTD is committed to protecting your personal data and processing it in accordance with UK GDPR and the Data Protection Act 2018.
1. Introduction and Data Controller Identity
This Privacy Policy explains how TRENZ SPACE LTD ("we", "us", "our") collects, uses, stores and protects personal data obtained through our website at trenzspace.cloud, through direct communications and in the course of providing our professional services. This policy is provided in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
TRENZ SPACE LTD is registered in England and Wales. Our registered office is located at 9 Skyport Drive, Harmondsworth, West Drayton, UB7 0LB, United Kingdom. As a data controller, we are responsible for deciding how and why personal data is used. For all data protection enquiries, you may contact us at info@trenzspace.cloud or write to us at our registered address.
We are committed to ensuring that your privacy is protected and that all personal data we process is handled lawfully, fairly and transparently. We do not sell personal data to third parties, and we do not use personal data for purposes beyond those described in this policy without first obtaining your consent or establishing another lawful basis for processing.
This Privacy Policy applies to all personal data we process about individuals who visit our website, submit enquiries, enter into service agreements with us, or communicate with us through any channel. It applies equally to individuals acting on behalf of corporate clients.
2. Personal Data We Collect
We collect personal data in the following contexts. In each case, we collect only the data necessary for the specified purpose, in line with the principle of data minimisation under UK GDPR.
2.1 Website enquiry forms
When you submit an enquiry through our website contact form, we collect your name, email address and the content of your message. You may also optionally provide the name of your organisation. This data is collected for the sole purpose of responding to your enquiry and assessing whether we are able to assist with your stated requirements.
2.2 Direct email and telephone communications
When you contact us directly by email or telephone, we collect and retain the personal data contained in that communication, including your name, email address, telephone number and the content of the communication. This enables us to respond appropriately and maintain a record of the enquiry for follow-up purposes.
2.3 Client engagement data
When you enter into a service agreement with us, we collect additional personal data necessary to deliver the contracted services. This may include your full name, title, role, employer details, business address, telephone number and email address. We may also collect payment information, although we do not store full payment card details on our systems.
2.4 Website usage data
When you visit our website, we automatically collect certain technical data about your visit through cookies and similar technologies. This includes your IP address (which may be anonymised), browser type and version, operating system, referring website, pages visited, time and date of visit and duration of visit. This data is used for website performance monitoring and analytics. Please refer to our Cookie Policy for more detailed information about the specific cookies we use.
2.5 Professional correspondence and project documentation
In the course of delivering professional services to clients, we generate and retain documentation that may contain personal data about individuals associated with the client organisation. This includes project correspondence, meeting notes, technical documentation referencing system users and similar materials produced or received in the course of service delivery.
2.6 Data from third-party sources
In limited circumstances, we may receive personal data about you from third parties. This includes referral information provided by existing clients who recommend your organisation to us, publicly available professional information such as LinkedIn profiles when researching potential or existing client contacts, and data provided by our service partners in the course of delivering contracted work.
3. Legal Basis for Processing
UK GDPR requires that every processing activity we undertake has a lawful basis. We rely on the following legal bases for our processing activities:
3.1 Contract performance
Where you have entered into a service agreement with us, we process personal data to the extent necessary to perform our obligations under that agreement. This includes all data processing required to deliver the contracted technical services, communicate with you about the engagement and fulfil our contractual responsibilities.
3.2 Legitimate interests
We process personal data for our legitimate business interests in certain circumstances. These interests include: responding to unsolicited enquiries received through our website or directly; maintaining records of business communications for operational continuity; monitoring our website performance to identify and resolve technical issues; and sending relevant service information to existing clients or recent enquirers. When relying on legitimate interests, we have assessed that our interests are not overridden by your interests or fundamental rights and freedoms, and we have taken steps to ensure that processing is proportionate and limited to what is necessary.
3.3 Legal obligation
We process and retain certain personal data to comply with legal obligations that apply to our business. These include obligations under tax and accounting legislation, employment law (where applicable), and any other applicable UK statutory requirements. Retention periods for data processed under this basis are determined by the relevant legal requirements.
3.4 Consent
Where we rely on consent as a legal basis for processing, we will obtain your explicit consent before processing and provide you with a clear description of what you are consenting to. You have the right to withdraw consent at any time by contacting us at info@trenzspace.cloud. Withdrawal of consent does not affect the lawfulness of processing carried out before the withdrawal.
3.5 Vital interests
In exceptional circumstances, we may process personal data where it is necessary to protect the vital interests of an individual. This basis is rarely applicable in the context of our professional services business but is included for completeness.
4. How We Use Personal Data
We use the personal data we collect for the following purposes, each of which is supported by one or more of the legal bases described in section 3 above:
- Responding to enquiries submitted through our website or by direct communication, including assessing the nature of the enquiry and determining an appropriate response pathway.
- Providing the professional services described in our service agreements, including all activities necessary for technical delivery, project management and client communication.
- Managing our client relationships, including maintaining records of engagements, communicating about project progress and handling post-delivery support requests.
- Issuing invoices and managing payments in connection with contracted services.
- Maintaining our business records in accordance with applicable legal and accounting requirements.
- Improving our website and services by analysing how visitors interact with our online presence, identifying technical issues and understanding which content is most useful to visitors.
- Communicating relevant service information, guidance or updates to existing clients or individuals who have recently submitted enquiries, where we have a legitimate interest in doing so and have not received an objection from the recipient.
- Complying with any legal obligation that requires us to disclose personal data to a public authority, regulator or law enforcement agency.
- Exercising or defending legal claims where necessary to protect our legitimate business interests.
We do not use personal data for automated decision-making or profiling that produces legal or similarly significant effects on individuals.
5. Sharing Personal Data with Third Parties
We do not sell, trade or transfer your personal data to third parties for their own marketing or commercial purposes. We may share personal data with third parties only in the following limited circumstances:
5.1 Service providers and sub-processors
We use a limited number of carefully selected third-party service providers to support our operations. These include cloud hosting and storage providers, email infrastructure services, accounting and invoicing software providers and professional productivity tools. Where these providers process personal data on our behalf, they do so as data processors under written contracts that require them to process data only on our instructions and to maintain appropriate security measures. We maintain a record of all such processors and the categories of data they process.
5.2 Professional advisers
We may share personal data with our legal advisers, accountants, auditors and insurers where necessary for the provision of their professional services to us. These parties are required to maintain confidentiality and process data in accordance with applicable data protection law.
5.3 Legal and regulatory requirements
We may disclose personal data where required to do so by law, court order or regulatory requirement, or where we believe in good faith that disclosure is necessary to protect our legal rights, prevent fraud or respond to a government request. We will, where legally permitted, inform you of any such disclosure request before complying with it.
5.4 Business transfers
In the event of a merger, acquisition, business reorganisation or sale of assets, personal data held by us may be transferred to the acquiring or successor entity. We will provide notice to affected individuals of any such transfer and ensure that appropriate data protection measures are in place before any transfer is completed.
6. International Transfers
TRENZ SPACE LTD operates primarily within the United Kingdom. We do not routinely transfer personal data outside the United Kingdom. Where we use cloud service providers whose infrastructure is located outside the UK, we ensure that such transfers are subject to appropriate safeguards under UK GDPR, including the use of standard contractual clauses approved by the Information Commissioner's Office, adequacy decisions applicable to the destination country, or other appropriate transfer mechanisms.
Where we transfer personal data to countries that have not been deemed to provide an adequate level of data protection, we implement additional safeguards to ensure that your rights are protected. These safeguards are documented and available on request.
7. Data Retention
We retain personal data only for as long as necessary for the purposes for which it was collected, subject to any longer retention periods required by law. Our standard retention periods are as follows:
- Enquiry data (name, email, message content) from individuals who do not proceed to a service engagement: retained for a maximum of 12 months from the date of receipt, unless the enquiry gives rise to an ongoing correspondence or relationship.
- Client engagement records, including correspondence, contracts, project documentation and invoices: retained for a minimum of 6 years from the end of the relevant tax year in which the engagement concluded, in accordance with our obligations under the Companies Act 2006 and HMRC guidance.
- Website analytics data: retained in accordance with the retention settings of the analytics provider used, typically no longer than 26 months. Anonymised aggregated analytics data may be retained indefinitely.
- Email correspondence with clients and enquirers: retained for the duration of the business relationship and for 6 years thereafter, unless a shorter retention period is appropriate given the nature of the correspondence.
At the end of the applicable retention period, personal data is deleted or anonymised in a secure manner. Paper documents containing personal data are securely destroyed.
8. Your Rights Under UK GDPR
Under the UK General Data Protection Regulation and the Data Protection Act 2018, you have the following rights in relation to your personal data. We will respond to all valid requests within one calendar month of receipt, or within three months where the request is complex or numerous, in which case we will notify you of the extension within the first month.
8.1 Right of access
You have the right to obtain a copy of the personal data we hold about you, together with information about how it is being processed. This is known as a Subject Access Request (SAR). There is no charge for submitting a SAR. We will provide the information in a structured, commonly used and machine-readable format where technically feasible.
8.2 Right to rectification
You have the right to require us to correct any inaccurate personal data we hold about you and to complete any incomplete personal data. If you believe that data we hold about you is inaccurate or incomplete, please contact us at info@trenzspace.cloud with the corrected information and we will update our records promptly.
8.3 Right to erasure
You have the right to request that we delete your personal data in certain circumstances. These include situations where the data is no longer necessary for the purpose for which it was collected, you withdraw consent on which processing is based, you object to processing and there are no overriding legitimate grounds, the data has been unlawfully processed, or deletion is required to comply with a legal obligation. We may be unable to comply fully with a deletion request where we have a legal obligation to retain the data or where retention is necessary for the establishment, exercise or defence of legal claims.
8.4 Right to restriction of processing
You have the right to request that we restrict the processing of your personal data in certain circumstances. Where processing is restricted, we will store the data but not otherwise process it, except with your consent, or for the establishment, exercise or defence of legal claims, or for the protection of the rights of another person, or for reasons of important public interest. We will inform you before lifting any restriction.
8.5 Right to data portability
Where processing is based on your consent or on a contract, and where processing is carried out by automated means, you have the right to receive the personal data you provided to us in a structured, commonly used and machine-readable format. You also have the right to have this data transmitted directly to another data controller where technically feasible.
8.6 Right to object
You have the right to object to processing of your personal data that is based on our legitimate interests or on a task carried out in the public interest. If you object, we will cease processing unless we can demonstrate compelling legitimate grounds that override your interests, rights and freedoms, or unless processing is necessary for the establishment, exercise or defence of legal claims. You have an absolute right to object to your personal data being processed for direct marketing purposes.
8.7 Rights related to automated decision-making
You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects or similarly significantly affects you. As noted above, we do not engage in such automated decision-making.
8.8 How to exercise your rights
To exercise any of the rights described above, please contact us in writing at info@trenzspace.cloud or by post at TRENZ SPACE LTD, 9 Skyport Drive, Harmondsworth, West Drayton, UB7 0LB, United Kingdom. We may ask you to verify your identity before processing your request. There is no charge for exercising your rights in most circumstances, though we may charge a reasonable fee where requests are manifestly unfounded or excessive.
8.9 Right to complain to the Information Commissioner
If you believe that we have not handled your personal data in accordance with applicable data protection law, you have the right to lodge a complaint with the Information Commissioner's Office (ICO), the supervisory authority for data protection in the United Kingdom. The ICO can be contacted at www.ico.org.uk or by telephone on 0303 123 1113. We would, however, appreciate the opportunity to address your concern directly before you contact the ICO, and we encourage you to raise any concerns with us in the first instance.
9. Cookies and Tracking Technologies
Our website uses cookies and similar tracking technologies to enable website functionality, analyse website usage and improve the experience for visitors. A cookie is a small text file that is placed on your device when you visit our website. Some cookies are essential for the website to function correctly; others are used for analytics and performance purposes. You can control cookie settings through your browser settings. For full details of the cookies we use, please refer to our Cookie Policy available at cookie-policy.html.
10. Security Measures
We take the security of personal data seriously and have implemented appropriate technical and organisational measures to protect it against unauthorised or unlawful processing and against accidental loss, destruction or damage. These measures include encryption of data in transit and at rest where appropriate, access controls limiting access to personal data to authorised personnel on a need-to-know basis, regular security review of our systems and processes, and secure data disposal procedures at the end of applicable retention periods.
We require all personnel with access to personal data to understand and comply with their data protection obligations. Where we engage sub-processors, we conduct appropriate due diligence to ensure they maintain adequate security measures and enter into data processing agreements requiring them to protect personal data to at least the standard we apply ourselves.
In the event of a personal data breach that is likely to result in a risk to the rights and freedoms of individuals, we will notify the Information Commissioner's Office within 72 hours of becoming aware of the breach. Where a breach is likely to result in a high risk to individuals, we will also notify affected individuals directly without undue delay.
11. Children's Privacy
Our website and services are directed at businesses and professional individuals. We do not knowingly collect personal data from children under the age of 18. If you believe that we may have inadvertently received personal data from a child, please contact us at info@trenzspace.cloud and we will take prompt steps to delete the relevant data.
12. Third-Party Websites
Our website may contain links to third-party websites, including websites of professional bodies, service providers or other organisations we reference. This Privacy Policy applies only to our website and our processing activities. We are not responsible for the privacy practices of third-party websites and encourage you to review the privacy policies of any third-party sites you visit.
13. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our processing activities, applicable legal requirements or our business operations. Where changes are material, we will take reasonable steps to inform you, which may include displaying a prominent notice on our website. The date at the top of this page indicates when the policy was last updated. We encourage you to review this page periodically to stay informed about how we protect your personal data.
14. Contact Us
If you have any questions, concerns or requests relating to this Privacy Policy or to our handling of your personal data, please contact us using the details below. We will respond to all privacy enquiries within a reasonable period and endeavour to resolve any concerns promptly and professionally.
TRENZ SPACE LTD
9 Skyport Drive
Harmondsworth
West Drayton, UB7 0LB
United Kingdom
Email: info@trenzspace.cloud
Telephone: +44 7715 580471
