Legal & Compliance

Privacy Notice

Last updated: June 15, 2026

Dataqubed Ltd (“we”, “us”, “our”) is committed to protecting your personal data and respecting your privacy. This Privacy Notice explains how we collect, use, store and protect your information when you interact with us, including through our website and CRM system.

We act as a Data Controller for the personal data we process.

Our registered office address is: 11 Kirkland Walk, Hackney, London, E8 3SY

1. Information We Collect

a) Personal information you provide

  • Name
  • Email address
  • Phone number
  • Job title and organisation
  • Information submitted through contact forms, surveys or event registrations

b) Usage and technical information

Collected automatically when you interact with our website or CRM-linked forms:

  • IP address
  • Browser type and device information
  • Access times and pages viewed
  • Interaction data (clicks, session duration, navigation patterns)
  • Cookies and similar technologies

c) CRM data (Kit CRM)

We use Kit CRM, a US-based service provider, to manage enquiries, communications and engagement history. This includes:

  • Contact details
  • Communication history
  • Notes relating to enquiries or service delivery
  • Marketing preferences
  • Event attendance and engagement history

Kit CRM processes data in the United States and uses trusted sub-processors to support its service delivery.

2. How We Use Your Information

a) To respond to enquiries and provide services

Handling contact form submissions and delivering services.

  • Lawful basis: Legitimate interests or performance of a contract

b) To operate and improve our website, CRM and services

Analysing usage patterns, enhancing user experience, and maintaining system security.

  • Lawful basis: Legitimate interests

c) To send marketing communications

Newsletters, updates and event invitations—only where you have opted in.

  • Lawful basis: Consent (you may withdraw at any time)

We record and manage your marketing preferences in Kit CRM.

Record keeping and responding to regulatory requests.

  • Lawful basis: Legal obligation

Special-category data

We do not intentionally collect special-category data through our website. If such information is provided voluntarily, we rely on Article 9(2)(a) — explicit consent, or Article 9(2)(h) - where relevant to the provision of services.

3. Sharing Your Information

We do not sell or rent your personal data.

We may share your information with trusted third parties who act as Data Processors, including:

  • Kit CRM (United States)
  • Microsoft (Microsoft 365 and Azure - data stored in UK datacentres, primarily UK South)
  • Website hosting and analytics providers
  • Email and marketing automation tools
  • Event management platforms
  • Professional advisers (e.g. legal, accounting)

All processors are required to handle your data securely and only in accordance with our instructions. We may also share data where required by law or to protect our legal rights.

Microsoft’s data processing is governed by the Microsoft Data Protection Addendum, which includes Standard Contractual Clauses and compliance with UK GDPR requirements. Our Microsoft 365 and Azure services are configured for UK data residency.

4. International Transfers

Where service providers process data outside the UK, we ensure appropriate safeguards are in place, including:

  • The EU–US Data Privacy Framework (DPF)
  • The UK Extension to the DPF
  • Standard Contractual Clauses (SCCs) or the UK International Data Transfer Agreement (IDTA)
  • Additional technical and organisational measures

This applies to Kit CRM and its sub-processors, which operate in the United States. Our Microsoft services are stored in UK datacentres and do not constitute an international transfer.

We also complete a Transfer Risk Assessment (TRA) for relevant services.

5. Use of Artificial Intelligence (AI)

We may use secure AI tools to help us operate our website, manage enquiries, analyse engagement and improve our services. When we use AI:

  • It is always under our direct instruction and control
  • We do not use AI to make decisions that have legal or significant effects on you
  • All AI outputs are reviewed by a human before being relied upon
  • We only provide the minimum personal data necessary
  • We pseudonymise or remove identifiable information where possible
  • We require suppliers to ensure your data is not used to train AI models

Some AI tools may process data outside the UK/EEA. Where this occurs, we ensure appropriate safeguards are in place, including SCCs and additional measures.

6. Data Security

We implement appropriate technical and organisational measures to protect your data from unauthorised access, loss, misuse or disclosure, consistent with our ISO 27001 certification and Cyber Essentials Plus accreditation. However, no online transmission is completely secure.

7. Cookies

Our website uses cookies to improve functionality and analyse usage. For full details of the cookies we use and how to manage them, please read our Cookie Policy.

8. Your Rights

Under UK GDPR, you have the right to:

  • Access your personal data
  • Request correction of inaccurate data
  • Request deletion of your data
  • Object to processing based on legitimate interests
  • Withdraw consent
  • Request restriction of processing
  • Request data portability
  • Lodge a complaint with the ICO

To exercise any of these rights, contact us at hello@dataqubed.com.

9. Data Protection Complaints

Under the Data (Use and Access) Act 2025, individuals must raise concerns with us first before contacting the ICO.

Data Protection Contact: iSTORM, 10 John Street, Stratford-upon-Avon, CV37 6UB, UK

Email: dpo@istormsolutions.co.uk

Phone: +44 (0)1789 608708

We will acknowledge your complaint and aim to respond within one month. If your complaint is complex, we will keep you informed. If you are not satisfied with our response, you may escalate to the ICO.

10. Retention

We retain personal data only for as long as necessary for the purposes for which it was collected, including service delivery, legal and accounting obligations and CRM-based communication history. For details of specific retention periods, please contact us.

11. Changes to This Notice

We may update this Notice from time to time. Any changes will be posted on this page with an updated date.

12. Contact Us

If you have any questions or concerns about this Privacy Notice, please contact us at hello@dataqubed.com.