Privacy Policy

Privacy Policy

Gravitonic Ltd (Company Registration Number: 15839977) ("Gravitonic", "we", "us", or "our") is committed to protecting your privacy and personal data. This Privacy Policy explains how we collect, use, store, and protect your personal information in accordance with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and other applicable UK data protection laws.

This Privacy Policy applies to all personal data we collect when you visit our website, use our services, or interact with us in any way. By using our website or services, you consent to the collection and use of your personal data as described in this Privacy Policy.

1. Data Controller

For the purposes of UK GDPR, Gravitonic is the data controller responsible for your personal data. Our contact details are:

If you have any questions about this Privacy Policy or how we handle your personal data, please contact us using the details above.

2. Information We Collect

We collect and process the following categories of personal data:

2.1 Information You Provide to Us:

• Contact Information: Name, email address, phone number, postal address, company name, job title, and other contact details when you:
  • Contact us through our website, email, or phone
  • Request a consultation or quote
  • Subscribe to our newsletter or marketing communications
  • Register for events or webinars
  • Engage with us on social media
• Client Information: When you become a client, we may collect:
  • Business information, project requirements, and specifications
  • Login credentials and access information for systems we need to access
  • Payment and billing information (processed securely through third-party payment processors)
  • Communication records, including emails, meeting notes, and project documentation
  • Data and content you provide for use in our services (Client Content)
• Application and Recruitment Information: If you apply for a job with us, we collect your CV, cover letter, and other application materials.

2.2 Information We Collect Automatically:

• Website Usage Data: When you visit our website, we automatically collect:
  • IP address and approximate geographic location
  • Browser type, version, and language settings
  • Device information (type, operating system, screen resolution)
  • Pages visited, time spent on pages, and navigation patterns
  • Referring website or source
  • Date and time of visits
  • Clickstream data and user interactions
• Cookies and Similar Technologies: We use cookies, web beacons, and similar tracking technologies. See Section 9 for detailed information about our use of cookies.

2.3 Information from Third Parties:

• We may receive information about you from third-party services, such as social media platforms, if you interact with us through those platforms
• We may receive information from business partners, referral sources, or publicly available sources to help us understand your business needs
• If you are a client, we may collect information from third-party services we integrate with on your behalf (e.g., cloud hosting providers, API services)

3. How We Use Your Personal Data

We use your personal data for the following purposes and legal bases:

3.1 To Provide Our Services (Legal Basis: Contract Performance):

• Delivering AI services, software development, design, consulting, and other services you have requested
• Managing client relationships, projects, and communications
• Processing payments and managing billing
• Providing technical support and maintenance
• Hosting and managing digital assets and systems

3.2 To Communicate with You (Legal Basis: Contract Performance, Legitimate Interest):

• Responding to your inquiries and requests
• Sending project updates, service notifications, and administrative communications
• Providing customer support and resolving issues

3.3 Marketing and Business Development (Legal Basis: Consent, Legitimate Interest):

• Sending newsletters, promotional emails, and marketing communications (with your consent or where we have a legitimate interest)
• Inviting you to events, webinars, and other business development activities
• Conducting market research and analyzing customer preferences
• You can opt-out of marketing communications at any time by clicking the unsubscribe link in our emails or contacting us directly

3.4 To Improve Our Services (Legal Basis: Legitimate Interest):

• Analyzing website usage and user behavior to improve our website and services
• Conducting analytics and research to understand trends and customer needs
• Testing and developing new features and services
• Monitoring and improving service quality and performance

3.5 Legal and Compliance (Legal Basis: Legal Obligation, Legitimate Interest):

• Complying with legal obligations, including tax, accounting, and regulatory requirements
• Protecting our rights, property, and safety, and that of our clients and third parties
• Detecting and preventing fraud, security threats, and other illegal activities
• Responding to legal requests and enforcing our agreements

3.6 Recruitment (Legal Basis: Contract Performance, Legitimate Interest):

• Processing job applications and conducting recruitment activities
• Assessing candidates' suitability for positions
• Communicating with candidates about recruitment processes

4. Legal Basis for Processing

Under UK GDPR, we process your personal data based on the following legal bases:

• Contract Performance: To fulfill our contractual obligations to you, such as providing services you have requested
• Consent: Where you have given clear consent for us to process your personal data for specific purposes (e.g., marketing communications)
• Legitimate Interest: Where processing is necessary for our legitimate business interests, such as improving our services, marketing, and business development, provided these interests do not override your rights and freedoms
• Legal Obligation: Where we are required to process your data to comply with legal obligations, such as tax and accounting requirements
• Vital Interests: Where processing is necessary to protect someone's life or physical safety (rarely applicable in our context)

5. Data Sharing and Disclosure

We may share your personal data with the following categories of recipients:

5.1 Service Providers and Business Partners:

• Cloud hosting and infrastructure providers (e.g., AWS, Azure, Google Cloud)
• Payment processors and financial institutions
• Email service providers and communication platforms
• Customer relationship management (CRM) systems
• Project management and collaboration tools
• Analytics and marketing service providers (see Section 9 for details)
• IT support and maintenance providers
• Professional advisors (lawyers, accountants, consultants)

All service providers are contractually obligated to protect your personal data and use it only for the purposes we specify.

5.2 Business Transfers:

If we are involved in a merger, acquisition, sale of assets, or other business transaction, your personal data may be transferred to the acquiring entity, subject to the same privacy protections.

5.3 Legal Requirements:

We may disclose your personal data if required by law, court order, or regulatory authority, or if we believe disclosure is necessary to protect our rights, property, or safety, or that of others.

5.4 With Your Consent:

We may share your personal data with third parties when you have given us explicit consent to do so.

6. International Data Transfers

6.1 Data Sovereignty: Gravitonic is based in the United Kingdom, and we strive to process and store personal data within the UK or European Economic Area (EEA) whenever possible to ensure data sovereignty and compliance with UK and EU data protection requirements.

6.2 Third-Party Transfers: Some of our service providers may process your personal data outside the UK/EEA (e.g., in the United States). When we transfer personal data outside the UK/EEA, we ensure appropriate safeguards are in place, such as:

• Standard Contractual Clauses approved by the UK Information Commissioner's Office (ICO)
• Adequacy decisions by the UK government or European Commission
• Other legally recognized transfer mechanisms

6.3 Service Providers with International Operations: We use the following service providers that may process data outside the UK/EEA:

• Google Analytics and Google Tag Manager: Data may be processed in the United States. Google is certified under the EU-US Data Privacy Framework.
• Hotjar: User behavior analytics data may be processed in the EU/EEA and United States. Hotjar complies with GDPR requirements.
• CookieYes: Cookie consent management data may be processed in the EU/EEA.
• Cloud Hosting Providers: Depending on your service requirements, data may be stored in various regions. We will inform you of the specific locations when relevant.

If you would like more information about the specific safeguards we have in place for international transfers, please contact us using the details in Section 1.

7. Data Security

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. These measures include:

• Encryption: We use encryption for data in transit (SSL/TLS) and at rest where appropriate
• Access Controls: We limit access to personal data to authorized personnel only, on a need-to-know basis
• Secure Infrastructure: We use reputable cloud hosting providers with robust security measures
• Regular Security Assessments: We conduct regular security reviews and assessments of our systems and processes
• Staff Training: Our team members receive training on data protection and security best practices
• Confidentiality Agreements: All team members and contractors are bound by confidentiality agreements
• Incident Response: We have procedures in place to detect, respond to, and report security incidents

However, no method of transmission over the internet or electronic storage is 100% secure. While we strive to protect your personal data, we cannot guarantee absolute security.

If we become aware of a data breach that may affect your personal data, we will notify you and the relevant supervisory authority in accordance with our legal obligations under UK GDPR.

8. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected, including:

• Client Data: We retain client data for the duration of our business relationship and for up to 7 years after the end of the relationship for legal, tax, and accounting purposes
• Marketing Data: We retain marketing contact information until you opt-out or request deletion, or until we determine it is no longer relevant
• Website Analytics: We retain analytics data for up to 26 months, in accordance with Google Analytics' default retention settings
• Recruitment Data: We retain application data for unsuccessful candidates for up to 12 months, unless you consent to longer retention
• Legal Requirements: We may retain certain data longer if required by law, regulation, or legal proceedings

When personal data is no longer needed, we will securely delete or anonymize it in accordance with our data retention policies and applicable law.

9. Cookies and Tracking Technologies

Our website uses cookies and similar tracking technologies to collect and store information about your preferences and browsing behavior. Cookies are small text files placed on your device when you visit our website.

9.1 Types of Cookies We Use:

• Essential Cookies: These are necessary for the website to function properly. They enable basic functions like page navigation and access to secure areas. These cookies do not require consent.
• Analytics Cookies: We use Google Analytics and Google Tag Manager to understand how visitors use our website. These cookies collect information about your browsing behavior, which helps us improve our website and services.
• Marketing Cookies: These cookies track your browsing activity to help us deliver relevant marketing content and measure the effectiveness of our campaigns.
• Functional Cookies: These cookies remember your preferences and settings to provide a personalized experience.

9.2 Third-Party Cookies:

• Google Analytics (G-BJQY444B97): Collects anonymous usage statistics. You can opt-out using the Google Analytics Opt-out Browser Add-on.
• Google Tag Manager (GTM-M3MM4HCX): Manages tracking tags and scripts.
• Hotjar (hjid:5063468): Provides user behavior analytics and heatmaps. You can opt-out at Hotjar's opt-out page.
• CookieYes: Manages cookie consent preferences.

9.3 Managing Cookies:

You can control and manage cookies through:

• Your browser settings (most browsers allow you to refuse or delete cookies)
• Our cookie consent banner, which appears when you first visit our website
• Third-party opt-out tools (links provided above)

Please note that disabling certain cookies may affect the functionality of our website.

10. Your Rights Under UK GDPR

Under UK GDPR and the Data Protection Act 2018, you have the following rights regarding your personal data:

• Right of Access: You have the right to request a copy of the personal data we hold about you and information about how we process it.
• Right to Rectification: You have the right to request correction of inaccurate or incomplete personal data.
• Right to Erasure ("Right to be Forgotten"): You have the right to request deletion of your personal data in certain circumstances, such as when it is no longer necessary for the purposes for which it was collected, or when you withdraw consent.
• Right to Restrict Processing: You have the right to request that we restrict the processing of your personal data in certain circumstances.
• Right to Data Portability: You have the right to receive your personal data in a structured, commonly used, and machine-readable format, and to transmit it to another controller where technically feasible.
• Right to Object: You have the right to object to processing of your personal data based on legitimate interests or for direct marketing purposes.
• Rights Related to Automated Decision-Making: You have the right not to be subject to decisions based solely on automated processing that produce legal or similarly significant effects (we do not currently engage in such processing).
• Right to Withdraw Consent: Where we process your personal data based on consent, you have the right to withdraw that consent at any time.

Exercising Your Rights: To exercise any of these rights, please contact us using the details provided in Section 1. We will respond to your request within one month (or up to three months for complex requests), in accordance with UK GDPR requirements.

Right to Complain: If you are not satisfied with how we handle your personal data or respond to your requests, you have the right to lodge a complaint with the UK Information Commissioner's Office (ICO):

11. Children's Privacy

Our services are not directed to individuals under the age of 18. We do not knowingly collect personal data from children. If you are a parent or guardian and believe your child has provided us with personal data, please contact us immediately, and we will delete such information from our systems.

12. Links to Other Websites

Our website may contain links to third-party websites. We are not responsible for the privacy practices or content of these external sites. We encourage you to read the privacy policies of any third-party websites you visit.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, services, or legal requirements. We will notify you of any material changes by:

• Posting the updated Privacy Policy on our website with a new "Effective Date"
• Sending an email notification to clients (for significant changes)
• Displaying a notice on our website

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your personal data.

14. Effective Date

This Privacy Policy is effective as of 05.01.2024.

15. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or how we handle your personal data, please contact us:

For data protection inquiries, you can also contact us at [email protected] with the subject line "Data Protection Inquiry".