Privacy Policy
Last updated: 3 April 2026
1. Introduction
Notoris Technologies Limited (“we”, “us”, “our”, or the “Company”) is committed to protecting and respecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal data when you visit our website at notoristechnologies.com (the “Website”) and use our services.
This policy is issued on behalf of Notoris Technologies Limited, a company registered in England and Wales under company number 16729024, with its registered office at Silverstream House, 45 Fitzroy Street, London, England, W1T 6EB. We are the data controller for the purposes of the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
We have not appointed a Data Protection Officer as we are not required to do so under applicable legislation. For any questions regarding this policy or our data practices, please contact us at privacy@notoristechnologies.com.
2. Personal Data We Collect
We may collect and process the following categories of personal data:
2.1 Data You Provide Directly
- Identity Data: your full name, job title, and employer or organisation name.
- Contact Data: your email address, telephone number, and postal address.
- Communication Data: the content of any messages, enquiries, or correspondence you send to us via our contact form, email, or telephone.
2.2 Data We Collect Automatically
- Technical Data: your Internet Protocol (IP) address, browser type and version, operating system, device type, screen resolution, and time zone setting.
- Usage Data: information about how you use our Website, including pages visited, time spent on pages, page interaction data (such as scrolling and clicks), referring website addresses, and access dates and times.
2.3 Data From Third Parties
We may receive aggregated, anonymised analytics data from our analytics provider. We do not purchase or otherwise obtain personal data from third-party data brokers.
3. How We Collect Your Personal Data
We collect personal data through the following means:
- Direct interactions: when you fill in our contact form, send us correspondence, request information about our services, or engage with us at events or meetings.
- Automated technologies: as you navigate our Website, we may automatically collect Technical Data and Usage Data through cookies, server logs, and similar technologies. Please see our Cookie Policy for further details.
4. Purposes and Lawful Basis for Processing
We will only use your personal data when the law allows us to. The table below sets out the purposes for which we process personal data and the corresponding lawful basis under UK GDPR:
| Purpose | Data Used | Lawful Basis |
|---|---|---|
| Responding to your enquiries and correspondence | Identity, Contact, Communication | Performance of a contract or steps taken at your request prior to entering into a contract (Article 6(1)(b)) |
| Administering and protecting our Website (including troubleshooting, data analysis, testing, and system maintenance) | Technical, Usage | Legitimate interests (Article 6(1)(f)) — to operate, maintain, and secure our Website |
| Understanding how visitors use our Website to improve its content, functionality, and performance | Technical, Usage | Legitimate interests (Article 6(1)(f)) — to develop and improve our Website and services |
| Sending you information about our services where you have expressly consented to receive such communications | Identity, Contact | Consent (Article 6(1)(a)) |
| Complying with legal and regulatory obligations | Identity, Contact, Communication | Legal obligation (Article 6(1)(c)) |
Where we rely on legitimate interests as the lawful basis for processing, we have conducted a balancing test to ensure that your interests, rights, and freedoms do not override our legitimate interests. You may contact us to obtain further information about this assessment.
5. Third-Party Data Sharing
We may share your personal data with the following categories of third parties, each of whom is bound by contractual obligations to process personal data in accordance with UK GDPR and to implement appropriate technical and organisational security measures:
- Hosting providers: Vercel Inc., which provides the infrastructure on which our Website is hosted, processes Technical Data in order to serve our Website content.
- Email service providers: Resend (Resend, Inc.), which processes Identity, Contact, and Communication Data in order to facilitate email delivery for our contact form submissions.
- Analytics providers: we may use privacy-focused analytics tools that process anonymised or aggregated Usage and Technical Data to help us understand Website traffic patterns.
- Professional advisers: our solicitors, accountants, auditors, and insurers where necessary for the provision of professional advice or the establishment, exercise, or defence of legal claims.
- Regulatory authorities:HM Revenue and Customs, the Information Commissioner’s Office, or other regulatory bodies where we are legally required to disclose personal data.
We do not sell, rent, or trade your personal data with any third party for marketing purposes.
6. International Data Transfers
Some of our third-party service providers are based outside the United Kingdom. When personal data is transferred outside the UK, we ensure that appropriate safeguards are in place to protect your data, including:
- Transfers to countries that the UK Secretary of State has determined provide an adequate level of data protection (UK adequacy regulations);
- The UK International Data Transfer Agreement (UK IDTA) or the UK Addendum to the EU Standard Contractual Clauses (SCCs), as applicable;
- Other appropriate safeguards recognised under Article 46 of the UK GDPR.
Specifically, Vercel Inc. and Resend, Inc. are based in the United States. Data transferred to the United States is protected under the UK Extension to the EU-U.S. Data Privacy Framework, or by the UK IDTA where the Data Privacy Framework does not apply.
7. Data Retention
We retain personal data only for as long as is necessary for the purposes for which it was collected. The specific retention periods are as follows:
| Data Category | Retention Period |
|---|---|
| Contact form submissions (Identity, Contact, Communication Data) | 24 months from the date of submission, unless a contractual relationship is established |
| Contractual correspondence and records | 6 years from the conclusion of the contract (in accordance with the Limitation Act 1980) |
| Technical and Usage Data (server logs) | 12 months |
| Analytics data | Anonymised and aggregated; retained indefinitely |
| Tax and accounting records | 7 years (in accordance with HMRC requirements) |
When personal data is no longer required, we will securely delete or anonymise it in accordance with our data retention and destruction procedures.
8. Your Rights
Under UK GDPR, you have the following rights in relation to your personal data. These rights are not absolute, and in certain circumstances we may be entitled to refuse requests where exceptions apply:
- Right of access:the right to request a copy of the personal data we hold about you (commonly known as a “subject access request”).
- Right to rectification: the right to request correction of any inaccurate or incomplete personal data we hold about you.
- Right to erasure: the right to request that we delete your personal data where there is no compelling reason for its continued processing.
- Right to restriction of processing: the right to request that we suspend the processing of your personal data in certain circumstances.
- Right to data portability: the right to request the transfer of your personal data to you or to a third party in a structured, commonly used, machine-readable format.
- Right to object: the right to object to our processing of your personal data where we are relying on a legitimate interest, or where we are processing your personal data for direct marketing purposes.
- Right to withdraw consent: where we are relying on consent to process your personal data, you have the right to withdraw that consent at any time. Withdrawal of consent does not affect the lawfulness of processing carried out before withdrawal.
To exercise any of these rights, please contact us at privacy@notoristechnologies.com. We will respond to all legitimate requests within one calendar month. In certain circumstances, we may need to extend this period by a further two months, in which case we will inform you of the extension and the reasons for it.
We will not charge a fee to exercise your rights unless your request is clearly unfounded, repetitive, or excessive, in which case we may charge a reasonable fee or refuse to comply with the request.
9. Right to Complain
You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK’s supervisory authority for data protection issues:
Information Commissioner’s Office
Wycliffe House, Water Lane
Wilmslow, Cheshire, SK9 5AF
Telephone: 0303 123 1113
Website: ico.org.uk
We would appreciate the opportunity to address your concerns before you approach the ICO, so please contact us in the first instance.
10. Automated Decision-Making
We do not use your personal data for automated decision-making or profiling that produces legal effects concerning you or similarly significantly affects you.
11. Third-Party Links
Our Website may contain links to third-party websites, plug-ins, and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy notices. When you leave our Website, we encourage you to read the privacy notice of every website you visit.
12. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors. Any material changes will be posted on this page with an updated “last updated” date. Where changes are significant, we may provide additional notice (such as a notice on our Website homepage or via email).
We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting your personal data.
13. Contact Us
If you have any questions about this Privacy Policy, your personal data, or wish to exercise any of your rights, please contact us:
Notoris Technologies Limited
Silverstream House, 45 Fitzroy Street
London, England, W1T 6EB
Email: privacy@notoristechnologies.com