Introduction

Welcome to Akendi UK's comprehensive privacy policy. We are committed to protecting your personal data and respecting your privacy rights in accordance with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and all applicable UK data protection laws. This policy explains how we collect, use, store, and protect your personal information when you visit our website or engage with our services.

Akendi operates as a data controller for the personal information we collect about you. We are registered with the Information Commissioner's Office (ICO) and comply with all relevant UK data protection regulations.

Your Data Protection Rights Under UK GDPR

As a UK resident, you have specific rights regarding your personal data:

• Right to be informed: You have the right to clear information about how we use your personal data
• Right of access: You can request a copy of the personal data we hold about you
• Right to rectification: You can ask us to correct inaccurate or incomplete data
• Right to erasure: You can request deletion of your personal data in certain circumstances
• Right to restrict processing: You can ask us to limit how we process your data
• Right to data portability: You can request your data in a portable format
• Right to object: You can object to certain types of processing
• Rights related to automated decision making: You have rights regarding automated decision-making and profiling

What Personal Data We Collect

We collect and process the following categories of personal data:

• Contact Information: Name, email address, postal address, telephone number
• Professional Information: Job title, company name, professional interests
• Communication Data: Records of your communications with us, including emails and enquiries
• Technical Data: IP address, browser type, device information, cookies, and website usage data
• Marketing Data: Your preferences for receiving marketing communications and event invitations

Legal Basis for Processing

We process your personal data under the following legal bases as defined by UK GDPR:

• Consent: For marketing communications and non-essential cookies
• Contract: To deliver our services and fulfil contractual obligations
• Legitimate Interest: For business development, website analytics, and security
• Legal Obligation: To comply with UK legal and regulatory requirements

How We Use Your Personal Data

We process your personal data for the following purposes:

• Delivering our UX design and consultancy services
• Responding to your enquiries and providing customer support
• Sending marketing communications (with your consent)
• Improving our website and services through analytics
• Ensuring website security and preventing fraud
• Complying with legal and regulatory obligations
• Managing our business relationships and conducting business development

Cookies and Tracking Technologies

We use cookies and similar technologies to enhance your website experience. Our cookies fall into these categories:

• Essential Cookies: Necessary for website functionality (no consent required)
• Analytics Cookies: Help us understand website usage (consent required)
• Marketing Cookies: Used for advertising and personalisation (consent required)

You can manage your cookie preferences through our cookie banner or by contacting us. Withdrawing consent for non-essential cookies may affect website functionality.

Data Sharing and International Transfers

We may share your personal data with:

• Trusted service providers who assist with our operations
• Professional advisers including lawyers and accountants
• Government authorities where legally required
• Other Akendi entities (Canada and USA) for business operations

Post-Brexit Data Transfers: For international data transfers, we implement appropriate safeguards including Standard Contractual Clauses (SCCs) approved by the UK authorities or rely on adequacy decisions. We ensure all transfers comply with UK data protection requirements.

Data Retention

We retain your personal data only for as long as necessary:

• Client records: 7 years after project completion (legal requirement)
• Marketing data: Until you withdraw consent or we determine it's no longer relevant
• Website analytics: 26 months from collection
• Communication records: 3 years from last contact
• Financial records: 7 years (HMRC requirement)

Data Security

We implement robust technical and organisational measures to protect your personal data, including:

• Encryption of data in transit and at rest
• Regular security assessments and updates
• Access controls and staff training
• Incident response procedures
• Regular backups and disaster recovery plans

Data Breach Notification

In accordance with UK GDPR requirements, we will report any personal data breach to the ICO within 72 hours of becoming aware of it, where feasible. We will also inform affected individuals without undue delay where the breach is likely to result in high risk to their rights and freedoms.

Children's Privacy

Our services are not directed at children under 16 years of age. We do not knowingly collect personal data from children under 16. If we become aware that we have collected such data, we will take immediate steps to delete it.

Changes to This Privacy Policy

We may update this privacy policy periodically to reflect changes in our practices or applicable law. We will notify you of any material changes by posting the updated policy on our website and updating the "last updated" date. For significant changes, we may also provide additional notice via email.

ICO Registration and Complaints

We are registered with the Information Commissioner's Office (ICO). If you have concerns about our data processing practices, you can contact us directly. You also have the right to lodge a complaint with the ICO at any time:

• ICO Website: ico.org.uk
• ICO Helpline: 0303 123 1113
• Post: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF