Data Privacy Statement (UK)

At Ingenious Pixies Ltd, we are committed to protecting the privacy and security of personal data entrusted to us. This Privacy Statement explains how we collect, use, share, and safeguard personal data in connection with our business intelligence system  (the “Service”), in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

This statement applies solely to individuals located in the United Kingdom.

1. Our Role Under UK Data Protection Law

For the purposes of UK data protection law:

  • For your information (like your name, billing details, and website use), Ingenious Pixies Ltd acts as the Data Controller. This means we decide how and why that data is processed.

  • When we handle your business data for you, we act as a Data Processor. We follow the instructions of our customers (who are the Data Controller) based on a contract.

When we are the Processor, our customers are still the Controller and are responsible for telling us how and why the data is processed.

2. Personal Data We Collect

We collect and process personal data that is necessary to provide and operate the Service, including:

a. Account and Business Contact Information

  • Name, business email address, job title, company name

  • Account credentials and user identifiers

  • Billing and payment administration details

b. Customer Data

  • Data submitted to the Service by or on behalf of our customers

  • Content, files, or information processed in the normal use of the platform

c. Technical and Usage Data

  • Log data, IP address, device and browser information

  • Usage metrics and interaction data

  • Cookies and similar technologies (see Section 9)

We do not intentionally collect highly sensitive personal data (like health, religion, or race). We ask customers not to submit this data unless it is absolutely necessary for the Service and legally allowed.

3. How We Use Personal Data

We only process personal data when it is necessary and fair for us to operate our business, which includes:

  • Providing, operating, and maintaining the Service

  • Managing customer accounts and subscriptions

  • Providing customer support and responding to enquiries

  • Improving platform performance, reliability, and security

  • Using anonymised/aggregated data to improve our platform

  • Meeting legal, regulatory, and contractual obligations

  • Preventing fraud, misuse, and unauthorised access

4. Lawful Basis for Processing

Under UK GDPR, we need a legal reason to process your data. We rely on one or more of the following reasons:

  • Performance of a contract

  • Legitimate interests, balanced against user rights

  • Legal obligation

  • Consent, where required (e.g. certain cookies or marketing communications)

5. Data Sharing and Sub-Processors

We may share personal data with:

  • Approved sub-processors who support core business operations (e.g. cloud hosting, analytics, customer support tools)

  • Professional advisers (legal, audit, compliance)

  • Regulatory authorities or law enforcement, where legally required

All sub-processors are subject to contractual obligations that ensure appropriate confidentiality, security, and compliance with UK data protection law.

A current list of sub-processors is available upon request.

6. International Data Transfers

Where personal data is transferred outside the UK, we ensure appropriate safeguards are in place, including:

  • The UK International Data Transfer Agreement (IDTA)

  • The UK Addendum to the EU Standard Contractual Clauses, where applicable

These measures are designed to ensure that personal data receives a level of protection equivalent to that under UK law.

7. Data Retention

We retain personal data only for as long as necessary to:

  • Provide the Service

  • Fulfil contractual and legal obligations

  • Resolve disputes and enforce agreements

Customer data is deleted or returned upon termination of the Service, in accordance with our contractual commitments.

8. Your Rights Under UK GDPR

Individuals located in the UK have rights including:

  • The right to access personal data

  • The right to rectification

  • The right to erasure

  • The right to restrict or object to processing

  • The right to data portability

  • The right to withdraw consent at any time

Requests can be made using the contact details below. We will respond within statutory timeframes.

You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO).

9. Cookies and Tracking Technologies

We use cookies and similar technologies in accordance with the Privacy and Electronic Communications Regulations (PECR).

Non-essential cookies are used only with your consent. You may manage cookie preferences via our cookie banner or settings tool.

10. Information Security

We use strong security tools and company procedures (technical and organisational measures) to protect your personal data from being accessed, shared, changed, or lost without permission. These measures are regularly reviewed and updated in line with industry best practices.

11. Changes to This Statement

We may update this Privacy Statement from time to time. Material changes will be communicated where required by law.

12. Contact Information

For questions or requests relating to this Privacy Statement or our data protection practices:

Email: hello@heypixie.ai

Company: Ingenious Pixies Ltd

Registered Address: 146 New London Rd, Chelmsford CM2 0AW