Legal · 01
Privacy Policy
This policy explains what personal data ZenoxLab Ltd (“we”, “us”, “our”) collects, why we collect it, how we use it, and the rights you have under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
Who we are
ZenoxLab Ltd is the data controller for any personal data you share with us. We are a private limited company registered in England & Wales. You can contact us at hello@zenoxlab.com.
What personal data we collect
We only collect the minimum personal data required to provide our services and respond to your enquiries.
- Contact form data — when you submit our contact form, we collect your first name, last name, email address, the service you’re interested in, and the message you provide.
- Newsletter signup — when you subscribe to our newsletter, we collect only your email address.
- Email correspondence — if you email us directly, we retain that correspondence and any attachments you send.
- Technical data — our hosting provider records standard server logs (IP address, user agent, request URL, timestamps) for the purposes of security and reliability.
We do not use analytics or advertising cookies. See our Cookie Policy for details.
Why we collect it and our legal basis
Under UK GDPR Article 6, we rely on the following lawful bases:
- Legitimate interests (Art 6(1)(f)) — to respond to enquiries you initiate through the contact form, and to operate and secure our website.
- Consent (Art 6(1)(a)) — for the newsletter, which you may withdraw at any time using the unsubscribe link in any email we send.
- Contract (Art 6(1)(b)) — to perform a contract with you if you become a client.
Who we share data with
We share personal data only with the processors necessary to operate the website and respond to you:
- Resend (https://resend.com) — transactional email delivery. Resend processes your email address and message on our behalf under a Data Processing Agreement. Data is processed in the EU/EEA where possible; standard contractual clauses cover any transfers.
- Vercel (https://vercel.com) — hosting and edge delivery. Standard server logs are stored for up to 30 days.
We do not sell, rent or trade your personal data with any third party for marketing purposes.
How long we keep your data
- Contact-form enquiries — retained for 24 months, then deleted.
- Newsletter subscriptions — retained until you unsubscribe.
- Email correspondence — retained for 24 months, longer if it forms part of an active or completed engagement.
- Server logs — retained for up to 30 days by our hosting provider.
Your rights under UK GDPR
You have the following rights, free of charge:
- Right of access — to obtain a copy of your personal data.
- Right to rectification — to correct inaccurate data.
- Right to erasure (“right to be forgotten”) — to request deletion.
- Right to restrict processing — to limit how we use your data.
- Right to data portability — to receive your data in a structured, machine-readable format.
- Right to object — to object to processing based on legitimate interests.
- Right to withdraw consent — where consent is the lawful basis (e.g. newsletter).
- Right not to be subject to automated decision-making — we do not engage in any automated decision-making.
To exercise any of these rights, email hello@zenoxlab.com. We will respond within one calendar month.
Complaints
If you believe we have mishandled your personal data, you can complain to the UK regulator, the Information Commissioner’s Office (ICO):
- Website: ico.org.uk
- Helpline: 0303 123 1113
- Post: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow SK9 5AF
We’d appreciate the chance to address your concerns first — please email us before escalating.
International transfers
Some of our processors (notably Resend and Vercel) may process data outside the UK. Where they do, transfers are protected by UK-approved Standard Contractual Clauses or equivalent safeguards under the UK GDPR transfer regime.
Security
We use industry-standard transport encryption (HTTPS), and we restrict access to personal data to people who need it to operate ZenoxLab. We do not store personal data in unencrypted form on portable devices.
Children
Our services are aimed at businesses. We do not knowingly collect personal data from anyone under the age of 18.
Changes to this policy
We may update this policy from time to time to reflect changes in our practices or in the law. The “Last updated” date at the top of this page indicates when it was most recently revised. Material changes will be communicated by email to subscribers and prominently on the website.