Privacy Policy
Introduction
At Naxelthryndol, we understand that your privacy isn't just about compliance — it's about trust. When you're considering backup and disaster recovery solutions for your business, you need to know exactly how we handle your information.
This policy explains our practices in straightforward terms. We've designed our data handling processes with UK business needs in mind, following GDPR requirements and industry best practices. Your data security is fundamental to everything we do.
Information We Collect
Business Information
Contact Details
Business name, contact person, email addresses, phone numbers, and postal addresses for service delivery and communication.
Technical Information
System configurations, backup requirements, network details, and infrastructure specifications to design appropriate solutions.
Usage Data
Service utilisation patterns, backup frequencies, system performance metrics, and access logs for optimisation purposes.
Financial Information
Billing details, payment information, and transaction records processed through secure, PCI-compliant systems.
How We Collect Information
We gather information through several channels: directly from you during consultations and service setup, automatically through our monitoring systems, from third-party integrations you authorise, and through website interactions including cookies and analytics.
How We Use Your Information
Your data serves specific business purposes. We use it to deliver and maintain your backup services, provide technical support, monitor system performance, and communicate about service updates or issues.
We also analyse usage patterns to improve our services and develop new features. This helps us anticipate your needs and enhance our disaster recovery solutions. All analysis is conducted with appropriate privacy safeguards.
For billing and administrative purposes, we process payment information and maintain service records. We may also use your information to comply with legal obligations or protect our legitimate business interests.
Data Sharing and Third Parties
We work with carefully selected partners to deliver our services effectively. These include cloud infrastructure providers for backup storage, payment processors for billing, and technical service providers for system monitoring.
All third parties are bound by strict confidentiality agreements and must meet our data protection standards. We conduct regular assessments to ensure they maintain appropriate security measures.
We never sell your personal information. We only share data when necessary for service delivery, legal compliance, or with your explicit consent. Any data transfers outside the UK follow appropriate safeguards under GDPR.
Your Rights Under GDPR
As a UK-based business serving UK clients, we ensure you have full control over your personal data:
| Your Right | What This Means | How to Exercise |
|---|---|---|
| Access | Request copies of your personal data and understand how we use it | Email support@naxelthryndol.com with "Data Access Request" in the subject line |
| Rectification | Correct inaccurate or incomplete information | Contact us directly or update through your account portal |
| Erasure | Request deletion of your personal data in certain circumstances | Submit written request with verification of identity |
| Portability | Receive your data in a structured, commonly used format | Request through our data export facility |
| Object | Object to processing based on legitimate interests | Contact us with specific objections and reasons |
We respond to all valid requests within one month. For complex requests, we may extend this by two months with explanation. There's no charge for most requests, though we may charge a reasonable fee for excessive or repetitive requests.
Data Security Measures
Encryption
All data is encrypted in transit using TLS 1.3 and at rest using AES-256 encryption standards.
Access Controls
Multi-factor authentication, role-based permissions, and regular access reviews limit data exposure.
Monitoring
24/7 security monitoring, intrusion detection, and automated threat response protect your information.
Staff Training
Regular security awareness training ensures our team understands their data protection responsibilities.
We maintain ISO 27001 certification and undergo annual security audits. Our data centres are SOC 2 Type II certified with physical security controls, environmental monitoring, and redundant power systems.
Security Incident Response
In the unlikely event of a data breach, we'll notify you and relevant authorities within 72 hours as required by GDPR. Our incident response team is trained to minimise impact and prevent recurrence.
Data Retention
We keep your information only as long as necessary for business and legal purposes:
Active Service
Throughout your service period for operational purposes
Post-Termination
Up to 12 months for account resolution and legal compliance
Financial Records
7 years as required by UK tax and accounting regulations
Marketing Data
Until you withdraw consent or 3 years of inactivity
We regularly review retained data and securely delete information that's no longer needed. Our deletion processes ensure data is completely removed from all systems, including backups.
International Data Transfers
While we primarily store data within the UK, some service providers may process data internationally. All transfers outside the UK and EU use appropriate safeguards:
- Adequacy decisions recognised by the UK government
- Standard contractual clauses approved by the ICO
- Binding corporate rules for multinational organisations
- Certification schemes ensuring equivalent data protection
We regularly assess international transfer mechanisms to ensure continued protection of your data rights.
Cookies and Website Analytics
Our website uses cookies to improve your experience and analyse site usage. We categorise cookies as:
- Essential: Required for basic website functionality
- Performance: Help us understand how visitors use our site
- Functional: Remember your preferences and settings
- Marketing: Used to deliver relevant content (with consent)
You can manage cookie preferences through your browser settings or our cookie consent tool. Disabling certain cookies may affect website functionality.
Changes to This Policy
We review this privacy policy annually and update it when necessary. Significant changes will be communicated through email notification and prominent website notices at least 30 days before taking effect.
Minor updates for clarity or legal compliance may be made without notice. We recommend checking this page periodically for the latest version.
Contact Our Data Protection Team
Email: support@naxelthryndol.com
Phone: +44 113 272 0277
Post: Express Visa LTD, 71-75 Shelton Street, Covent Garden, London, WC2H 9JQ
Company Number: 16290425
For complaints about our data handling, you can also contact the Information Commissioner's Office (ICO) at ico.org.uk