Your privacy, handled with care

Who we are

Primepath Venturs Ltd. (“Primepath”, “we”, “our”) is a company registered in England and Wales. We design and deliver software, web portals and AI solutions. Unless stated otherwise, we act as the data controller for personal data collected via our website and marketing activities. When we provide services to a client, we may act as a data processor for personal data that the client controls. Where we are a processor, we only process personal data on the documented instructions of the controller and under a Data Processing Agreement (DPA).

Scope of this policy

This policy covers our public website and related contact channels (for example, contact forms and business enquiries). It does not cover client environments where we act as a processor under a separate contract, or websites we link to but do not operate. Our website is intended for business users in the United Kingdom; if you are in the EEA, similar rights apply under the EU GDPR.

What personal data we collect

Information you provide to us

• Contact details such as name, work email, company and role when you complete a form or correspond with us.
• Project information you share about your goals, timelines, budgets or technical environment.
• Preferences and consents, including cookie choices and marketing opt‑ins/opt‑outs.

Information collected automatically

• Usage data about pages visited, interactions and approximate geography derived from your IP address. We collect only what is necessary and, where required, only with consent.
• Cookies and similar technologies as explained in our Cookies Policy. Non‑essential cookies are disabled unless you consent.

How we use personal data

We use personal data to run our business and to provide services you request. Typical purposes include:

• Responding to enquiries and providing proposals or statements of work.
• Operating and improving our website, including security, analytics and troubleshooting.
• Marketing with consent, such as newsletters or event invitations. You can opt out at any time.
• Legal and compliance, e.g., keeping appropriate records, preventing fraud or addressing regulatory requests.

Our lawful bases for processing

Under UK GDPR we rely on several lawful bases, depending on the context:

• Consent — for non‑essential cookies and certain marketing communications. You can withdraw consent at any time via the cookie banner or unsubscribe links.
• Legitimate interests — to respond to business enquiries, maintain website security and understand aggregate website performance. We balance these interests against your rights and expectations.
• Contract — where processing is necessary to enter into or perform a contract with you or your organisation.
• Legal obligation — for record‑keeping, taxation or responding to lawful requests.

Cookies and similar technologies

We use cookies to make our website work and to measure performance. Under PECR, non‑essential cookies (for example, analytics) require your consent. Our cookie banner lets you accept, reject or manage categories at any time. For details of cookie names, purposes and durations, please see our separate Cookies Policy.

Who we share data with

We limit access to personal data to those who need it. We may share personal data with:

• Service providers who host our website, send emails or provide analytics, all under appropriate contracts and confidentiality obligations.
• Professional advisers (legal, accounting or insurance) where reasonably necessary.
• Authorities when required to comply with the law or to protect our rights or users’ safety.
• Business transfers in the context of a merger, acquisition or restructuring, subject to confidentiality and continued protections.

International transfers

Where personal data is transferred outside the UK, we ensure an adequate level of protection. This may include using the UK Addendum to the EU Standard Contractual Clauses, the International Data Transfer Agreement (IDTA), or transfers to countries with adequacy regulations. We take steps to assess vendor security and restrict onward transfers.

Data retention

We keep personal data only as long as necessary for the purposes described in this policy, and then delete or anonymise it. Typical retention periods are:

• Enquiry data: up to 24 months after last interaction unless you ask us to delete sooner.
• Contract and project data: for the contract term plus up to 7 years to meet legal and audit requirements.
• Marketing preferences: until you withdraw consent or unsubscribe.
• Cookie preferences: as stated in our Cookies Policy.

Your rights

You have rights under UK GDPR, subject to conditions and exemptions:

• Access — request a copy of your personal data we hold.
• Rectification — ask us to correct inaccurate or incomplete data.
• Erasure — request deletion in certain circumstances.
• Restriction — ask us to limit processing while a concern is investigated.
• Portability — receive your data in a structured, commonly used format and (where technically feasible) request that we transfer it to another controller.
• Object — object to processing based on legitimate interests or to direct marketing at any time.
• Automated decisions — the right not to be subject to decisions based solely on automated processing that have legal or similarly significant effects.

To exercise your rights, please contact us using the details below. We may request proof of identity to protect your information. You also have the right to lodge a complaint with the UK Information Commissioner’s Office (ICO). See ico.org.uk for guidance.

Security

We maintain technical and organisational measures to protect personal data, including access controls, encryption in transit, environment segregation and regular reviews of vendor security. No system is perfectly secure, but we work to reduce risk using defence‑in‑depth. If you discover a security issue, please contact our security team using the details below; we welcome responsible disclosure.

Children

Our website is not directed at children and we do not knowingly collect personal data from anyone under 13. If you believe a child has provided personal data to us, please contact us and we will take steps to delete it.

Changes to this policy

We may update this policy to reflect changes in law or our practices. We will post the new version here and update the “Last updated” date at the top. If the changes are significant, we may provide additional notice.

How to contact us

If you have questions about this policy or your personal data, please contact:

• Primepath Venturs Ltd.
• Company No: [Add Company Number]
• Registered office: [Add Registered Office Address]
• Email (general privacy): privacy@example.com
• Email (security): security@example.com

If we appoint a Data Protection Officer (DPO) or UK representative, we will add their contact details here.