PRIVACY POLICY
Last Updated: 30 April 2024
Version: 1.0 (GDPR Compliant)
1. INTRODUCTION
TURGON MANAGEMENT LTD (“we”, “us”, “our”) is committed to protecting and respecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information when you visit our website www.turgonmanagementltd.com (the “Website”) or use our digital marketing services.
This policy is designed to comply with the UK General Data Protection Regulation (UK GDPR), the EU General Data Protection Regulation (EU GDPR), the Data Protection Act 2018, and the Privacy and Electronic Communications Regulations (PECR).
Important: Please read this Privacy Policy carefully. By accessing or using our Website or services, you acknowledge that you have read, understood, and agree to be bound by the terms of this Privacy Policy. If you do not agree with this policy, please do not use our Website or services.
2. DATA CONTROLLER INFORMATION
Data Controller:
TURGON MANAGEMENT LTD
Company Registration Number: 13614887
Registered Office Address: 167-169 Great Portland Street, 5th Floor, London, W1W 5PF, United Kingdom
Contact for Privacy Matters:
Email: [email protected]
Postal Address: 167-169 Great Portland Street, 5th Floor, London, W1W 5PF, United Kingdom
Data Protection Contact:
For all data protection queries, please contact us at: [email protected]
EU Representative (Article 27 GDPR):
As we are established in the UK and offer services to data subjects in the European Union, we are required to appoint an EU representative:
Instant EU GDPR Representative Ltd
EU Dublin Address: INSTANT EU GDPR REPRESENTATIVE LIMITED Office 2 12A
Lower Main Street,Lucan Co. Dublin K78 X5P8 Ireland
Email: [email protected]
Note: We are not required to appoint a Data Protection Officer (DPO) under current regulations, but we have designated a privacy contact person responsible for overseeing compliance with data protection laws.
3. INFORMATION WE COLLECT
We collect and process the following categories of personal information:
3.1 Information You Provide Directly
When you contact us via email or other communication channels, we may collect:
- Contact Information: Name, business email address, company name, job title
- Communication Data: The content of your messages, inquiries, and correspondence with us
- Business Information: Information about your business needs, project requirements, and service preferences
3.2 Information Collected Automatically
When you visit our Website, we automatically collect certain technical information:
- Device Information: IP address, browser type and version, operating system, device type
- Usage Data: Pages visited, time spent on pages, referring website, date and time of visits
- Technical Data: Browser settings, time zone settings, location data (country/city level only)
3.3 Cookies and Similar Technologies
We use essential cookies necessary for the Website to function properly. For detailed information about our cookie usage, please refer to Section 10 (Cookie Policy).
We DO NOT collect:
- Special categories of personal data (racial origin, political opinions, religious beliefs, health data, biometric data, genetic data)
- Financial information (credit card details, bank account information)
- Criminal conviction or offence data
- Data from children under 16 years of age
4. LEGAL BASIS FOR PROCESSING
We process your personal data based on the following legal grounds under Article 6 of the UK/EU GDPR:
| Processing Activity | Legal Basis | Description |
|---|---|---|
| Responding to inquiries and providing services | Contract Performance (Art. 6.1.b) | Processing is necessary to respond to your request or to perform a contract with you |
| Business communications and relationship management | Legitimate Interest (Art. 6.1.f) | We have a legitimate business interest in communicating with potential and existing clients |
| Website functionality and security | Legitimate Interest (Art. 6.1.f) | Ensuring our Website operates securely and efficiently |
| Marketing communications (where applicable) | Consent (Art. 6.1.a) or Legitimate Interest (Art. 6.1.f) | With your explicit consent or based on legitimate business interest for B2B marketing |
| Legal compliance and record-keeping | Legal Obligation (Art. 6.1.c) | To comply with legal and regulatory requirements |
5. HOW WE USE YOUR INFORMATION
We use the personal information we collect for the following purposes:
5.1 Service Delivery
- To respond to your inquiries about our digital marketing services (SEO, PPC, social media marketing, email marketing, website development, mobile app development)
- To provide quotes, proposals, and service information
- To deliver and manage the services you have requested
- To communicate with you about ongoing projects and service updates
5.2 Business Operations
- To maintain accurate business records and client relationship management
- To improve our services and develop new offerings
- To analyze Website usage and optimize user experience
- To troubleshoot technical issues and maintain Website security
5.3 Marketing Communications (B2B Only)
- To send you relevant information about our services, case studies, and industry insights
- To provide newsletters and updates about digital marketing trends (where you have opted in or where permitted under B2B soft opt-in rules)
Your Right to Opt-Out:ย You can unsubscribe from marketing communications at any time by clicking the “unsubscribe” link in our emails or by contacting us at [email protected].
B2B Marketing Legal Basis: – UK: Under PECR Regulation 22, we may send electronic marketing to corporate subscribers based on legitimate business interest, provided recipients can easily opt out. – EU: We comply with national ePrivacy laws. Where required by specific EU member states, we only send marketing communications with explicit prior consent.
5.4 Legal and Compliance
- To comply with legal obligations, including tax and accounting requirements
- To establish, exercise, or defend legal claims
- To protect our rights, property, and safety, and that of our clients and third parties
6. DATA RETENTION
We retain your personal data only for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law.
Retention Periods:
| Data Category | Retention Period | Justification |
|---|---|---|
| Inquiry and correspondence data (non-client) | 24 months from last contact | Legitimate interest in maintaining business development records |
| Client relationship data (active clients) | Duration of relationship + 6 years | Legal obligation for tax, accounting, and potential legal claims (Limitation Act 1980) |
| Marketing consent records | Until consent is withdrawn + 3 years | Legal obligation to demonstrate compliance with PECR and GDPR |
| Website analytics and logs | 12 months maximum | Legitimate interest in maintaining server logs for security and technical troubleshooting. We do NOT use Google Analytics or third-party tracking cookies |
| Financial and accounting records | 7 years from end of financial year | Legal obligation under UK tax law (HMRC requirements) |
After the retention period expires, we will securely delete or anonymize your personal data. In some cases, we may retain anonymized or aggregated data indefinitely for statistical purposes.
7. DATA SHARING AND DISCLOSURE
We do not sell, rent, or trade your personal data to third parties. We may share your information only in the following circumstances:
7.1 Service Providers (Data Processors)
We engage trusted third-party service providers who process personal data on our behalf under strict contractual obligations:
| Service Provider Category | Purpose | Location | Safeguards |
|---|---|---|---|
| Web Hosting (Namecheap) | Website hosting and infrastructure | USA / UK | GDPR-compliant Data Processing Agreement, standard contractual clauses where applicable |
| Email Services | Business email communications | EU/UK | ISO 27001 certified, GDPR-compliant processors |
| IT Support Services | Technical maintenance and support | UK/EU | Confidentiality agreements, limited access |
All service providers are carefully selected and required to:
- Process data only on our documented instructions
- Implement appropriate technical and organizational security measures
- Maintain confidentiality of personal data
- Assist us in responding to data subject rights requests
- Delete or return data upon termination of services
7.2 Legal Requirements
We may disclose your personal data if required by law, regulation, legal process, or governmental request, including to:
- Comply with legal obligations (e.g., tax authorities, regulatory bodies)
- Respond to valid court orders or subpoenas
- Protect our rights, property, or safety, or that of others
- Investigate and prevent fraud, security breaches, or illegal activities
7.3 Business Transfers
In the event of a merger, acquisition, reorganization, or sale of assets, your personal data may be transferred to the successor entity. We will notify you of any such change and the choices you may have regarding your personal data.
7.4 International Data Transfers
Some service providers may process data outside the UK/EEA (e.g., USA-based hosting infrastructure). Where such transfers occur, we implement appropriate safeguards: – Standard Contractual Clauses (SCCs) approved by the European Commission (2021 version) – Supplementary measures: encryption in transit (TLS/SSL) and at rest, strict access controls, contractual data protection obligations – Transfer Impact Assessments to ensure adequate protection levels You have the right to request copies of the safeguards in place by contacting [email protected].
8. DATA SECURITY
We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction:
Security Measures:
- Encryption: Data transmission is secured using SSL/TLS encryption (HTTPS)
- Access Controls: Strict access controls and authentication procedures for authorized personnel only
- Secure Hosting: Our Website is hosted on secure servers with regular security updates and monitoring
- Data Minimization: We collect and retain only the data necessary for our purposes
- Regular Backups: Regular data backups to prevent data loss
- Employee Training: Staff are trained on data protection principles and security practices
- Incident Response: Procedures in place to detect, report, and investigate security incidents
Data Breach Notification: In the event of a personal data breach that poses a risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours and inform you without undue delay, as required by Article 33-34 of the GDPR.
While we strive to protect your personal data, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security but will take all reasonable steps to protect your information.
9. YOUR DATA PROTECTION RIGHTS
Under the UK GDPR and EU GDPR, you have the following rights regarding your personal data:
9.1 Right of Access (Article 15)
You have the right to request a copy of the personal data we hold about you, along with information about how we use it.
9.2 Right to Rectification (Article 16)
You have the right to request correction of inaccurate or incomplete personal data we hold about you.
9.3 Right to Erasure / “Right to be Forgotten” (Article 17)
You have the right to request deletion of your personal data in certain circumstances, such as:
- The data is no longer necessary for the purposes it was collected
- You withdraw your consent (where processing is based on consent)
- You object to processing based on legitimate interests, and there are no overriding legitimate grounds
- The data has been unlawfully processed
9.4 Right to Restriction of Processing (Article 18)
You have the right to request restriction of processing your personal data in certain situations, such as when you contest the accuracy of the data or object to processing.
9.5 Right to Data Portability (Article 20)
Where processing is based on consent or contract and carried out by automated means, you have the right to receive your personal data in a structured, commonly used, and machine-readable format, and to transmit it to another controller.
9.6 Right to Object (Article 21)
You have the right to object to:
- Processing based on legitimate interests (Art. 6.1.f)
- Direct marketing at any time (including profiling for marketing purposes)
9.7 Right to Withdraw Consent (Article 7.3)
Where processing is based on your consent, you have the right to withdraw that consent at any time. This will not affect the lawfulness of processing before the withdrawal.
9.8 Right Not to be Subject to Automated Decision-Making (Article 22)
You have the right not to be subject to decisions based solely on automated processing, including profiling, which produces legal effects or similarly significantly affects you.
Note: We do not engage in automated decision-making or profiling.
How to Exercise Your Rights:
To exercise any of these rights, please contact us at:
Email: [email protected]
Subject Line: “Data Subject Rights Request”
Include: Your full name, email address, and specific request details
Response Time: We will respond to your request within one month of receipt. In complex cases, we may extend this by a further two months, and we will inform you of the delay and reasons.
Verification: To protect your privacy, we may ask you to verify your identity before processing your request.
No Fee: Exercising your rights is free of charge, unless your request is manifestly unfounded or excessive, in which case we may charge a reasonable administrative fee or refuse the request.
9.9 Right to Lodge a Complaint
You have the right to lodge a complaint with a supervisory authority if you believe we have processed your personal data unlawfully or violated your rights:
UK Supervisory Authority:
Information Commissioner’s Office (ICO)
Website: www.ico.org.uk
Helpline: 0303 123 1113
Online Reporting: ico.org.uk/make-a-complaint
EU Supervisory Authority:
If you are located in the EU, you may contact your local data protection authority. A list of EU authorities can be found at: edpb.europa.eu
We encourage you to contact us first so we can address your concerns directly.
10. COOKIE POLICY
Our Website uses cookies and similar technologies to enhance your browsing experience and ensure the Website functions properly.
What are Cookies?
Cookies are small text files stored on your device when you visit a website. They help websites remember your preferences and improve functionality.
Cookies We Use:
| Cookie Name | Type | Purpose | Duration | Legal Basis |
|---|---|---|---|---|
| PHPSESSID | Strictly Necessary | Maintains session state for Website functionality | Session (deleted when browser closes) | Legitimate Interest |
| cookie_consent | Strictly Necessary | Remembers your cookie consent preferences | 12 months | Legal Obligation |
| wordpress_* | Strictly Necessary | WordPress technical cookies for site functionality | Session / 1 year | Legitimate Interest |
Important: We do NOT use:
- Marketing or advertising cookies
- Analytics cookies (e.g., Google Analytics)
- Social media tracking cookies
- Third-party profiling cookies
All cookies we use are strictly necessary for the Website to function and do not require your consent under PECR Regulation 6(1)(a).
Technical Logs: We maintain server logs (IP addresses, timestamps, pages accessed) for security and troubleshooting purposes. These logs are kept for 12 months and do NOT constitute profiling or tracking cookies.
Managing Cookies:
You can control and manage cookies through your browser settings:
- Chrome: Settings > Privacy and Security > Cookies and other site data
- Firefox: Settings > Privacy & Security > Cookies and Site Data
- Safari: Preferences > Privacy > Manage Website Data
- Edge: Settings > Cookies and site permissions
Please note: Disabling strictly necessary cookies may affect Website functionality.
11. THIRD-PARTY WEBSITES
Our Website may contain links to third-party websites for your convenience and information. We are not responsible for the privacy practices or content of these external sites.
When you click on a third-party link, you leave our Website and are subject to that website’s privacy policy. We encourage you to read the privacy policies of any third-party websites you visit.
This Privacy Policy applies only to information collected by TURGON MANAGEMENT LTD through our Website and services.
12. CHILDREN’S PRIVACY
Our Website and services are intended for business-to-business (B2B) use and are not directed at individuals under the age of 16.
We do not knowingly collect personal data from children under 16. If we become aware that we have inadvertently collected personal data from a child under 16, we will take steps to delete that information as soon as possible.
If you are a parent or guardian and believe your child has provided us with personal data, please contact us at [email protected].
13. CHANGES TO THIS PRIVACY POLICY
We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or for other operational, legal, or regulatory reasons.
When we make material changes to this policy, we will:
- Update the “Last Updated” date at the top of this policy
- Post the revised policy on our Website
- Where appropriate, notify you by email or through a prominent notice on our Website
We encourage you to review this Privacy Policy periodically to stay informed about how we protect your personal data.
Your continued use of our Website and services after any changes constitutes your acceptance of the updated Privacy Policy.
14. CONTACT US
Data Protection Queries:
If you have any questions, concerns, or requests regarding this Privacy Policy or our data protection practices, please contact us:
TURGON MANAGEMENT LTD
Privacy Contact
Email: [email protected]
Postal Address: 167-169 Great Portland Street, 5th Floor, London, W1W 5PF, United Kingdom
Response Time: We aim to respond to all privacy-related inquiries within 5 business days.
Complaints:
If you are not satisfied with our response, you have the right to complain to:
Information Commissioner’s Office (ICO)
Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
Website: www.ico.org.uk
Helpline: 0303 123 1113
15. LEGAL FRAMEWORK
This Privacy Policy is governed by and operates under the following legal frameworks:
- UK General Data Protection Regulation (UK GDPR) – As retained in UK law post-Brexit
- EU General Data Protection Regulation (EU GDPR) – Regulation (EU) 2016/679 (applicable to EU data subjects)
- Data Protection Act 2018 – UK implementation of GDPR
- Privacy and Electronic Communications Regulations (PECR) 2003 – As amended
- Electronic Communications Act 2000
16. DEFINITIONS
For the purposes of this Privacy Policy:
- “Personal Data” means any information relating to an identified or identifiable natural person
- “Processing” means any operation performed on personal data, including collection, storage, use, disclosure, or deletion
- “Data Controller” means TURGON MANAGEMENT LTD, which determines the purposes and means of processing personal data
- “Data Processor” means a third party that processes personal data on behalf of the Data Controller
- “Data Subject” means the individual to whom personal data relates
- “Consent” means any freely given, specific, informed, and unambiguous indication of agreement to processing
TURGON MANAGEMENT LTD | Company Number: 13614887 | Registered in England and Wales
167-169 Great Portland Street, 5th Floor, London, W1W 5PF, United Kingdom
ยฉ 2024 TURGON MANAGEMENT LTD. All rights reserved.
Privacy Policy Version 1.0 – Last Updated: 30 April 2024