Privacy Policy

Effective date: 9 April 2026  ·  Pyxage Ltd  ·  UK CRN 11232293

1. Who We Are

Pyxage Ltd (UK Company No. 11232293), registered at 3 Daylesford, 494 Littlemoor Road, Weymouth, Dorset, DT3 5NY, United Kingdom, is the data controller for personal data collected through our website (pyxage.ro) and in the course of providing our services.

We are committed to protecting your personal data in accordance with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and - for individuals in the European Union, including Romania - the EU General Data Protection Regulation (EU GDPR, Regulation 2016/679) and Law no. 190/2018 (Romania's implementation of the EU GDPR).

For questions about this policy or your data, contact us at: contact@hq.pyxage.com

2. Data We Collect

2.1 Information You Provide Directly

  • Enquiry & contact forms: name, email address, phone number, company name, project description, budget range, timeline.
  • Booking forms: name, email, and any details you provide when booking a strategy call.
  • Email correspondence: any information you include when communicating with us.
  • Client onboarding: business details, billing information, and project-related data required to deliver services.

2.2 Information Collected Automatically

  • Usage data: pages visited, time on site, referral source, browser type, device type, and IP address - collected via analytics tools.
  • Cookies: we use strictly necessary cookies for site functionality and, where consented, analytics cookies to understand how visitors use our site. See Section 8 for details.

2.3 Information from Third Parties

We may receive your name and email when you interact with us via LinkedIn or other professional platforms, where you have chosen to contact us through those channels.

3. How We Use Your Data

PurposeLegal Basis (UK/EU GDPR)
Respond to enquiries and booking requestsLegitimate interests / Pre-contractual steps
Deliver services you have engaged us forPerformance of a contract
Send project updates, invoices, and communicationsPerformance of a contract
Improve our website and service qualityLegitimate interests
Send marketing communications (with your consent)Consent
Comply with legal and regulatory obligationsLegal obligation
Prevent fraud and ensure securityLegitimate interests / Legal obligation

Where we rely on legitimate interests, we have assessed that our interests are not overridden by your rights and freedoms. You may object to this processing at any time (see Section 7).

4. Data Retention

  • Client and financial records: retained for 7 years after the end of the client relationship, in line with UK Companies Act and HMRC obligations.
  • Enquiries that did not convert to a project: retained for up to 2 years, then securely deleted.
  • Marketing contact data: retained until you withdraw consent or object, after which it is deleted within 30 days.
  • Website analytics: aggregated and anonymised after 14 months.

5. Sharing Your Data

We do not sell your personal data. We may share it with:

  • Service providers & sub-processors: cloud infrastructure providers (e.g., Vercel, Sanity, Google), CRM tools, payment processors, and scheduling software - only to the extent necessary to provide our services and under appropriate data processing agreements.
  • Professional advisors: accountants, legal advisors, and insurers - subject to confidentiality obligations.
  • Regulatory authorities: HMRC, the Information Commissioner's Office (ICO), or other authorities where required by law.
  • Business transfers: in the event of a merger, acquisition, or sale of assets, your data may be transferred to the successor entity, subject to the same protections.

6. International Data Transfers

As a UK company with European operations, your data may be processed in the United Kingdom, Romania, and other countries where our service providers operate (including the United States). When transferring data outside the UK or EEA, we ensure appropriate safeguards are in place, such as:

  • UK International Data Transfer Agreements (IDTAs) or EU Standard Contractual Clauses (SCCs)
  • Transfers to countries with an adequacy decision by the UK Secretary of State or the European Commission

7. Your Rights

Under UK GDPR and EU GDPR, you have the following rights regarding your personal data:

  • Right of access: request a copy of the personal data we hold about you.
  • Right to rectification: ask us to correct inaccurate or incomplete data.
  • Right to erasure ("right to be forgotten"): request deletion of your data where there is no legitimate reason for us to continue processing it.
  • Right to restriction: ask us to restrict processing of your data in certain circumstances.
  • Right to data portability: receive your data in a structured, machine-readable format where processing is based on consent or contract.
  • Right to object: object to processing based on legitimate interests or for direct marketing purposes.
  • Rights related to automated decision-making: not to be subject to decisions based solely on automated processing that produce significant effects, without human review.
  • Right to withdraw consent: where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of prior processing.

To exercise any of these rights, email contact@hq.pyxage.com. We will respond within 30 days. We may ask for proof of identity before acting on your request.

8. Cookies

Our website uses the following categories of cookies:

  • Strictly necessary cookies: required for the website to function (e.g., language preference). These cannot be disabled.
  • Analytics cookies: used to understand how visitors interact with our site (e.g., pages visited, session duration). We use privacy-respecting analytics that anonymise IP addresses. These are only set with your consent.

You can manage cookie preferences through your browser settings. Disabling analytics cookies will not affect your ability to use the site.

9. Data Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, loss, destruction, or alteration. These include encrypted communications (HTTPS/TLS), access controls, and regular security reviews. However, no method of transmission over the internet is 100% secure.

10. Supervisory Authorities

If you are based in the United Kingdom, you have the right to lodge a complaint with the:

Information Commissioner's Office (ICO)

Website: ico.org.uk  ·  Tel: 0303 123 1113

If you are based in Romania or another EU member state, you may also contact your local data protection authority. For Romania:

Autoritatea Națională de Supraveghere a Prelucrării Datelor cu Caracter Personal (ANSPDCP)

Website: dataprotection.ro

We would appreciate the opportunity to address your concerns before you contact a supervisory authority - please reach out to us first.

11. Changes to This Policy

We may update this Privacy Policy periodically to reflect changes in our practices, technology, or legal requirements. The "effective date" at the top of this page indicates when the policy was last revised. We will notify you of material changes via email or a prominent notice on our website.

12. Contact Us

Pyxage Ltd - Data Controller

3 Daylesford, 494 Littlemoor Road, Weymouth, Dorset, DT3 5NY, United Kingdom

Email: contact@hq.pyxage.com

Company No: 11232293