Legal

Privacy Policy

How Ellexor collects, uses and protects your information. Written to comply with the UK GDPR and the Data Protection Act 2018.

Last updated: June 2026

1. Who we are

Ellexor ("we", "us", "our") is a digital studio based in the United Kingdom. For the purposes of UK GDPR we are the data controller for personal information collected via this website. You can reach our data team at [email protected].

2. What we collect

We collect only what we need to respond to enquiries and deliver our services:

  • Contact details — name, email, phone number and company, when you complete a form or email us.
  • Project information — anything you share about the work you'd like us to do.
  • Technical data — your browser type, device, language and a non-identifying analytics ping if you've consented.
  • Cookies — strictly necessary cookies only (see our Cookie Notice).

3. How we use it

We use your information to:

  • Respond to your enquiry and provide a quote or proposal.
  • Deliver the services you've engaged us for.
  • Invoice you and meet our legal record-keeping obligations.
  • Improve this website (anonymised analytics only, with consent).

4. Legal basis

We rely on the following lawful bases under UK GDPR:

  • Consent — when you submit a form or accept cookies.
  • Contract — to deliver services you've asked us to deliver.
  • Legitimate interests — to run our business, respond to enquiries, and keep our records secure.
  • Legal obligation — to comply with HMRC and other statutory requirements.

5. Who we share with

We don't sell your data. We share it only with trusted suppliers needed to run the business:

  • Email and document hosting (e.g. Google Workspace or Microsoft 365).
  • Accounting and invoicing software (e.g. Xero, FreeAgent).
  • Web hosting and infrastructure providers.
  • HMRC and other authorities, when legally required.

All suppliers are bound by data-processing agreements that meet UK GDPR standards.

6. International transfers

Where data is transferred outside the UK or EEA (for example to US-based service providers), we ensure appropriate safeguards are in place — typically the UK International Data Transfer Agreement or the EU Standard Contractual Clauses with a UK addendum.

7. How long we keep it

We keep enquiry records for up to 24 months. Client records are kept for the duration of the engagement and for 6 years afterwards to meet UK accounting and tax obligations.

8. Your rights

Under UK GDPR you have the right to:

  • Be informed about how we use your data.
  • Access the personal data we hold about you.
  • Have inaccurate data corrected.
  • Have your data erased ("right to be forgotten").
  • Restrict or object to processing.
  • Receive your data in a portable format.
  • Withdraw consent at any time.
  • Complain to the Information Commissioner's Office (ICO) — ico.org.uk.

To exercise any of these, email [email protected]. We'll respond within one calendar month.

9. Security

We use HTTPS everywhere, encrypted storage, role-based access, multi-factor authentication on critical systems, and regular backups. No method of transmission is 100% secure, but we treat your data with the level of care we'd want for our own.

10. Children

This website is not intended for children under 13. We don't knowingly collect data from children.

11. Changes to this policy

We may update this policy from time to time. Material changes will be flagged on this page with a new "Last updated" date.

12. Contact

Questions or requests? Email [email protected].