Legal

Privacy Policy

Last updated: March 2026

1. Introduction

Vindico ICS Ltd ("Vindico", "we", "us", or "our") is committed to protecting and respecting your privacy. We are a company registered in England and Wales, operating from Vindico Arena, Olympian Dr, Cardiff, CF11 0JS.

This Privacy Policy explains how we collect, use, store, and share your personal data when you visit our website at vindico.net, use our services, or otherwise interact with us. It also describes your rights in relation to your personal data and how to contact us if you have any questions or concerns.

We are the data controller for the personal data we process, as defined under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. Please read this policy carefully to understand our practices regarding your personal data.

2. Information We Collect

We may collect and process the following types of personal data:

Information you provide to us

  • Name, email address, phone number, and company name when you submit a contact or enquiry form
  • Any additional information you choose to include in messages or correspondence with us
  • Details provided when you engage us for services, including billing and project-related information

Information collected automatically

  • Technical data such as your IP address, browser type and version, operating system, and device information
  • Usage data including pages visited, time spent on pages, navigation paths, and referring URLs
  • Cookie data and similar tracking technologies (see Section 8 below)
  • Analytics data collected through third-party services to help us understand how our website is used

Information from third parties

We may occasionally receive information about you from third parties, such as business partners, marketing platforms, or publicly available sources, where you have given consent for your data to be shared or where there is a legitimate basis for doing so.

3. How We Use Your Information

We use the personal data we collect for the following purposes:

  • Responding to enquiries: To reply to messages submitted through our contact forms, email, or phone
  • Providing services: To deliver the software development, consultancy, and technology services you have engaged us for
  • Improving our website: To analyse usage patterns and optimise the performance, content, and user experience of our website
  • Marketing communications: To send you information about our services, events, or updates where you have provided your consent or where we have a legitimate interest in doing so. You can opt out at any time
  • Legal and regulatory compliance: To comply with applicable laws, regulations, and legal processes
  • Business administration: To manage our business operations, including invoicing, record-keeping, and internal reporting

4. Legal Basis for Processing (GDPR)

Under the UK GDPR, we must have a valid legal basis for processing your personal data. We rely on the following bases depending on the context:

Consent

Where you have given us clear, affirmative consent to process your personal data for a specific purpose, such as receiving marketing communications or accepting non-essential cookies. You may withdraw your consent at any time by contacting us.

Contract performance

Where processing is necessary to perform a contract we have with you, or to take steps at your request before entering into a contract. This includes processing data to deliver our services and manage our business relationship with you.

Legitimate interests

Where processing is necessary for our legitimate business interests, provided those interests are not overridden by your rights and freedoms. This includes improving our website, analysing how our services are used, and conducting business development activities. We carefully assess and balance our interests against the potential impact on you before relying on this basis.

Legal obligation

Where processing is necessary to comply with a legal or regulatory obligation, such as maintaining financial records or responding to lawful requests from authorities.

5. How We Share Your Information

We do not sell, rent, or trade your personal data to third parties. We may share your data with the following categories of recipients where necessary:

  • Hosting providers: Third-party services that host our website and infrastructure, ensuring your data is stored securely
  • Analytics providers: Services such as Google Analytics that help us understand website usage patterns (data is aggregated and anonymised where possible)
  • Email and communication services: Platforms we use to manage and respond to enquiries and send communications
  • Professional advisers: Lawyers, accountants, and auditors where necessary for legitimate business purposes
  • Legal and regulatory bodies: Where required by law, regulation, or legal process

All third-party service providers are required to process your data in accordance with applicable data protection laws and only on our instructions. We take reasonable steps to ensure they provide sufficient guarantees to implement appropriate technical and organisational measures.

6. Data Retention

We retain your personal data only for as long as is necessary to fulfil the purposes for which it was collected, including to satisfy any legal, accounting, or reporting requirements.

  • Enquiry data: Contact form submissions and correspondence are retained for up to 24 months after our last interaction, unless a longer retention period is required for legal or business purposes
  • Client data: Information relating to contracts and service delivery is retained for up to 7 years after the end of the contractual relationship, in line with legal and accounting obligations
  • Analytics data: Website usage data is retained in aggregated or anonymised form and is typically held for up to 26 months
  • Marketing data: Your preferences and consent records are retained until you withdraw consent or unsubscribe

When personal data is no longer required, we will securely delete or anonymise it in accordance with our data retention procedures.

7. Your Rights

Under the UK GDPR, you have a number of rights in relation to your personal data. You may exercise these rights at any time by contacting us using the details provided in Section 12.

  • Right of access: You have the right to request a copy of the personal data we hold about you
  • Right to rectification: You have the right to request that we correct any inaccurate or incomplete personal data
  • Right to erasure: You have the right to request that we delete your personal data where there is no compelling reason for us to continue processing it
  • Right to restrict processing: You have the right to request that we restrict the processing of your personal data in certain circumstances
  • Right to data portability: You have the right to receive your personal data in a structured, commonly used, and machine-readable format, and to transmit it to another controller
  • Right to object: You have the right to object to the processing of your personal data where we are relying on a legitimate interest, or where we are processing your data for direct marketing purposes
  • Right to withdraw consent: Where we are relying on your consent to process your personal data, you have the right to withdraw that consent at any time. Withdrawal of consent does not affect the lawfulness of processing carried out before the withdrawal

We will respond to your request within one month. In certain circumstances, we may extend this period by a further two months, in which case we will inform you and explain the reason for the delay.

If you are not satisfied with our response, or believe we are processing your data unlawfully, you have the right to lodge a complaint with the Information Commissioner's Office (ICO). You can contact the ICO via their website at ico.org.uk or by phone on 0303 123 1113.

8. Cookies

Our website uses cookies and similar tracking technologies to distinguish you from other users, improve your browsing experience, and help us analyse website traffic. Cookies are small text files placed on your device when you visit our website.

We use essential cookies that are necessary for the website to function, as well as optional analytics and performance cookies that help us understand how visitors interact with our site. You can manage your cookie preferences at any time.

For full details about the cookies we use, their purposes, and how to manage your preferences, please refer to our Cookie Policy.

9. International Transfers

Some of the third-party service providers we use may process your personal data outside the United Kingdom or European Economic Area (EEA). Where this occurs, we ensure that appropriate safeguards are in place to protect your data in accordance with the UK GDPR.

These safeguards may include:

  • Transfers to countries that have been deemed to provide an adequate level of protection by the UK Secretary of State
  • Use of International Data Transfer Agreements (IDTAs) or the UK Addendum to the EU Standard Contractual Clauses
  • Where applicable, reliance on binding corporate rules or other approved transfer mechanisms

If you would like further information about the specific safeguards applied to your data, please contact us using the details in Section 12.

10. Security

We take the security of your personal data seriously and implement appropriate technical and organisational measures to protect it against unauthorised access, alteration, disclosure, or destruction. These measures include:

  • Encryption of data in transit using SSL/TLS protocols
  • Secure hosting infrastructure with regular security updates and monitoring
  • Access controls to limit who within our organisation can access personal data
  • Regular review and testing of our security practices and procedures
  • Staff training on data protection and information security best practices

While we strive to protect your personal data, no method of transmission over the internet or electronic storage is completely secure. We cannot guarantee absolute security, but we are committed to taking all reasonable steps to safeguard your information.

11. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or operational needs. Any changes will be posted on this page with an updated "Last updated" date.

Where changes are significant, we will take reasonable steps to notify you, such as displaying a prominent notice on our website or, where appropriate, contacting you directly. We encourage you to review this policy periodically to stay informed about how we are protecting your data.

12. Contact Us

If you have any questions about this Privacy Policy, wish to exercise your data protection rights, or have concerns about how we handle your personal data, please contact us: