Privacy Notice
This GDPR privacy notice sets out how we collect, use and protect your personal data when you contact us, visit our website or use our services. It answers common questions about our data protection practices and explains what personal data means.
Who We Are:
We are Athlex Limited (“Athlex”, “we”, “us” or “our”).
We are registered with Companies House (company number 16111225)
We are also registered with the Information Commissioners Office.
Contact If you have any questions about this Privacy Notice, how we process your personal data or would like to contact us about any other matter, please use the following contact information:
Email: hello@athlex.co.uk Address: Spurling Cannon Maidstone Road, Charing, Ashford, England, TN27 0JS
How we get your personal data:
We may collect your personal data directly from you, or your employer or organisation if they are using our services. For example:
- You contact us to request information about our services by phone, online form or email.
- You use our services.
- You make a data protection rights request.
- You sign up to receive emails or newsletters.
- You express interest in working with us.
- You complete a survey. Survey responses are usually anonymous. If we intend to collect personal data, we will make this clear at the time.
- We may also generate information about you while providing our advice and support.
We also receive personal information indirectly, including in the following scenarios:
- We receive your information as part of an investigation or data breach response
- We are reviewing evidence provided by an organisation we are providing services to.
- Your contact details are publicly available on your organisation’s website, or social media, and we use them to make contact.
- You have been listed as an emergency contact or referee by an employee of ours.
The personal data we collect:
- Name
- Company name and job title
- Contact details (including email address and phone number)
- Information about your role or responsibilities
- Any information you provide to us when you contact us or participate in meetings, workshops or assessments.
- Information shared with us or reviewed while delivering our services – this may include information about you in your role as an employee or customer of a client organisation.
- Payment Details.
We do not collect any details considered particularly sensitive under data protection law, such as health data, biometrics or ethnicity. Our services are not aimed at children.
How we use your personal data
We process your personal data to provide data protection and privacy consultancy services to our clients. This may include advising on compliance matters, reviewing documentation, or supporting the implementation of data protection frameworks.
Where our client is your employer or an organisation you are connected with (e.g. as an employee, supplier or customer), we may use your information to understand business practices, respond to queries or meet legal or regulatory obligations.
Our lawful basis for processing personal data
We only process personal data where we have a valid reason (known as a lawful basis) under data protection law. This may include where:
- We need to perform a contract with you
- We have a legitimate interest that is not overridden by your rights,
- We have a legal obligation to do so.
- We have your consent.
Where we receive information about individuals (such as employees or customers) from a client, we rely on legitimate interest to provide our services.
| Data type | Purpose | Lawful basis |
|---|---|---|
| Name and email address | To send marketing emails or newsletters |
|
| Cookie consent preferences | To record and apply your choices |
|
| Google Analytics data (IP address, browser info, pages visited) | To understand how visitors use the website | Consent (via cookie banner) |
| Google Ads tracking data | To deliver targeted ads and measure campaign performance | Consent (via cookie banner) |
| Click-through or conversion data | To evaluate campaign effectiveness | Legitimate interest (aggregated) |
| Social media profile info (e.g. name, username, public posts) | To engage with users or respond to comments |
|
| Interaction data (e.g. likes, shares and clicks) | To assess engagement and improve future campaigns | Legitimate interest |
| Contact data for ad targeting (e.g. Customer Audiences) | To target or exclude specific audiences |
|
| Third-party marketing provider access (e.g. DPOM) | To manage and deliver digital campaigns on our behalf |
|
Marketing and Advertising
We may use your personal data to send marketing communications, deliver online advertising and measure the effectiveness of our campaigns. This includes:
- email updates (where permitted)
- Google Ads and other online ad platforms
- Social media campaigns (e.g. Linkedin or Facebook Ads).
We work with trusted third-party providers – including digital marketing agencies such as DPOM – to help manage and deliver some of this activity.
Where we use online advertising tools (like Google Ads or social media marketing), we may share limited data (such as your email address) with platform providers to reach or exclude certain audiences.
Some platforms (such as Meta/Facebook and Linkedin) may act as joint controllers concerning this data. For more information on how these platforms use your personal data, please refer to their privacy notices [update as we have more clarity on this].
Email Marketing
We ask your consent to send email updates and newsletters. We use tools that include tracking pixels to assess open rates and engagement.
We only send direct marketing where we have a lawful basis, such as your consent or our legitimate interest in B2B marketing. We aim to ensure that all marketing is not just legally compliant, but also respectful and ethical.
You can unsubscribe at any time using the links in our emails or by contacting us at hello@athlex.co.uk
Marketing and Advertising – How we use personal data
| Data type | Purpose | Lawful basis |
|---|---|---|
| Name and email address | To send marketing emails or newsletters |
|
| Cookie consent preferences | To record and apply your choices |
|
| Google Analytics data (IP address, browser info, pages visited) | To understand how visitors use the website | Consent (via cookie banner) |
| Google Ads tracking data | To deliver targeted ads and measure campaign performance | Consent (via cookie banner) |
| Click-through or conversion data | To evaluate campaign effectiveness | Legitimate interest (aggregated) |
| Social media profile info (e.g. name, username, public posts) | To engage with users or respond to comments |
|
| Interaction data (e.g. likes, shares and clicks) | To assess engagement and improve future campaigns | Legitimate interest |
| Contact data for ad targeting (e.g. Customer Audiences) | To target or exclude specific audiences |
|
| Third-party marketing provider access (e.g. DPOM) | To manage and deliver digital campaigns on our behalf |
|
Who we share your personal data with
We may share your personal data, but only where it is lawful and fair to do so. This includes:
- Legal obligations – e.g. sharing data with law enforcement regulators, or in connection with legal proceedings.
- Service providers – such as marketing or IT support services. We ensure appropriate contracts and safeguards are in place.
- Audits or regulatory reviews – e.g. where our services are assessed by external parties.
- Corporate changes – if Athlex were ever sold or merged, we may share personal data with the other party, provided they continue to use it for the same purpose.
We do not sell your personal data.
International personal data transfers
All personal data we process is currently stored in the UK. If we ever need to transfer data internationally – for example to a supplier outside the UK – we will:
- Aim to use suppliers in countries with a UK ‘adequacy decision’ or
- Use standard contractual clauses or other safeguards required by UK data protection law.
How Long we keep your personal data
We only keep personal data for as long as we need it. Typically, this will be up to 6 years after our relationship end, to allow us to respond to any future queries or legal obligations.
In some cases, such as financial or employment-related records, we may need to retain data to comply with legal or regulatory requirements.
Your Rights
You have rights under UK data protection law. These include the right to:
- Be information about how we use your personal data. This privacy statement is one of the ways we do this.
- Access the personal data we hold about you.
- Update inaccurate or outdated information.
- Delete your information in certain circumstances.
- Object to our use of your data, especially for direct marketing.
- Restrict how we use your information.
- Data portability, though this is unlikely to apply given the nature of our services.
If you wish to exercise any of these rights, please contact us. We may ask you to verify your identity before we can review and action your request. We aim to respond within one calendar month.
How to raise a concern:
If you have concerns about how we have handled your personal data, please contact us and we will do our best to resolve matters.
If you remain dissatisfied, you have the right to raise a complaint with the Information Commissioner’s Office (ICO):
Tel: 0303 123 1113 or via their website
https://ico.org.uk/make-a-complaint/data-protection-complaints/
Links to other websites
Please remember if you use a link to go from our website to another website, or you request a service from a third party, this Privacy Statement will no longer apply once you have left our website. Your browsing and interaction on any other website is subject to that website’s own rules and policies.
Changes to this Privacy Notice
From time to time, we may update this Privacy Notice to reflect changes in how we use personal data. We encourage you to check this page from time to time to stay informed.
