Privacy Policy

Your privacy matters to us. This policy explains how zenithoravalex collects, uses, and protects your personal information when you use our cost management platform.

Last Updated: 15th January 2025

This privacy policy has been updated to reflect current UK data protection requirements and our latest practices.

Who We Are

zenithoravalex operates as a comprehensive cost management platform based in the United Kingdom. Our registered address is 167 Roslyn Rd, Hull HU3 6XH, United Kingdom. We're committed to protecting your personal data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

When we say "we," "us," or "our" in this policy, we're referring to zenithoravalex as the data controller responsible for your personal information. As a data controller, we determine the purposes and means of processing your personal data.

Information We Collect

We collect various types of information to provide and improve our services. The information we gather falls into several categories, each serving specific purposes for our platform operations.

Account Information: Your name, email address, telephone number, and company details when you register for our services

Financial Data: Cost tracking information, budget details, expense categories, and financial metrics you input into our platform

Usage Information: How you interact with our platform, features used, time spent, and navigation patterns

Technical Data: IP address, browser type, device information, operating system, and connection details

Communication Records: Messages, support tickets, feedback, and any correspondence with our team

Automatic Data Collection

Some information is collected automatically through cookies and similar technologies. This includes website analytics, performance data, and user behaviour patterns that help us improve our platform's functionality and user experience.

How We Use Your Information

Your personal information serves multiple purposes within our platform ecosystem. We process your data based on various lawful grounds under UK GDPR, ensuring every use has a legitimate basis and clear purpose.

Purpose	Data Used	Legal Basis
Service Provision	Account and financial data	Contract performance
Platform Improvement	Usage and technical data	Legitimate interests
Customer Support	Communication records	Contract performance
Security Monitoring	Technical and usage data	Legitimate interests
Legal Compliance	All relevant data	Legal obligation

We analyse usage patterns to understand how our cost management tools perform and where improvements might benefit users. This analysis helps us develop better features and resolve technical issues more effectively.

Data Sharing and Third Parties

We maintain strict control over your personal information and only share data when necessary for service provision or legal compliance. Our approach to data sharing follows the principle of data minimisation, ensuring we only share what's absolutely required.

Service Providers: Cloud hosting, payment processing, and technical support services that operate under strict data processing agreements

Professional Advisers: Legal, accounting, and consultancy services when required for business operations or compliance

Regulatory Bodies: UK authorities when legally required, such as HMRC, Information Commissioner's Office, or law enforcement

Business Transfers: Potential buyers or successors in the event of merger, acquisition, or asset sale with equivalent privacy protections

All third-party service providers undergo thorough vetting processes and must demonstrate adequate data protection measures. We establish data processing agreements that define exactly what data can be accessed, how it's used, and what security measures must be maintained.

Your Rights Under UK GDPR

UK data protection law grants you comprehensive rights regarding your personal information. These rights ensure you maintain control over how your data is processed and can make informed decisions about your privacy.

Right of Access

Request copies of your personal data and information about how we process it. We'll provide this within one month of your request.

Right to Rectification

Correct any inaccurate personal data or complete incomplete information we hold about you.

Right to Erasure

Request deletion of your personal data when it's no longer necessary or you withdraw consent.

Right to Restrict Processing

Limit how we process your data in specific circumstances, such as when accuracy is disputed.

Right to Data Portability

Receive your personal data in a structured, machine-readable format or transfer it to another provider.

Right to Object

Object to processing based on legitimate interests or for direct marketing purposes.

Exercising Your Rights

To exercise any of these rights, contact us at info@zenithoravalex.com with your request and proof of identity. We'll respond within one month and explain any reasons if we cannot comply with your request. You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) if you're unsatisfied with our response.

Data Security and Protection

We implement comprehensive security measures to protect your personal information from unauthorised access, alteration, disclosure, or destruction. Our security framework follows industry best practices and regulatory requirements.

Encryption: All data transmissions use SSL/TLS encryption, and sensitive data is encrypted at rest using AES-256 standards

Access Controls: Role-based access restrictions ensure only authorised personnel can access personal data on a need-to-know basis

Regular Testing: Quarterly security audits, penetration testing, and vulnerability assessments identify and address potential risks

Staff Training: Regular data protection training ensures our team understands their responsibilities and current best practices

Incident Response: Documented procedures for detecting, reporting, and responding to potential data breaches within 72 hours

Our servers are hosted in secure UK data centres with 24/7 monitoring, redundant systems, and physical security measures. We maintain regular backups and disaster recovery procedures to ensure data availability and integrity.

Data Retention Periods

We retain personal information only as long as necessary for the purposes outlined in this policy or as required by UK law. Different types of data have varying retention periods based on their purpose and legal requirements.

Data Type	Retention Period	Justification
Account Information	Duration of relationship plus 7 years	Legal and contractual obligations
Financial Data	7 years after account closure	UK tax and accounting requirements
Usage Analytics	2 years maximum	Platform improvement purposes
Marketing Consents	Until consent withdrawn	Consent-based processing
Support Communications	3 years after resolution	Service quality and legal protection

When retention periods expire, we securely delete or anonymise personal data using industry-standard methods. Some anonymised data may be retained indefinitely for statistical and research purposes, provided it cannot be linked back to individuals.

Cookies and Tracking Technologies

Our website uses cookies and similar technologies to enhance user experience, analyse performance, and provide personalised services. We categorise cookies based on their purpose and provide clear information about each type.

Essential Cookies: Required for basic website functionality, security, and user authentication - these cannot be disabled

Performance Cookies: Help us understand how visitors use our site through analytics and usage statistics

Functionality Cookies: Remember your preferences and settings to provide a personalised experience

Targeting Cookies: Used for relevant advertising and measuring campaign effectiveness when you consent

You can manage cookie preferences through your browser settings or our cookie preference centre. Disabling certain cookies may affect website functionality, but we'll always inform you of any limitations this might cause.

International Data Transfers

While we primarily process data within the UK, some of our service providers may transfer data internationally. When this occurs, we ensure appropriate safeguards are in place to protect your personal information.

Transfer Safeguards

All international transfers are protected by UK GDPR-approved mechanisms such as adequacy decisions, standard contractual clauses, or certification schemes. We conduct regular assessments to ensure ongoing protection standards and may suspend transfers if adequate protection cannot be guaranteed.

Before any international transfer, we evaluate the destination country's data protection laws and the recipient's ability to protect your data. We maintain records of all transfers and the safeguards applied, which are available upon request.

Children's Privacy

Our services are designed for business use and are not intended for individuals under 16 years old. We do not knowingly collect personal information from children, and our terms of service require users to be at least 16 years old.

If we discover that we've inadvertently collected personal information from someone under 16, we'll delete this information immediately and take steps to prevent future collection. Parents or guardians who believe we may have collected information about their child should contact us immediately.

Changes to This Policy

We review this privacy policy regularly and update it when necessary to reflect changes in our practices, technology, or legal requirements. Significant changes will be communicated through email notifications or prominent website notices.

We encourage you to review this policy periodically to stay informed about how we protect your privacy. The "Last Updated" date at the top indicates when the most recent changes were made. Continued use of our services after policy updates constitutes acceptance of the revised terms.

Contact Us About Privacy

If you have questions about this privacy policy or how we handle your personal data, please contact us using the information below:

Email: info@zenithoravalex.com
Phone: +441132440140
Address: 167 Roslyn Rd, Hull HU3 6XH, United Kingdom

We aim to respond to all privacy-related inquiries within 48 hours and will work with you to resolve any concerns about your personal data.