Privacy Policy | AnthroTek

AnthroTek Ltd ("we", "us", or "our") is committed to protecting your privacy and personal data. This Privacy Policy explains how we collect, use, store, and protect your information when you visit our website www.anthrotek.com, use our services, or interact with us.

We are the data controller responsible for your personal data and are committed to compliance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

1. Who We Are

AnthroTek Ltd
Company Number: 15811411
Registered Office: Unit 6 Victoria Way, Newmarket, England, CB8 7SH
Email: info@anthrotek.com
Website: www.anthrotek.com

Data Protection Officer: info@anthrotek.com

We are registered with the Information Commissioner's Office (ICO) for data protection purposes.

2. What Information We Collect

We collect and process the following categories of personal data:

2.1 Information You Provide Directly

When you request a quote or contact us:

Full name (first name and last name)
Email address
Phone number
Company name and role/job title
Project brief and technical specifications
Budget and timeline information
Sector and product interests
How you heard about us

When you request an NDA:

Legal entity name and country
Signatory name and email address
Confidentiality scope and duration preferences

When you become a customer:

Billing and delivery addresses
Purchase order details
Payment information (processed by our payment provider, not stored by us)
Project files, designs, and technical documentation
Communication records (emails, calls, meeting notes)

When you subscribe to our newsletter:

Email address
Name (optional)
Company (optional)
Communication preferences

2.2 Information We Collect Automatically

When you visit our website:

IP address (anonymised where possible)
Browser type and version
Device type and operating system
Pages visited and time spent on each page
Referring website or source
Date and time of visit
Cookie data (see our Cookie Policy)

From HubSpot tracking:

Visitor session data and behaviour patterns
Form submission history
Email engagement (opens, clicks)
Content downloads and page views

2.3 Information from Third Parties

We may receive information about you from:

LinkedIn (if you visit our page or engage with our content)
Trade show and event organizers (if you attend events where we exhibit)
Business partners or referrals (with appropriate consent)
Public sources (company websites, LinkedIn profiles for business contact purposes)

3. How We Collect Your Information

We collect your personal data through:

Website forms: Quote requests, contact forms, newsletter signups
Email communication: Direct correspondence with our team
Phone calls: Enquiries and customer support
Meetings: In-person or virtual meetings (with consent, we may take notes)
HubSpot CRM: Tracking and analytics on our website
Events and trade shows: Business card collection (with consent)
LinkedIn and social media: Public profile information for business outreach

4. Why We Collect Your Information (Legal Basis)

Under UK GDPR, we must have a lawful basis to process your personal data. We rely on the following legal bases:

4.1 Consent

Newsletter subscriptions: You explicitly opt in to receive marketing emails
Cookies: You consent through our cookie banner
Event photography: You consent to photos being used for marketing (where applicable)

You can withdraw consent at any time by clicking "unsubscribe" in emails, adjusting cookie settings, or contacting us.

4.2 Contract Performance

Quote requests and order processing: Necessary to provide you with quotes and deliver products/services
Customer support: Necessary to respond to your enquiries and resolve issues
Project delivery: Necessary to fulfil contractual obligations

4.3 Legitimate Interests

Business development: Contacting potential customers based on publicly available business information
Website analytics: Understanding how visitors use our site to improve user experience
Fraud prevention: Protecting against fraudulent orders or security threats
Internal record-keeping: Maintaining business records for operational purposes

We always balance our legitimate interests against your rights and will not use your data in ways you would not reasonably expect.

4.4 Legal Obligation

Tax and accounting: Retaining financial records for HMRC compliance
Health and safety: Maintaining records of visitors to our premises
Regulatory compliance: Responding to lawful requests from authorities

5. How We Use Your Information

5.1 Providing Products and Services

Processing quote requests and proposals
Delivering products and services under contract
Managing customer accounts and relationships
Providing technical support and after-sales service
Processing payments (through third-party payment processors)

5.2 Marketing and Communication

Sending you newsletters and product updates (with consent)
Informing you about new products, services, or offers
Inviting you to events, webinars, or trade shows
Sharing case studies, blog posts, or industry insights

You can opt out of marketing at any time — see Section 11.

5.3 Analytics and Improvement

Analysing website usage to improve user experience
Understanding customer preferences and behaviours
Conducting market research and customer surveys
Improving our products, services, and processes

5.4 Legal and Administrative

Complying with legal and regulatory obligations
Protecting against fraud and security threats
Enforcing our Terms of Engagement
Resolving disputes and legal claims

6. Who We Share Your Information With

We may share your personal data with the following categories of recipients:

6.1 Service Providers (Data Processors)

HubSpot (CRM and Marketing Platform)

Purpose: Customer relationship management, email marketing, website analytics
Location: United States (protected by Standard Contractual Clauses)
Data shared: Contact details, interaction history, email engagement

Cloudflare (Website Hosting and Security)

Purpose: Website hosting, content delivery, security
Location: Global CDN
Data shared: IP addresses, browser data (for security and performance)

Google Workspace (Email and Collaboration)

Purpose: Business email and file storage
Location: European data centres
Data shared: Email correspondence, shared documents

Payment Processors

Purpose: Processing customer payments
Location: UK/EU
Data shared: Payment card details (we do not store card data ourselves)

Accounting and Finance Software

Purpose: Invoicing, bookkeeping, tax compliance
Location: UK
Data shared: Customer names, addresses, invoice details

6.2 Professional Advisers

Lawyers, accountants, auditors, insurers (for legal, financial, or compliance purposes)
Only shared when necessary and under strict confidentiality

6.3 Legal and Regulatory Authorities

HMRC, ICO, law enforcement, courts (when legally required)

6.4 Business Transfers

In the event of a merger, acquisition, or sale of business assets, your data may be transferred to the new owner (we will notify you if this happens).

We do NOT:

Sell your personal data to third parties
Share your data with advertisers or data brokers
Use your data for purposes unrelated to our business relationship with you

7. International Data Transfers

Some of our service providers (notably HubSpot) process data in the United States. We ensure adequate protection through:

Standard Contractual Clauses (SCCs) approved by the UK Information Commissioner's Office
Data Processing Agreements requiring GDPR-equivalent protections
Privacy Shield certification (where applicable)
Contractual commitments to data security and confidentiality

Your data is protected to the same standard regardless of where it is processed.

8. How Long We Keep Your Information

We retain your personal data only for as long as necessary for the purposes described in this Privacy Policy, or as required by law.

Data Type	Retention Period	Reason
Website enquiries (no quote issued)	2 years	Business development, legitimate interest
Quote requests (no contract)	3 years	Potential future business, contract formation evidence
Customer contracts and orders	7 years after contract end	Legal obligation (tax, contract disputes)
Financial records (invoices, payments)	7 years	HMRC compliance requirement
Marketing contacts (newsletter)	Until unsubscribe + 30 days	Consent-based, removed upon withdrawal
Website analytics (anonymised)	26 months	HubSpot default retention
CCTV footage (if applicable)	30 days	Security and safety

After these periods, we securely delete or anonymise your data.

9. Your Rights Under UK GDPR

You have the following rights regarding your personal data:

9.1 Right to Access

Request a copy of the personal data we hold about you.

9.2 Right to Rectification

Correct any inaccurate or incomplete personal data.

9.3 Right to Erasure ("Right to be Forgotten")

Request deletion of your personal data in certain circumstances:

We no longer need it for the original purpose
You withdraw consent (where consent was the legal basis)
You object to processing and we have no overriding legitimate grounds
We processed your data unlawfully
Legal obligation requires deletion

Exceptions: We may refuse erasure if we need to retain data for legal compliance (e.g., tax records) or to defend legal claims.

9.4 Right to Restrict Processing

Request that we limit how we use your data while we:

Verify its accuracy
Determine the lawfulness of processing
Assess your objection to processing

9.5 Right to Data Portability

Receive your personal data in a machine-readable format (CSV or JSON) and transfer it to another service provider.

9.6 Right to Object

Object to processing based on legitimate interests (including marketing).

Direct marketing: You can object at ANY time by clicking "unsubscribe" or contacting us.

9.7 Right to Withdraw Consent

Where we rely on consent, you can withdraw it at any time (does not affect lawfulness of processing before withdrawal).

9.8 Rights Related to Automated Decision-Making

We do not use automated decision-making or profiling that produces legal effects or significantly affects you.

10. How to Exercise Your Rights

To exercise any of your rights, you can:

Email us: info@anthrotek.com
Write to us: Data Protection Officer, AnthroTek Ltd, Unit 6 Victoria Way, Newmarket, CB8 7SH

Use our online Data Subject Request Form: www.anthrotek.com/data-request

What Happens Next?

We will acknowledge your request within 48 hours
We will respond within 1 month (may extend by 2 months for complex requests)
We may ask for proof of identity to protect your data
We will provide the requested information free of charge (unless requests are manifestly unfounded or excessive)

11. Email Marketing and Unsubscribe

11.1 How We Use Email Marketing

We use HubSpot to send:

Newsletters: Product updates, industry insights, company news (monthly or less frequent)
Product announcements: New product launches, case studies
Event invitations: Webinars, trade shows, workshops

We only send marketing emails to contacts who have:

Explicitly opted in via our website
Provided business cards at events with consent
Engaged with us as customers (legitimate interest for relevant product updates)

11.2 How to Unsubscribe

Option 1: Click "Unsubscribe"
Every marketing email contains an "Unsubscribe" link at the bottom. Clicking it instantly removes you from our marketing list.

Option 2: Email Preferences
Manage your email preferences and choose specific types of emails.

Option 3: Contact Us
Email info@anthrotek.com with "UNSUBSCRIBE" in the subject line.

11.3 What Happens When You Unsubscribe?

You are removed from our marketing list within 24 hours
You will no longer receive newsletters, product announcements, or event invitations
You will still receive transactional emails (order confirmations, quote responses, customer support) if you are an active customer
We retain your email on a "suppression list" to ensure you don't get re-added accidentally

11.4 Unsubscribe from CRM Entirely

If you want us to delete all your data from our CRM (not just marketing emails), submit a Right to Erasure request via our Data Subject Request Form.

Note: If you have an active contract or outstanding orders, we may need to retain your data until obligations are fulfilled (we will explain this if it applies).

Want to unsubscribe from our emails?

You can unsubscribe at any time by clicking the "Unsubscribe" link in any email we send you.

Manage My Data & Email Preferences →

12. Cookies and Tracking Technologies

We use cookies to improve your website experience and analyse site usage. For full details, see our Cookie Policy.

Summary:

Strictly Necessary Cookies: Essential for website function (no consent required)
Analytics Cookies: HubSpot tracking for website analytics (requires consent)
Marketing Cookies: Track your visit for targeted content (requires consent)

Manage cookie preferences: Click "Cookie Settings" in the footer or adjust your browser settings.

13. Data Security

We take data security seriously and implement appropriate technical and organisational measures:

13.1 Technical Measures

Encryption: Data transmitted via HTTPS (SSL/TLS encryption)
Access controls: Role-based access to customer data
Secure storage: HubSpot uses encrypted cloud storage
Backups: Regular encrypted backups
Firewalls and intrusion detection: Protecting against unauthorised access

13.2 Organisational Measures

Staff training: Employees trained on GDPR and data protection
Confidentiality agreements: All staff sign NDAs
Data minimisation: We only collect data we actually need
Regular audits: Periodic reviews of data processing activities
Incident response plan: Procedures for data breach notification

13.3 Data Breach Notification

If a data breach occurs that poses a risk to your rights:

We will notify the ICO within 72 hours
We will notify affected individuals without undue delay
We will explain what happened, what data was affected, and what steps we are taking

14. Children's Privacy

Our website and services are intended for businesses and professionals. We do not knowingly collect personal data from children under the age of 16.

If you believe we have inadvertently collected data from a child, please contact us immediately at info@anthrotek.com and we will delete it.

15. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect:

Changes in our data processing activities
New legal or regulatory requirements
Improvements to our practices

When we make significant changes:

We will update the "Last Updated" date at the top
We will notify active customers by email
We will display a prominent notice on our website

We encourage you to review this Privacy Policy periodically.

16. Contact Us

If you have any questions or concerns about this Privacy Policy or our data practices, please contact us:

Email: info@anthrotek.com
Address: Data Protection Officer, AnthroTek Ltd, Unit 6 Victoria Way, Newmarket, CB8 7SH, United Kingdom

Data Subject Request Form: www.anthrotek.com/data-request

17. How to Complain

If you believe we have not handled your personal data properly, you have the right to lodge a complaint with the UK's supervisory authority:

Information Commissioner's Office (ICO)
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF

Telephone: 0303 123 1113
Website: https://ico.org.uk
Report a concern: https://ico.org.uk/make-a-complaint/

We would appreciate the opportunity to resolve your concern before you contact the ICO, so please contact us first if possible.

Acknowledgement

By using our website, requesting quotes, or engaging with our services, you acknowledge that you have read and understood this Privacy Policy.

PrivacyPolicy