Privacy Policy

Last updated: February 2026

1. Introduction

XX innovation Ltd (“we”, “our”, “us”) is committed to protecting your privacy and handling your personal data lawfully, fairly, and transparently. This Privacy Policy explains what personal data we collect, how we use it, our lawful bases for processing, how long we keep it, and your rights under the UK General Data Protection Regulation (UK GDPR).

This policy applies to all visitors and users of our website:
https://xxinnovation.com

XX innovation Ltd is a private company limited by guarantee without share capital and operates as a non‑profit organisation.

2. Personal Data We Collect

We collect only the minimum amount of personal data necessary to operate our website and respond to enquiries.

2.1 Information you provide directly

If you contact us by email, you may provide:

  • Name
  • Email address
  • Any information included in your message

We do not request or require sensitive personal data.
Please avoid including medical, financial, or confidential information unless necessary.

2.2 Information collected automatically

When you visit our website, we automatically collect technical data for security and performance:

  • IP address
  • Browser type and version
  • Device and operating system
  • Pages visited and time spent
  • Referring website
  • Basic analytics data (non‑identifiable)

We use privacy‑friendly analytics that do not identify you personally.

3. Lawful Basis for Processing

Under UK GDPR, we must identify a lawful basis for each type of processing:

  • Responding to enquiries:
    Legitimate interest (to respond to messages you send us)
  • Website security and functionality:
    Legitimate interest (to maintain a secure and functional website)
  • Analytics and performance monitoring:
    Consent (only if you accept non‑essential cookies)
  • Legal obligations:
    Legal requirement (where we must retain data for compliance)

We do not use your data for marketing unless you explicitly request or consent to it.

4. How We Use Your Personal Data

We use your information to:

  • Respond to enquiries you send us
  • Maintain website security and functionality
  • Improve website performance and user experience
  • Keep internal records
  • Comply with legal obligations

We do not sell, rent, or trade your personal data.

5. Third‑Party Processors

We use trusted third‑party service providers who process data on our behalf. These include:

  • Website hosting provider (GoDaddy or equivalent)
  • Email service provider (e.g., Outlook, Gmail, or your hosting email)
  • Analytics provider (privacy‑friendly, non‑identifiable)
  • Security and firewall tools
  • Embedded services such as Instagram or Google Maps (only if you consent)

All third‑party processors comply with UK GDPR and act only on our instructions.

6. International Data Transfers

Some third‑party providers (e.g., Instagram, Google) may process data outside the UK.

Where this occurs, we rely on:

  • UK adequacy regulations, or
  • The UK International Data Transfer Agreement (IDTA), or
  • The UK Addendum to the EU Standard Contractual Clauses

These safeguards ensure your data is protected to UK GDPR standards.

7. Data Retention

We retain personal data only for as long as necessary for the purposes described:

  • Emails and enquiries: kept for up to 12 months, unless required longer for legal reasons
  • Technical logs: retained for security purposes for up to 30–90 days
  • Analytics data: anonymised and may be retained longer as it cannot identify individuals

When data is no longer needed, it is securely deleted.

8. Cookies and Tracking Technologies

Our website uses essential cookies for functionality and security.
Non‑essential cookies (analytics, embedded content, social media) are only activated after you give consent.

You can read our full Cookie Policy and manage your preferences at any time via the Cookie Settings link in the footer.

9. How We Protect Your Data

We take appropriate technical and organisational measures to protect your personal data, including:

  • Encrypted website (HTTPS)
  • Secure hosting environment
  • Access controls and limited data access
  • Regular monitoring for vulnerabilities
  • Use of reputable third‑party processors

While no system is completely secure, we take reasonable steps to protect your information.

10. Your Rights Under UK GDPR

You have the following rights regarding your personal data:

  • Right of access – request a copy of your data
  • Right to rectification – correct inaccurate data
  • Right to erasure – request deletion of your data
  • Right to restrict processing
  • Right to object to processing based on legitimate interests
  • Right to withdraw consent (for consent‑based processing)
  • Right to data portability

To exercise any of these rights, contact us at:
info@xxinnovation.com

We will respond within one month.

You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO).

11. External Links and Embedded Content

Our website may contain links to external websites such as:

  • Instagram
  • LinkedIn
  • Google Maps
  • External resources

We are not responsible for the privacy practices of external sites.
Please review their privacy policies before interacting with them.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time.
Any changes will be posted on this page with an updated “Last Updated” date.

13. Contact Us

If you have questions about this Privacy Policy or how we handle your personal data, contact:

Email: info@xxinnovation.com
Address:
XX innovation Ltd
182–184 High Street North
London
E6 2JA
England