Privacy Policy

Last updated: June 2026

1. Introduction

XX innovation Ltd (“we”, “our”, “us”) is committed to protecting your privacy and handling your personal data lawfully, fairly, and transparently. This Privacy Policy explains what personal data we collect, how we use it, our lawful bases for processing, how long we keep it, and your rights under the UK General Data Protection Regulation (UK GDPR).

This policy applies to all visitors and users of our website: https://xxinnovation.com

XX innovation Ltd is a private company limited by guarantee without share capital and operates as a non-profit organisation.

2. Personal Data We Collect

We collect only the minimum amount of personal data necessary to operate our website and respond to enquiries.

2.1 Information you provide directly

If you contact us by email, you may provide:

  • Name
  • Email address
  • Any information included in your message

We do not request or require sensitive personal data. Please avoid including medical, financial, or confidential information unless necessary.

2.2 Information collected automatically

When you visit our website, we automatically collect technical data for security and performance:

  • IP address
  • Browser type and version
  • Device and operating system
  • Pages visited and time spent
  • Referring website

This data is used solely for security and functionality purposes and is not used to identify you personally.

3. Lawful Basis for Processing

Under UK GDPR, we must identify a lawful basis for each type of processing:

  • Responding to enquiries: Legitimate interest (to respond to messages you send us)
  • Website security and functionality: Legitimate interest (to maintain a secure and functional website)
  • Legal obligations: Legal requirement (where we must retain data for compliance)

At the moment, we do not use your data for marketing.

4. How We Use Your Personal Data

We use your information to:

  • Respond to enquiries you send us
  • Maintain website security and functionality
  • Keep internal records
  • Comply with legal obligations

We do not sell, rent, or trade your personal data.

5. Third-Party Processors

We use trusted third-party service providers who process data on our behalf. These include:

  • Domain registrar (GoDaddy)
  • Website hosting provider (Hostinger)
  • Website platform and security (WordPress)
  • Email provider (Gmail / Google)
  • Embedded services such as Instagram or Google Maps (only if you consent)

All third-party processors comply with UK GDPR and act only on our instructions.

6. International Data Transfers

Some third-party providers (e.g. Instagram, Google) may process data outside the UK. Where this occurs, we rely on:

  • UK adequacy regulations, or
  • The UK International Data Transfer Agreement (IDTA), or
  • The UK Addendum to the EU Standard Contractual Clauses

These safeguards ensure your data is protected to UK GDPR standards.

7. Data Retention

We retain personal data only for as long as necessary for the purposes described:

  • Emails and enquiries: kept for up to 12 months, unless required longer for legal reasons
  • Technical logs: retained for security purposes for up to 30–90 days

When data is no longer needed, it is securely deleted.

8. Cookies and Tracking Technologies

Our website uses cookies solely to manage your consent preferences. These cookies are set by Complianz, our cookie consent management tool, and are classified as functional/essential. They do not track your behaviour or collect personal data.

Non-essential cookies (such as those from embedded Instagram or Google Maps content) are only activated after you give consent. If you consent to these services, they may set their own cookies on your device for their own purposes.

You can manage your cookie preferences at any time via the “Cookie Settings” link in the footer, or read our full Cookie Policy at https://xxinnovation.com/cookie-policy/.

9. How We Protect Your Data

We take appropriate technical and organisational measures to protect your personal data, including:

  • Encrypted website (HTTPS)
  • Secure hosting environment (Hostinger)
  • Website security managed through WordPress
  • Access controls and limited data access
  • Use of reputable third-party processors

While no system is completely secure, we take reasonable steps to protect your information.

10. Your Rights Under UK GDPR

You have the following rights regarding your personal data:

  • Right of access – request a copy of your data
  • Right to rectification – correct inaccurate data
  • Right to erasure – request deletion of your data
  • Right to restrict processing
  • Right to object to processing based on legitimate interests
  • Right to withdraw consent (for consent-based processing)
  • Right to data portability

To exercise any of these rights, contact us at: info@xxinnovation.com

We will respond within one month. You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO).

11. External Links and Embedded Content

Our website may contain links to external websites such as Instagram, LinkedIn, and Google Maps. We are not responsible for the privacy practices of external sites. Please review their privacy policies before interacting with them.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. Any changes will be posted on this page with an updated “Last Updated” date.

13. Contact Us

If you have questions about this Privacy Policy or how we handle your personal data, please contact us:

Email: info@xxinnovation.com

The person responsible for data protection at XX innovation is Chrysi Sergaki, who can be contacted at info@xxinnovation.com.