Privacy and data protection policy
Information About Us
This website (“innoyx.com”) is owned and operated by Innoyx. We are a company registered in Wyoming, USA
Introduction
In its day-to-day business activities, Innoyx collects and processes data relating to:
Current, past, and prospective employees
Customers and clients
Website users
Newsletter subscribers
This policy outlines how Innoyx complies with relevant data protection legislation, especially the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. It applies to all systems, personnel, and processes involved in the handling of personal data.
This includes employees, board members, suppliers, and third parties who have access to Innoyx systems or data.
Relevant supporting documents include:
Data Protection Impact Assessment Process
Information Security Incident Response Procedure
GDPR Roles, Responsibilities and Authorities
Records Retention and Protection Policy
The General Data Protection Regulation (GDPR)
The GDPR is a cornerstone of data protection law in the UK. It mandates strict requirements on the collection, storage, and use of personal data. Non-compliance can result in significant fines. Innoyx ensures compliance with GDPR is demonstrable at all times.
Key Definitions
Personal Data
Information relating to an identified or identifiable individual—such as a name, identification number, IP address, location data, or any information specific to that person’s identity.
Processing
Any action taken on personal data—automated or manual—including collecting, storing, using, transmitting, or deleting.
Controller
The entity (Innoyx) that determines how and why personal data is processed.
GDPR Principles
We ensure personal data is:
Lawfully, fairly, and transparently processed
Collected for specified, explicit, and legitimate purposes
Adequate, relevant, and limited to what’s necessary
Accurate and up-to-date
Stored no longer than necessary
Secure, using technical and organisational measures
Individual Rights Under GDPR
Individuals (data subjects) have the following rights:
To be informed
Access to their data
Rectification of errors
Erasure (“right to be forgotten”)
Restriction of processing
Data portability
Objection to processing
Rights regarding automated decision-making
These requests are processed within 1 month or “without undue delay” where required.
Consent
Where applicable, Innoyx will obtain explicit consent for data collection and processing. If under 16, parental consent is required. Consent details will be clear, accessible, and revocable.
Privacy by Design
We adopt privacy by design principles, embedding data protection into all systems and operations, and conduct Data Protection Impact Assessments where applicable.
Assessments include:
Purpose of data processing
Data minimisation and necessity
Risk evaluation
Mitigation measures (e.g., pseudonymisation)
International Data Transfers
Data transfers outside the UK or EU are evaluated for GDPR compliance. Transfers occur only where safeguards such as adequacy decisions, Standard Contractual Clauses (SCCs), or Binding Corporate Rules (BCRs) are in place.
How We Collect and Use Personal Data
1. Site Visitation Tracking
We use Google Analytics to monitor usage patterns. This includes anonymised data such as device, browser, location, and time spent on the site. IP addresses are anonymised and not accessible to us.
2. Contact Forms
Data submitted via forms is stored securely and emailed to us via encrypted protocols (TLS/SSL). These details are used only to respond to your inquiries.
3. Email Newsletters
If you opt-in to our newsletter, your email address is processed by Mailchimp, a GDPR-compliant third-party provider. You may unsubscribe anytime using the link in our emails.
Data Storage
Data submitted via the website is stored in our website’s WordPress database. Currently, data is stored in an identifiable form. We aim to implement pseudonymisation in future updates to increase security.
Server Details
Our website is hosted by [Insert Hosting Provider] within [Insert Country or Region] data centers. Security features include:
Malware scanning
Brute-force attack protection
Web application firewall
SSL-encrypted traffic (HTTPS)
DDoS protection
Third-Party Data Processors
We use trusted third-party processors including but not limited to:
Google Analytics (Website Analytics)
Mailchimp (Email Marketing)
All third-party providers are GDPR-compliant and have contractual data processing agreements with Innoyx.