Back to home

WBX1 LTD Privacy Policy

This Privacy Policy explains how WBX1 LTD ("WBX1", "we", "us", or "our") collects, uses, discloses, stores, and otherwise processes personal data through wbx1.org, related pages, and business communications. The policy is intended to support compliance with the UK GDPR, the EU GDPR, and other applicable UK/EU data protection laws.

Effective date: 2026-02-07 | Version: 1.0

1. Scope and Data Controller

WBX1 LTD acts as the data controller for personal data processed under this policy. This policy applies to visitors, prospective clients, business contacts, and other individuals who interact with us through the website or related communication channels.

Contact for privacy matters: privacy@wbx1.org.

2. Categories of Personal Data

  • Identity and contact data (for example, name, business email address, and company information that you provide).
  • Communication data (for example, enquiry content, project requirements, and correspondence records).
  • Technical and usage data (for example, IP address, request time, browser/device metadata, and service diagnostics).
  • Preference data stored on your device (for example, language and theme selections in local storage).
  • Service and commercial data where relevant to project delivery, contracting, invoicing, and support.

3. Sources of Personal Data

  • Directly from you (for example, contact forms, emails, calls, and project discussions).
  • Automatically from your use of our website and systems (for example, technical logs and security events).
  • From your organization or authorized representatives, where necessary for business engagement.

4. Purposes of Processing and Lawful Bases (GDPR Article 6)

  • Responding to enquiries and taking pre-contract steps (Article 6(1)(b)) or legitimate interests (Article 6(1)(f)).
  • Delivering contracted services, account management, and support (Article 6(1)(b)).
  • Maintaining system security, preventing abuse, and incident management (Article 6(1)(f)).
  • Complying with legal, regulatory, tax, and accounting obligations (Article 6(1)(c)).
  • Where legally required, relying on consent for specific optional activities (Article 6(1)(a)).

Where processing is based on legitimate interests, we apply a balancing assessment to ensure such interests are not overridden by your fundamental rights and freedoms.

5. Disclosure of Personal Data

We disclose personal data only where necessary and proportionate, including to contracted processors and service providers (such as hosting, email, security, and collaboration platforms), professional advisers, auditors, and competent authorities where required by law.

Processors are bound by contractual data protection obligations, including confidentiality, security, and data processing instructions. We do not sell personal data.

6. International Data Transfers

If personal data is transferred outside the UK or EEA, we implement lawful transfer mechanisms and safeguards as required, including adequacy decisions, EU Standard Contractual Clauses (SCCs), and the UK IDTA or UK Addendum where applicable.

7. Data Retention

We retain personal data only for as long as necessary for the purposes described in this policy, including legal, contractual, dispute-management, and compliance requirements. Retention periods are determined by data type, processing purpose, legal obligations, and applicable limitation periods.

When retention is no longer necessary, personal data is deleted, anonymized, or otherwise securely disposed of.

8. Security Measures

We apply appropriate technical and organizational measures to protect personal data, including access controls, least-privilege principles, secure transmission mechanisms, logging and monitoring, and vendor due diligence. No transmission or storage method is absolutely secure, but we maintain controls proportionate to the risk profile.

9. Data Subject Rights

Subject to applicable law and conditions, you may request access, rectification, erasure, restriction, objection, portability, and withdrawal of consent (where consent is the legal basis). You may also request information about safeguards for international transfers.

Requests should be sent to privacy@wbx1.org. We may request identity verification before processing a request.

10. Complaints

If you believe our processing does not comply with applicable law, you may contact us first. You also have the right to lodge a complaint with the UK Information Commissioner's Office (ICO) or your local EU/EEA supervisory authority.

11. Cookies and Local Storage

The website currently uses functional local storage for essential user preferences (for example, language and theme settings). If non-essential analytics or marketing technologies are introduced, we will provide appropriate notice and consent controls where required by law.

12. Children's Data

Our services are not directed to children under 16. We do not knowingly collect personal data from children under 16. If you believe such data has been provided, please contact us and we will take appropriate deletion steps.

13. Automated Decision-Making

We do not carry out solely automated decision-making, including profiling, that produces legal effects or similarly significant effects on individuals.

14. Third-Party Links

Our website may contain links to third-party sites or services. We are not responsible for the privacy practices of those third parties, and you should review their privacy notices separately.

15. Changes to This Policy

We may update this Privacy Policy from time to time to reflect legal, technical, or business changes. The updated version will be published on this page with a revised effective date.