Privacy Policy

Effective Date: January 1, 2026
Last Updated: January 2026

1. Introduction

Blendorvik Solutions Ltd ("we," "us," "our," or "Company") is committed to protecting your privacy and ensuring you have a positive experience on our website and when using our services. This Privacy Policy explains how we collect, use, disclose, and safeguard your information in accordance with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and all applicable UK and international data protection laws.

Please read this Privacy Policy carefully. If you do not agree with our policies and practices, please do not use our services. Your continued use of our services after any changes to this Privacy Policy constitutes your acceptance of those changes.

2. Information We Collect

We collect information in various ways, including information you provide directly and information collected automatically through your interactions with us.

2.1 Information You Provide Directly

• Contact Information: Name, email address, phone number, postal address, and company details
• Account Information: Username, password, and profile information when you create an account
• Communication Data: Messages, inquiries, feedback, and correspondence you send us
• Service Data: Information related to the services you request or use, including payment and billing information
• Technical Information: System configuration data, error reports, and technical support information
• Marketing Preferences: Your preferences regarding communications and marketing materials

2.2 Information Collected Automatically

• Browser and Device Information: Browser type, operating system, device identifiers, and mobile device information
• Usage Data: Pages visited, time spent on pages, clicks, search queries, and referral sources
• Location Data: Approximate location based on IP address (not precise geolocation)
• Cookies and Tracking Technologies: Persistent and session cookies, pixel tags, and similar tracking technologies
• Log Files: Access logs, error logs, and server logs containing IP addresses and timestamps

2.3 Information from Third Parties

We may receive information about you from third parties, including:

• Business partners and service providers
• Payment processors and financial institutions
• Marketing and analytics providers
• Publicly available sources and data brokers

3. Legal Basis for Processing

We process your personal data based on the following legal grounds under UK GDPR:

• Contract: Processing necessary to perform our contract with you or at your request
• Legal Obligation: Processing required by UK or EU law
• Legitimate Interests: Processing necessary for our or a third party's legitimate interests, provided it does not override your rights
• Consent: Where you have explicitly consented to specific processing activities
• Vital Interests: Processing necessary to protect vital interests of individuals
• Public Task: Processing necessary in the public interest

4. How We Use Your Information

We use the information we collect for various purposes, including:

• Providing, maintaining, and improving our services and products
• Processing transactions and sending related information
• Responding to inquiries, comments, and customer support requests
• Sending transactional emails and service announcements
• Sending marketing communications (with your consent where required)
• Analyzing usage patterns and improving user experience
• Detecting, preventing, and addressing fraud, abuse, and technical issues
• Complying with legal obligations and enforcing agreements
• Conducting research, surveys, and analytics
• Personalizing and customizing your experience
• Managing security and network operations
• Creating anonymous or aggregated data for analytical purposes

5. Data Sharing and Disclosure

We may share your personal data with the following categories of recipients:

5.1 Service Providers

We share data with third-party service providers who perform services on our behalf, including cloud hosting providers, payment processors, email service providers, analytics providers, and customer support platforms. These providers are contractually obligated to use your data only as necessary to provide services to us.

5.2 Business Partners

We may share information with business partners for joint marketing initiatives, integrations, or service offerings, with your consent where required.

5.3 Legal and Compliance

We may disclose your information when required by law, regulation, court order, or governmental request, or when necessary to protect our legal rights, privacy, safety, or property.

5.4 Business Transfers

In the event of a merger, acquisition, bankruptcy, or other business transaction, your information may be transferred as part of that transaction. We will provide notice before your data becomes subject to a different privacy policy.

5.5 Aggregated and De-Identified Data

We may share aggregated, anonymized, or de-identified data that cannot reasonably identify you with third parties for research, marketing, analytics, and other business purposes without restriction.

5.6 With Your Consent

We will share your personal data with third parties when you explicitly consent to such sharing.

6. International Data Transfers

Your information may be transferred to, stored in, and processed in countries other than your country of residence, including countries outside the UK. These countries may not have data protection laws equivalent to those in the UK.

When we transfer data internationally, we implement appropriate safeguards, including:

• Standard Contractual Clauses approved by the UK Information Commissioner's Office
• Binding Corporate Rules
• Adequacy decisions where applicable
• Your explicit consent

By using our services, you consent to the transfer of your information to countries outside the UK as described in this Privacy Policy.

7. Data Retention

We retain personal data for as long as necessary to fulfill the purposes for which it was collected, including to satisfy legal, accounting, or reporting requirements. Retention periods vary depending on the context and purpose of processing:

• Account Data: Retained for the duration of your account and for a reasonable period thereafter for business purposes
• Transaction Data: Retained for 7 years for tax and accounting purposes
• Marketing Data: Retained until you unsubscribe or withdraw consent
• Support Communications: Retained for 3 years for reference and dispute resolution
• Log Files and Analytics: Typically retained for 90 days
• Legal Claims: Retained for the duration of relevant legal obligations

When data is no longer needed, we securely delete or anonymize it. Some data may be retained in archived form for legal compliance purposes.

8. Your Rights Under UK GDPR

You have the following rights regarding your personal data:

8.1 Right of Access

You have the right to request access to the personal data we hold about you. We will provide you with a copy of your data in a structured, commonly used, and machine-readable format.

8.2 Right to Rectification

You have the right to request correction of inaccurate or incomplete personal data. We will update your information without undue delay.

8.3 Right to Erasure

You have the right to request deletion of your personal data in certain circumstances, including when it is no longer necessary or when you withdraw consent. However, we may retain data when required by law or for legitimate business purposes.

8.4 Right to Restrict Processing

You have the right to request that we limit how we use your data in certain situations, such as while we verify accuracy or legality of processing.

8.5 Right to Data Portability

You have the right to receive your personal data in a structured, commonly used, and machine-readable format and to transmit that data to another controller without hindrance.

8.6 Right to Object

You have the right to object to processing of your personal data for direct marketing purposes, as well as processing based on legitimate interests. We will cease such processing upon your request.

8.7 Right Not to Be Subject to Automated Decision Making

You have the right not to be subject to decisions based solely on automated processing that produces legal or similarly significant effects concerning you, except where necessary for a contract or with your explicit consent.

8.8 Right to Withdraw Consent

Where processing is based on your consent, you have the right to withdraw that consent at any time. Withdrawal does not affect the lawfulness of processing based on consent before withdrawal.

To exercise any of these rights, please contact us using the information provided in Section 13 below. We will respond to your request within 30 days (extendable by 60 days for complex requests) and without charge, unless your request is manifestly unfounded or excessive.

9. Security of Your Data

We implement comprehensive technical and organizational security measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. These measures include:

• Encryption of data in transit and at rest using industry-standard protocols (SSL/TLS)
• Secure access controls and authentication mechanisms
• Regular security audits and penetration testing
• Employee training and awareness programs
• Incident response and breach notification procedures
• Physical and logical security of our facilities
• Confidentiality agreements with service providers and employees
• Regular software updates and vulnerability patching

While we strive to protect your data using reasonable security measures, no method of transmission over the Internet or electronic storage is completely secure. We cannot guarantee absolute security, and you use our services at your own risk.

10. Data Breaches and Notification

If we discover a breach of personal data that poses a risk to your rights and freedoms, we will notify you and the UK Information Commissioner's Office (ICO) without undue delay and no later than 72 hours after becoming aware of the breach, unless the breach is unlikely to result in risk.

Our breach notification will include details of the breach, the likely consequences, and measures we are taking to address it and mitigate harm.

11. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to enhance your experience and analyze usage. Cookies are small files stored on your device that identify you and remember your preferences.

11.1 Types of Cookies

• Essential Cookies: Required for basic functionality and security
• Performance Cookies: Used to analyze usage and improve services
• Marketing Cookies: Used to deliver targeted advertising and measure campaign effectiveness
• Preference Cookies: Used to remember your settings and preferences

11.2 Managing Cookies

You can control cookies through your browser settings and opt out of certain tracking. Please refer to your browser's help documentation for instructions on managing cookies. Note that disabling cookies may affect the functionality of our website.

12. Third-Party Links and Services

Our website and services may contain links to third-party websites and applications. This Privacy Policy applies only to our services. We are not responsible for the privacy practices of third-party websites. We encourage you to review the privacy policies of third parties before providing them with your personal data.

13. Contact Us

If you have questions about this Privacy Policy, wish to exercise your rights, or have concerns about our data practices, please contact us:

• Company: Blendorvik Solutions Ltd
• Email: contact@blendorvik.com
• Phone: +44 20 3807 4192
• Address: 128 City Road, London EC1V 2NX, United Kingdom
• VAT Number: GB491205384
• Company Registration: 10594832

14. Data Protection Officer

If you have concerns about our data processing practices or wish to lodge a complaint, you may contact our Data Protection Officer or the UK Information Commissioner's Office:

• ICO Address: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF, United Kingdom
• ICO Phone: +44 1625 545 745
• ICO Website: www.ico.org.uk

15. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, regulations, or other factors. We will notify you of any material changes by posting the updated policy on our website and updating the "Last Updated" date at the top of this page. Your continued use of our services after any changes constitutes your acceptance of the updated Privacy Policy.

16. Legitimate Interest Assessment

Where we process your data based on legitimate interests, we have conducted a Legitimate Interest Assessment to ensure that our interests do not override your fundamental rights and freedoms. We can provide details of this assessment upon request.

17. Children's Privacy

Our services are not directed to children under the age of 13 (or the applicable age of digital consent in your jurisdiction). We do not knowingly collect personal data from children under 13. If we become aware that we have collected data from a child under 13, we will delete such data immediately. If you believe we have collected data from a child under 13, please contact us immediately.

18. Marketing Communications

We may send you marketing communications, including email newsletters and promotional materials, based on your consent or our legitimate interest in promoting our services. You can manage your marketing preferences at any time by:

• Clicking the "unsubscribe" link in any marketing email
• Updating your preferences in your account settings
• Contacting us directly at contact@blendorvik.com

Please note that even if you opt out of marketing communications, we will continue to send transactional emails related to your account and services.

19. Special Categories of Data

We do not knowingly collect special categories of personal data (such as data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data, or health data) unless you voluntarily provide such information and we have your explicit consent to process it.