Privacy & data Policy

Effective Date: 28 August 2024
Last Updated: 27 June 2025

Introduction

ONNEC Group Ltd (“we”, “us”, or “our”) is committed to protecting your personal information and upholding your privacy rights. This privacy policy explains how we collect, use, disclose, and safeguard your personal information when you visit our website or engage with our services.

This notice is designed to be transparent and accessible in accordance with our obligations under the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018 (DPA 2018), and applicable international laws.

Definitions

  • Personal Information: Any data relating to an identified or identifiable individual (e.g. name, email address, IP address). 
  • Special Category Data: Sensitive information such as racial or ethnic origin, health data, or biometric identifiers. 
  • Data Subject: The individual to whom the personal data relates. 
  • Processing: Any operation performed on personal data, such as collection, use, storage, or deletion. 

What Personal Data We Collect

We collect the following types of personal information:

  • Contact Information: Name, company, job title, email address, telephone number. 
  • Account Information: Login credentials if applicable (e.g. user ID, password). 
  • Usage Data: IP address, browser type, referring/exit pages, device identifiers, time zone, and how you interact with our website. 
  • Marketing Preferences: Information you provide when subscribing to newsletters or requesting information. 

This data may be collected via: 

  • Website forms and interactions 
  • Email communications and customer service engagements 
  • Cookies, tracking pixels, and analytics tools (see Section 11) 

We rely on the following legal bases under UK GDPR to process your personal data: 

  • Consent – Where you have explicitly given us permission (e.g. newsletter subscription). 
  • Contractual Necessity – When processing is required to perform or enter into a contract with you. 
  • Legal Obligation – Where required by law or regulation. 
  • Legitimate Interests – For purposes such as improving our services, maintaining security, and managing customer relationships. These interests are balanced against your rights. 

How We Use Your Data

We may use your personal data for the following purposes:

  • Service Delivery: To operate, maintain, and enhance our website and services. 
  • Customer Support: To respond to enquiries, troubleshoot, and provide information. 
  • Marketing and Communications: To send you tailored updates, promotions, or industry news (you may opt out at any time). 
  • Legal and Regulatory Compliance: To fulfil legal obligations or respond to regulatory or enforcement requests. 
  • Analytics and Performance: To monitor and improve site usage and performance. 

Disclosure of Personal Data

We may share your information with trusted third parties under strict contractual obligations: 

  • Service Providers: Marketing, CRM, IT hosting, and customer support vendors acting under Data Processing Agreements (DPAs). 
  • Legal Obligations: Disclosure when required by law, court order, or regulatory authorities. 
  • Business Transactions: In the context of mergers, acquisitions, or asset transfers

All processors are required to implement appropriate technical and organisational security measures. 

International Data Transfers

Your personal information may be transferred to, and processed in, jurisdictions outside the UK or European Economic Area (EEA). Where such transfers occur, we ensure: 

  • The country has an adequacy decision, or 
  • We have implemented appropriate safeguards (e.g. UK Addendum to SCCs, IDTA), and 
  • Additional technical and organisational protections are in place to uphold your rights. 

Data Security

We take data security seriously and implement a layered defense approach, including: 

  • Technical Controls: Encryption (TLS, AES), firewalls, secure infrastructure, multi-factor authentication. 
  • Organisational Controls: Access controls, staff training, data minimisation practices. 
  • Physical Controls: Secure office facilities, restricted data access. 

Our systems are regularly audited for compliance and resilience. In the event of a personal data breach, we will notify you and the ICO where required. 

Your Rights as a Data Subject

Under the UK GDPR, you have the following rights: 

  • Right to Access – Obtain a copy of your personal data. 
  • Right to Rectification – Correct inaccurate or incomplete data. 
  • Right to Erasure – Request deletion of your data in certain circumstances. 
  • Right to Restrict Processing – Ask us to limit processing of your data. 
  • Right to Object – Object to processing, particularly for direct marketing. 
  • Right to Data Portability – Transfer your data to another provider. 
  • Right to Withdraw Consent – Withdraw consent at any time, where processing is based on consent. 

To exercise your rights, contact us at compliance@onnecgroup.com. We aim to respond within one calendar month and may require verification of identity. 

Cookies and Analytics

We use cookies and similar tracking technologies to: 

  • Understand website usage and visitor behaviour 
  • Improve functionality and performance 
  • Personalise marketing communications 

Cookies are managed in line with our Cookies Policy, and you may modify your preferences via your browser settings. 

Analytics may be provided by:

  • HubSpot – CRM, contact segmentation, and behavioural tracking (with data transfers to the US under SCCs) 
  • Sopro.io – Appointed digital marketing agency (ICO Reg: ZA346877, dpo@sopro.io) 

Use of Digital Marketing & CRM Services

We use the following processors for marketing and operational purposes: 

  • HubSpot: Contact management, analytics, landing pages, marketing automation. Data may be processed in the USA and Ireland under Standard Contractual Clauses (SCCs) and technical safeguards. 
    → See HubSpot’s Privacy Policy 
  • Sopro.io: Email marketing and lead generation. 
  • Intact Software (UK) Ltd: CRM and data management. Information processed under a data processing agreement in accordance with UK GDPR, under the legal basis of legitimate interest. 

Changes to the Privacy Policy

We reserve the right to update this privacy notice from time to time. Any material changes will be posted on this page and notified where appropriate. We encourage you to review it periodically. 

contact us

If you have questions or concerns regarding this Privacy Policy or your data protection rights, please contact: 

Andrew Janes 
Data Protection Officer 
ONNEC Group 
compliance@onnecgroup.com 

You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO): 
www.ico.org.uk 

For and on behalf of 
ONNEC Group Ltd 
Approved by: CEO 
DPO: Andrew Janes 
Version: 2.0 
Effective Date: 27/06/2025