OXECO is committed to protecting personal data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

What Data We Collect

We may collect and process:

• Employee data (e.g. name, contact details, payroll info, health and safety records)
• Customer and website data (e.g. business contact details, website usage statistics, IP addresses, cookies)

Lawful Basis for Processing

We only process personal data when we have a legal basis, including:

• To perform or prepare a contract
• To meet legal obligations
• For our legitimate business interests
• With your consent (where required)

Your Rights

You have the right to:

• Access, correct or delete your personal data
• Object to or restrict processing
• Request data portability
• Withdraw consent at any time
• Lodge a complaint with the ICO

Requests can be made to: privacy@oxeco.co.uk

Data Security & Transfers

We take appropriate security measures to protect your data. If data is transferred outside the UK (e.g. via providers like Mailchimp or Insightly), we ensure safeguards are in place, such as standard contractual clauses.

Retention

We retain data only as long as necessary for legal or operational purposes.

Breach Reporting

Any suspected data breaches must be reported immediately. We act swiftly in line with our internal Data Breach Procedure.

Contact us: privacy@oxeco.co.uk
Last updated: April 2025