Privacy Policy
1. Important Information and Who We Are
| Detail | Information |
| Full Legal Name | aerolytica LTD |
| Trading Name | aerolytica LTD |
| Registered Address | 7 Penwarden Way, Chichester, West Sussex, PO18 8LG |
| Company Number | 16738291 |
| Data Controller | aerolytica LTD is the Data Controller and is responsible for your personal data. |
| Contact for Privacy Matters | Data Protection Point of Contact: privacy@aerolytica.co.uk |
| Policy Date | November 2025 |
We are committed to protecting your personal data and your privacy rights in compliance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
2. The Data We Collect About You
We may collect, use, store, and transfer different kinds of personal data about you, which we have grouped together as follows:
| Data Category | Examples of Data Collected | Data Subject |
| Identity Data | Name, Job Title, Company Name. | Clients, Contractors, Suppliers |
| Contact Data | Email address, Telephone number, Company Address. | Clients, Contractors, Suppliers |
| Financial Data | Bank account details (for payment processing). | Contractors, Suppliers |
| Contractor Data | Professional documents such as Curriculum Vitae (CVs). | Contractors |
| Technical Data | Internet Protocol (IP) address, browser type and version, time zone setting and location, operating system and platform. | Website Visitors, Clients |
| Usage Data | Information about how you use our website and services (e.g., pages visited). | Website Visitors, Clients |
| Marketing Data | Your preferences in receiving marketing from us. | Clients, Website Visitors |
We do not generally collect Special Categories of Personal Data (e.g., details about your race, religion, health, etc.).
3. How and Why We Use Your Personal Data (Lawful Basis)
We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances and based on the following Lawful Bases:
| Purpose of Processing | Personal Data Used | Lawful Basis for Processing (UK GDPR) |
| To provide our Consultancy and Software Development Services (including project management, client communication, and final delivery). | Identity, Contact, Technical, Usage Data. | Performance of a Contract with you or the company you represent. |
| To manage payments and accounting records. | Financial Data, Identity, Contact Data. | Legal Obligation (e.g., tax and accounting laws). |
| To manage and assess potential Contractors. | Identity, Contact, Contractor Data (CVs). | Legitimate Interests (assessing suitability for our business needs) or Performance of a Contract (if engaged). |
| To send you marketing communications about our services and updates. | Identity, Contact, Marketing Data. | Consent (where we have obtained a clear, specific, and unambiguous consent from you). |
| To administer and protect our website (including troubleshooting, data analysis, testing, system maintenance, support, reporting, and hosting of data). | Technical Data, Usage Data. | Legitimate Interests (for running our business, network security, and preventing fraud). |
4. Data Sharing and Third-Party Processors
We may share your personal data with the parties set out below for the purposes described in Section 3. We require all third parties to respect the security of your personal data and to treat it in accordance with the law.
| Recipient Category | Purpose of Sharing | UK Data Status |
| Financial/Payment Processors (e.g., Tide) | Processing payments, managing supplier invoices, and maintaining financial records. | Data Processor |
| CRM and Marketing Platforms (e.g., HubSpot) | Storing client/prospect contact data, managing marketing lists, and tracking sales pipeline activities. | Data Processor |
| IT and System Administration Services | Hosting our website, managing email, and backing up our data. | Data Processor |
| Professional Advisers | Lawyers, accountants, and insurers who provide professional advice to aerolytica LTD. | Data Controller/Processor |
5. International Transfers
We share your personal data with HubSpot, whose primary data centres are located in Germany.
- Germany is part of the European Economic Area (EEA).
- The UK Government has deemed the EEA to provide an adequate level of protection for personal data.
- Therefore, the transfer of your data from the UK to Germany is a permitted transfer under the UK GDPR and does not require additional safeguards like the International Data Transfer Agreement (IDTA). We rely on the UK’s adequacy regulations for this transfer.
6. Data Security and Retention
Data Security
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used, or accessed in an unauthorised way, altered, or disclosed. We limit access to your personal data to employees, agents, contractors, and other third parties who have a business need to know.
Data Retention
We will only retain your personal data for as long as reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting, or reporting requirements.
- Client/Contract Data: Typically retained for seven (7) years after the end of the contract for legal and accounting purposes.
- Marketing Data (based on Consent): Retained until you withdraw your consent (opt-out) or if we cease marketing activities.
- Contractor CVs/Records: Retained for a maximum of two (2) years if unsuccessful, or for the contract term plus seven (7) years if engaged.
7. Cookies and Tracking Technologies (PECR)
Our website uses cookies and similar tracking technologies, specifically Google Analytics and HubSpot tracking cookies, to distinguish you from other users and to analyse how our website is used. This helps us to improve our website and provide you with a better browsing experience.
- PECR Requirement: As these are non-essential cookies (analytics/tracking), we are required by the Privacy and Electronic Communications Regulations (PECR) to obtain your informed consent before these cookies are stored on your device.
- Cookie Policy: A separate, detailed Cookie Policy is available [Insert Link to your Cookie Policy], which explains the cookies we use and how to manage them.
- Consent: You can manage your cookie preferences via our [Insert Link to your Cookie Banner/Consent Tool] or by adjusting your browser settings.
8. Your Legal Rights (Data Subject Rights)
Under the UK GDPR, you have rights in relation to your personal data. These include:
- The Right to be Informed: To be informed about how your personal data is being used (which is what this Privacy Policy achieves).
- The Right of Access: To request a copy of the personal data we hold about you (a Subject Access Request).
- The Right to Rectification: To request that we correct any inaccurate or incomplete data we hold about you.
- The Right to Erasure (‘Right to be Forgotten’): To request that we delete your personal data, subject to certain exceptions.
- The Right to Restrict Processing: To ask us to suspend the processing of your personal data in certain scenarios.
- The Right to Data Portability: To request the transfer of your personal data to you or a third party in a structured, commonly used, machine-readable format.
- The Right to Object to Processing: You have an absolute right to object to us processing your personal data for direct marketing purposes.
If you wish to exercise any of these rights, please contact our Data Protection Point of Contact at privacy@aerolytica.co.uk.
9. How to Complain
You have the right to make a complaint at any time to the UK supervisory authority for data protection matters, which is the Information Commissioner’s Office (ICO).
- ICO Contact Details: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF.
- ICO Website: ico.org.uk
We would appreciate the chance to deal with your concerns before you approach the ICO, so please contact us in the first instance.