1. Who we are

Data Controller: flexmul LTD, Company No. 16762566, 51 Coningsby Road, London W5 4HP, United Kingdom. Contact: hello@flexmul.co.uk.

We provide independent IT consultancy. We do not run consumer services and we do not sell personal data.

2. Data we collect

2.1 Enquiries and correspondence

When you contact us, we collect your name, work email, phone (if provided) and the details you choose to share about your project.

2.2 Project delivery

During delivery we may process limited personal data present in logs, tickets, test datasets or documentation you provide. Wherever possible we request anonymised or pseudonymised data.

2.3 Website and device data

We use minimal cookies and standard server logs for security and basic analytics (pages viewed, referrers, IP address, browser type).

3. Why we use your data (lawful bases)

• Contract – to respond to enquiries, provide quotes and deliver agreed services.
• Legitimate interests – to keep records, manage the relationship, and maintain security of our systems.
• Consent – for optional updates or where you ask us to keep your details for future opportunities. You can withdraw consent at any time.
• Legal obligation – to meet tax and accounting requirements.

4. Sharing your data

We may share data with:

• Service providers (e.g. email, document storage, error tracking) under contract and confidentiality.
• Professional advisers (legal, accounting) when reasonably necessary.
• Authorities where required by law or to protect rights, security or property.

We do not permit providers to use your data for their own marketing.

5. International transfers

Your data may be processed outside the UK/EEA where our providers operate. Where this happens, we rely on adequacy regulations or standard contractual clauses, and apply access controls and encryption where appropriate.

6. Retention

• Enquiry emails and notes: up to 24 months after last contact.
• Project records (contracts, statements of work, invoices): 6 years for tax and accounting.
• Operational logs: typically 90 days unless an incident requires longer retention.

7. Security

• MFA and least-privilege access on accounts we control.
• Encrypted storage and transport for documents and secrets.
• Regular access reviews and backup/restore tests for our own systems.
• Simple incident response checklist and contact tree.

8. Your rights

Under UK/EU data protection law you can request: access, correction, deletion, restriction, objection to processing, and data portability. To exercise your rights, email hello@flexmul.co.uk. You also have the right to complain to your local data protection authority. In the UK this is the ICO.

9. Children

Our services are aimed at organisations. We do not knowingly collect information about children.

10. Changes to this policy

We may update this policy from time to time. The effective date at the top will change and the latest version will always be available on this page.