Privacy Policy
Last updated: October 21, 2025
Background
OnyxSis Limited ("we," "us," or "our") operates the website onyxsis.com. We are committed to protecting your privacy and handling your personal data responsibly. This Privacy Policy explains how we collect, use, store, and protect your information when you visit or interact with our website.
We are registered in England (company number 09284286) with our registered office at Unit 1268, 13 Freeland Park, Wareham Road, Poole, Dorset, BH16 6FH, United Kingdom.
1. What This Policy Covers
This policy applies to all pages on onyxsis.com, including forms and analytics tools like Matomo. If you follow links to other websites, please review their privacy policies, as we are not responsible for their practices.
2. What Is Personal Data?
Personal data is any information that can identify you, such as your name, email, phone number, or technical details like your IP address.
3. Your Rights
Under UK data protection law, you have the following rights:
- Access: Request a copy of the personal data we hold about you.
- Rectification: Ask us to correct inaccurate or incomplete data.
- Erasure: Request that we delete your personal data.
- Restriction: Ask us to limit how we use your data.
- Object: Oppose our use of your data for specific purposes.
- Portability: Receive your data in a reusable format.
- Withdraw consent: If we rely on your consent, you can withdraw it at any time.
How to exercise your rights:
To request access to your data, email privacy@onyxsis.com with the subject line "Data Access Request". We will respond to your request within 2 business days.
We do not use your personal data for automated decision-making or profiling that would significantly affect you.
For more information or to lodge a complaint, you can also contact the Information Commissioner's Office (ICO).
4. What Data We Collect and Why
| Data Type | Purpose | Legal Basis |
|---|---|---|
| Emergency Support Request Form | Diagnose issues, provide quotes, and deliver services. | Consent (Article 6(1)(a) GDPR) |
| Consultation Scheduling Form | Respond to inquiries and schedule meetings. | Consent (Article 6(1)(a) GDPR) |
| Contact Us Form | Respond to your messages and provide information. | Consent (Article 6(1)(a) GDPR) |
| Matomo Analytics | Improve user experience, detect technical issues, and measure content performance. | Legitimate interest (Article 6(1)(f) GDPR) |
Legitimate Interest for Analytics:
We use Matomo to analyse website traffic and improve our services. You can object to this processing by enabling "Do Not Track" in your browser.
5. How We Use Your Data
5.1 Form Data
We use the data you provide in forms to respond to your requests, deliver services, and improve our offerings.
5.2 Matomo Analytics
We use Matomo Analytics in a configuration that does not store or access any information on your device. No cookies or local storage are used, and all IP addresses are anonymised before processing. This means our analytics are exempt from cookie consent requirements under the UK PECR and most EU implementations of the ePrivacy Directive.
- Anonymization: We remove the last octet of your IP address (e.g., 192.168.x.x → 192.168.0.0).
- No Cookies: Matomo does not use cookies or track you individually.
6. How Long We Keep Your Data
| Data Type | Purpose | Retention Period |
|---|---|---|
| Form Data | Respond to requests and provide services. | 2 years, then securely archived (encrypted, offline storage) for 7 years, after which it is permanently deleted. |
| Call Recordings | Quality assurance and training. | 60 days, then permanently deleted. |
| Emails | Communication and service delivery. | 2 years, then securely archived for 7 years, after which they are permanently deleted. |
| Server Access Logs | Security monitoring and troubleshooting. | 60 days, then permanently deleted. |
| Matomo Analytics | Website improvement and technical analysis. | Raw data deleted after 2 years. |
7. How We Store and Protect Your Data
- Encryption: We use TLS 1.3+ for data in transit and PGP for data at rest.
- Access Control: Only authorised personnel can access your data.
- Security Testing: We regularly test our security measures.
- Data Breach Response: We will notify you and the ICO within 72 hours if a breach occurs.
"Securely Archived" means your data is encrypted and stored offline for compliance purposes only.
8. Who We Share Your Data With
We share your data only with trusted third parties who help us operate our website and services:
| Third Party | Purpose | Location | Safeguards |
|---|---|---|---|
| OVH Limited | Hosting and data storage. | UK | UK GDPR-compliant servers. |
| The Constant Company LLC | Hosting and data storage. | UK (servers) | UK GDPR-compliant; Standard Contractual Clauses for international transfers. |
| Internet Communications (Services) Limited | Call answering and customer support. | UK | UK GDPR-compliant; data processed under our instruction. |
International Data Transfers:
If data is transferred outside the UK/EU, we ensure adequate safeguards, such as Standard Contractual Clauses, are in place.
9. How to Contact Us
For questions or to exercise your rights, contact us at:
- Email: privacy@onyxsis.com
- Phone: +44 20 3905 1906
- Post: Unit 1268, 13 Freeland Park, Wareham Road, Poole, Dorset, BH16 6FH, United Kingdom.
10. Changes to This Policy
We may update this Privacy Policy occasionally. Any changes will be posted here, and your continued use of our website constitutes acceptance of the updated policy.