Privacy Policy
Last updated: January 2025
1. Introduction
Revanta (a trading name of Maddisys Ltd, "we", "us", or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, and safeguard your information when you visit our website or use our services, in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
2. Data Controller
Maddisys Ltd is the data controller responsible for your personal data. Our company details are:
- Company Name: Maddisys Ltd
- Company Number: 05215218
- Email: privacy@maddisys.co.uk
3. Information We Collect
We may collect the following types of personal data:
- Identity Data: Your name when you use our contact form.
- Contact Data: Your email address when you contact us.
- Communication Data: The content of messages you send to us.
- Technical Data: IP address, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access our website.
- Usage Data: Information about how you use our website, including pages visited, time spent on pages, and navigation paths.
4. How We Collect Your Data
We collect personal data through:
- Direct interactions: When you fill in our contact form or correspond with us by email.
- Automated technologies: As you interact with our website, we may automatically collect Technical Data about your equipment, browsing actions, and patterns.
5. Legal Basis for Processing
We will only use your personal data when the law allows us to. The legal bases we rely on are:
- Consent: Where you have given clear consent for us to process your personal data for a specific purpose (e.g., marketing communications).
- Contract: Where processing is necessary for the performance of a contract with you or to take steps at your request before entering into a contract.
- Legitimate Interests: Where processing is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests. This includes responding to enquiries, improving our website, and ensuring security.
- Legal Obligation: Where processing is necessary to comply with a legal obligation.
6. How We Use Your Information
We use your personal data for the following purposes:
| Purpose | Legal Basis |
|---|---|
| Responding to your enquiries | Legitimate interests |
| Providing customer support | Contract / Legitimate interests |
| Improving our website and services | Legitimate interests |
| Sending marketing communications | Consent |
| Website security and fraud prevention | Legitimate interests / Legal obligation |
7. Data Retention
We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
- Contact form submissions: Retained for 2 years from the date of submission, unless an ongoing business relationship exists.
- Technical and usage data: Retained for 12 months for analytics purposes.
- Marketing preferences: Retained until you withdraw consent.
8. Data Sharing and Third Parties
We do not sell your personal data. We may share your data with the following categories of third parties:
- Cloud hosting providers: Google Cloud Platform (for website hosting and cloud functions)
- Email service providers: SendGrid (for sending transactional emails)
- Professional advisers: Lawyers, accountants, and auditors where required
- Regulatory authorities: Where required by law
All third-party service providers are required to take appropriate security measures to protect your personal data and are only permitted to process your data for specified purposes in accordance with our instructions.
9. International Transfers
Some of our third-party service providers are based outside the UK. Where we transfer your personal data outside the UK, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:
- Transfer to countries that have been deemed to provide an adequate level of protection by the UK Government.
- Use of specific contracts approved by the UK Government (International Data Transfer Agreement or UK Addendum to EU SCCs).
10. Data Security
We have implemented appropriate technical and organisational security measures to prevent your personal data from being accidentally lost, used, accessed, altered, or disclosed in an unauthorised way. These measures include:
- Encryption of data in transit using TLS/SSL
- Secure cloud infrastructure with access controls
- Regular security assessments
- Limited access to personal data on a need-to-know basis
11. Your Rights Under UK GDPR
Under UK data protection law, you have the following rights:
- Right of Access: You can request a copy of the personal data we hold about you.
- Right to Rectification: You can request that we correct inaccurate or incomplete personal data.
- Right to Erasure: You can request that we delete your personal data in certain circumstances.
- Right to Restrict Processing: You can request that we restrict the processing of your personal data in certain circumstances.
- Right to Data Portability: You can request to receive your personal data in a structured, commonly used, machine-readable format.
- Right to Object: You can object to processing based on legitimate interests or for direct marketing purposes.
- Right to Withdraw Consent: Where we rely on consent, you can withdraw it at any time.
To exercise any of these rights, please contact us at privacy@maddisys.co.uk. We will respond to your request within one month.
You will not have to pay a fee to access your personal data or to exercise any of your other rights. However, we may charge a reasonable fee if your request is clearly unfounded, repetitive, or excessive.
12. Right to Complain
If you are unhappy with how we have handled your personal data, you have the right to lodge a complaint with the Information Commissioner's Office (ICO), the UK supervisory authority for data protection issues:
- Website: ico.org.uk/make-a-complaint
- Telephone: 0303 123 1113
We would appreciate the opportunity to address your concerns before you approach the ICO, so please contact us first.
13. Cookies
Our website uses only strictly necessary cookies required for the website to function. We do not use:
- Advertising or tracking cookies
- Third-party analytics cookies
- Social media cookies
Strictly necessary cookies do not require consent under UK GDPR as they are essential for the website to operate.
14. Contact Us
If you have any questions about this Privacy Policy, wish to exercise your data protection rights, or have concerns about how we handle your personal data, please contact us:
- Company: Maddisys Ltd
- Email: privacy@maddisys.co.uk
- General enquiries: info@maddisys.co.uk
15. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices or for legal, operational, or regulatory reasons. We will notify you of any material changes by posting the new Privacy Policy on this page and updating the "Last updated" date.
We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting your information.