Summary: Trip Nexus Ltd is committed to protecting your privacy. We only collect data necessary to provide our services, we never sell your data to third parties, and we comply fully with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
1 Who We Are
Trip Nexus Ltd ("we", "us", "our") is a company registered in England and Wales. We are the data controller responsible for your personal information collected through our website and services.
2 Information We Collect
We may collect and process the following categories of personal data:
Information You Provide to Us
- Name, email address, telephone number, and company name when you complete our contact or enquiry forms
- Project details, requirements, or messages you send us
- Payment and billing information when you purchase services (processed securely via third-party payment providers)
- Correspondence and communications between you and Trip Nexus Ltd
Information We Collect Automatically
- IP address and browser type when you visit our website
- Pages visited, time spent, and navigation patterns (via analytics tools)
- Cookie data (see our Cookies section below)
- Referring website or search terms used to find us
Special Categories of Data
We do not intentionally collect any special categories of personal data (such as health, racial origin, or religious beliefs). Please do not submit such information through our website.
3 How We Use Your Information
We use your personal data for the following purposes:
- To respond to your enquiries and provide quotes for our services
- To deliver and manage the IT services you have contracted us for
- To process payments and issue invoices
- To send service-related communications (project updates, receipts, invoices)
- To improve our website and services based on usage analytics
- To comply with our legal and regulatory obligations
- To send marketing communications where you have given consent (you may opt out at any time)
- To prevent fraud and maintain the security of our systems
4 Lawful Basis for Processing
Under UK GDPR, we rely on the following lawful bases to process your personal data:
- Contract Performance: Processing is necessary to perform or prepare a contract with you for our IT services.
- Legitimate Interests: We process certain data based on our legitimate business interests (such as improving our services and preventing fraud), provided these interests do not override your rights.
- Legal Obligation: Where we must process data to comply with UK law (e.g., tax records, accounting obligations).
- Consent: Where you have given clear, freely given consent (e.g., subscribing to marketing emails). You may withdraw consent at any time by contacting us.
5 Sharing Your Information
We do not sell, rent, or trade your personal data. We may share your data only in the following limited circumstances:
- Service Providers: Trusted third-party suppliers who assist us in delivering services (e.g., hosting providers, payment processors, email platforms). These parties are contractually obligated to protect your data and may only use it for the specified purpose.
- Legal Requirements: Where we are required by law, regulation, or court order to disclose your information.
- Business Transfers: In the event of a merger, acquisition, or sale of assets, your data may be transferred as part of that transaction. We will notify you before your data is transferred and becomes subject to a different privacy policy.
- Professional Advisors: Our legal advisors, accountants, or auditors where necessary and subject to confidentiality obligations.
We never sell your personal data to third parties for marketing or any other commercial purposes.
6 Data Retention
We retain your personal data only for as long as is necessary to fulfil the purposes for which it was collected, including legal, accounting, or reporting requirements.
- Client records: Retained for 6 years following the end of the contract (in line with UK limitation periods and HMRC requirements)
- Enquiry / contact forms: Retained for up to 2 years if no contract results
- Financial and invoicing records: Retained for 7 years as required by HMRC
- Marketing consent records: Retained until you withdraw consent
- Website analytics: Aggregated/anonymised data retained for up to 26 months
After the applicable retention period, data is securely deleted or anonymised.
7 Your Rights Under UK GDPR
As a data subject, you have the following rights under UK GDPR and the Data Protection Act 2018:
- Right of Access: You may request a copy of all personal data we hold about you (Subject Access Request).
- Right to Rectification: You may ask us to correct inaccurate or incomplete data.
- Right to Erasure ("Right to be Forgotten"): You may request we delete your personal data in certain circumstances.
- Right to Restrict Processing: You may ask us to pause processing your data in certain circumstances.
- Right to Data Portability: You may request your data in a structured, machine-readable format.
- Right to Object: You may object to processing based on legitimate interests or for direct marketing purposes.
- Rights Relating to Automated Decisions: You have the right not to be subject to solely automated decisions that significantly affect you.
- Right to Withdraw Consent: Where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of prior processing.
To exercise any of these rights, please contact us at Tripnexus@outlook.com. We will respond within 30 days. If you are unsatisfied with our response, you have the right to lodge a complaint with the Information Commissioner's Office (ICO) at https://ico.org.uk or by calling 0303 123 1113.
8 Cookies
Our website uses cookies and similar tracking technologies. A cookie is a small text file stored on your device. We use:
- Strictly Necessary Cookies: Essential for the website to function correctly. These cannot be disabled.
- Analytics Cookies: Help us understand how visitors interact with our website (e.g., Google Analytics). These are only set with your consent.
- Marketing Cookies: Used to track and deliver relevant advertising. Only set with your explicit consent.
You can manage your cookie preferences through your browser settings at any time. For more information on managing cookies, visit www.aboutcookies.org.
9 Data Security
We take the security of your personal data seriously and implement appropriate technical and organisational measures to protect it against unauthorised access, loss, destruction, or alteration. These measures include:
- SSL/TLS encryption for data in transit
- Access controls and authentication procedures
- Regular security assessments and software updates
- Staff training on data protection obligations
In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify you and the ICO as required under UK GDPR (within 72 hours of becoming aware).
10 Third-Party Links
Our website may contain links to third-party websites. We are not responsible for the privacy practices of those websites. We encourage you to review the privacy policies of any third-party sites you visit. This Privacy Policy applies solely to information collected by Trip Nexus Ltd.
11 Children's Privacy
Our services are not directed at individuals under the age of 18. We do not knowingly collect personal data from children. If you believe we have inadvertently collected data from a child, please contact us immediately at Tripnexus@outlook.com and we will take steps to delete such information promptly.
12 Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. When we make material changes, we will update the "Last Updated" date at the top of this page and, where appropriate, notify you by email.
We encourage you to review this policy periodically to stay informed about how we are protecting your information.