Omnisient Privacy Policy – United Kingdom (UK GDPR)

Last updated: 11 March 2026

1. Introduction

This Privacy Policy explains how Omnisient International Limited (UK) (“Omnisient”, “we”, “us”, “our”) collects and uses Personal Data when we act as a controller under the UK General Data Protection Regulation (“UK GDPR”) and the Data Protection Act 2018. It also explains how we use cookies and similar technologies in accordance with the Privacy and Electronic Communications Regulations 2003 (“PECR”).

2. At a Glance 

• Controller: Omnisient International Limited (UK) (“Omnisient”)
• This notice covers: (1) Website visitors, (2) Platform account and admin users, and (3) Business Representatives (people at customers, prospects, suppliers, partners and other organisations who deal with us in a business capacity)
• We use Personal Data to: respond to enquiries, operate and secure the Website and Platform, manage business relationships, provide support, send marketing where permitted, and comply with legal obligations
• Key data types: contact details, account and admin data, communications and support data, device and usage data (including logs and cookies), marketing preferences, event and webinar data, and security and audit logs
• Your rights: access, rectification, erasure, restriction, objection (including to direct marketing), portability, withdrawal of consent, and rights relating to automated decision-making (we do not carry out solely automated decisions with legal or similarly significant effects – see Section 12).
• Contact: [email protected]
• ICO: you can complain to the UK Information Commissioner’s Office (details in Section 15)

3. Controller details and how to contact us 

Controller: Omnisient International Limited (UK)
Company registration number: 14910907
Registered office address: 5 Churchill Place, Canary Wharf, London E14 5HU
Privacy lead:  Jon Jacobson, Group CEO
Email: [email protected]

4. Definitions

In this Privacy Policy:

• “Business Representative” means an individual who interacts with us in a business capacity, including personnel at our customers, prospects, suppliers, partners and other organisations (for example, procurement, legal, security, commercial and operational contacts). This may include individuals who create, manage or administer a Platform account on behalf of an organisation.
• “Controller” means the person or organisation that determines the purposes and means of processing Personal Data.
• “Cookies” means small text files and similar technologies (including pixels, SDKs and tags) that are placed on a device to enable website functionality, analytics, advertising, and user preferences.
• “Legitimate interests” means our interests in conducting and improving our business, provided those interests are not overridden by your rights and interests.
• “Personal Data” means any information relating to an identified or identifiable natural person.
• “Platform” means Omnisient’s platform and related services made available to authorised users (including account administrators) on behalf of customer organisations.
• “Platform Account and admin user” means an individual authorised by a customer organisation to access the Platform, including users with administrative permissions for account set-up, configuration, billing, or user management.
• “Processor” means a person or organisation that processes Personal Data on behalf of a Controller.
• “Special Category Data” means Personal Data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for identification, health data, or data concerning a person’s sex life or sexual orientation.
• “UK GDPR” means the UK General Data Protection Regulation, as incorporated into UK law and supplemented by the Data Protection Act 2018.
• “Website” means https://omnisient.com/ and any associated webpages we operate.

5. Scope and how this Privacy Policy applies

This Privacy Policy explains how we process Personal Data when we act as a Controller. Sections 5.4-5.6 explain situations where this Privacy Policy does not apply.

5.1 Website visitors

This Privacy Policy applies when you access or use the Website, including when you submit enquiries or other forms, interact with embedded features, or manage your cookie preferences.

5.2 Platform account and admin users

This Privacy Policy applies to Platform account and admin users where we act as a Controller in connection with Platform operations, such as:

• creating and administering Platform accounts and user access
• security monitoring and logging
• communicating with Platform account and admin users (for example, service notices and support communications)  

5.3 Business Representatives

This Privacy Policy applies when you interact with us in a business capacity, including sales and procurement discussions, contracting, supplier and partner management, events and webinars, and related communications.

5.4 Processing as a Processor (out of scope)

This Privacy Policy does not apply where we process Personal Data on behalf of a customer as that customer’s Processor. In that context, the customer is the Controller and is responsible for providing privacy information to individuals whose Personal Data is processed within the customer’s use of the Platform.

If you have questions about how your Personal Data is processed in that context, please contact the relevant customer organisation.

5.5 Employment and contractor data (out of scope)

This Privacy Policy does not apply to Personal Data processed in connection with recruitment, employment, or engagement of individual contractors by Omnisient. If you are an employee, former employee, or contractor and have questions, please contact [email protected].

5.6 Third-party links

Our Website and communications may include links to third-party websites or services. This Privacy Policy does not apply to those third parties. We recommend that you review the privacy policy of any third-party site or service you visit.

6. Personal data we collect and how we use it

This section describes the categories of Personal Data we may process when we act as a Controller, why we process it, our lawful basis, how we collect it, and how long we keep it.

Details about who we share Personal Data with are in Section 7. Information about cookies and similar technologies is in Section 10, and our approach to retention is explained further in Section 13.

6.1 Contact and professional information

Examples: title, name, business email address, business telephone number, company name, job title, and other business contact details.

How we use it:

• to respond to enquiries and provide information you request
• to manage our relationship with customers, prospects, suppliers, partners and other organisations
• to create and administer Platform accounts and access, including communicating with Platform account and admin users
• to provide support and service communications
• to handle privacy queries and rights requests
• to maintain security, prevent misuse and fraud, and comply with applicable legal obligations

Our lawful basis under the GDPR:

We rely on one or more of the following, depending on the activity:

• Contract and steps prior to contract (Article 6(1)(b)) for account administration and service delivery activities
• Legitimate interests (Article 6(1)(f)) for responding to business enquiries, relationship management, service improvement, and security and fraud prevention
• Consent (Article 6(1)(a)) for marketing communications where you choose to receive them
• Legal obligation (Article 6(1)(c)) where we must comply with applicable laws – for example, responding to lawful requests

How we collect it:

• Directly from you, for example via web forms, email, phone, event registration, account set-up, support interactions, and rights requests
• Indirectly, for example from your organisation or colleagues, our business partners, event organisers, or public sources such as professional networking sites, where permitted by law

How long we keep it:

We keep contact and professional information only for as long as necessary for the purposes described above, taking into account our relationship with the relevant organisation, any ongoing enquiries or support matters, applicable legal requirements, and limitation periods for legal claims. Further detail is in Section 13.

6.2 Account and administrative information

Examples: account identifiers, user roles and permissions, authentication and access administration details, account configuration information, and billing or contract administration contacts (where applicable).

How we use it:

• to create, manage, and administer Platform accounts and user access
• to provide service notices and administrative communications
• to provide support and manage service requests
• to maintain the security and integrity of the Platform, including access controls and auditability
• to meet contractual, audit, and compliance requirements

Our lawful basis under the GDPR:

• Contract and steps prior to contract (Article 6(1)(b)) to provide the Platform and manage accounts
• Legitimate interests (Article 6(1)(f)) to administer accounts efficiently and securely, and to prevent misuse and fraud
• Legal obligation (Article 6(1)(c)) where record-keeping or disclosures are required by law

How we collect it:

• Directly from you or from your organisation during account creation, onboarding, and administration
• Generated automatically through use of the Platform (for example, role assignments and administrative actions)

How long we keep it:
We retain account and administrative information for as long as the relevant account or relationship is active, and for a limited period afterwards where necessary for auditability, security, contractual record-keeping, and legal compliance. Further detail is in Section 13.

6.3  Communications and support information

Examples: emails and correspondence, call notes, support tickets, issue reports, and information you provide when you contact us.

How we use it:

• to respond to enquiries and provide support
• to investigate and resolve issues
• to improve our services and customer support processes
• to maintain records of communications where needed for compliance and dispute handling

Our lawful basis:

• Contract and steps prior to contract (Article 6(1)(b)) where communications relate to service delivery or pre-contract requests
• Legitimate interests (Article 6(1)(f)) to manage communications, maintain service quality, and handle disputes
• Legal obligation (Article 6(1)(c)) where record-keeping is required by law

How we collect it:

• Directly from you when you contact us by email, phone, web form, or through support channels

How long we keep it:
We retain communications and support records for as long as needed to address the matter and for a limited period afterwards in case of follow-up, auditing, or dispute resolution. Further detail is in Section 13.

6.4 Technical, device, and usage information (Website and Platform)

Examples: IP address, device identifiers, browser type and version, operating system, timestamps, pages viewed, referral URLs, approximate location, diagnostic data, and security and audit logs.

How we use it:

• to operate, maintain, and secure the Website and Platform
• to monitor performance and troubleshoot issues
• to detect, prevent, and investigate security incidents, misuse, and fraud
• to understand usage and improve functionality and user experience
• for analytics and measurement, where enabled through cookie preferences
• to meet legal and regulatory requirements

Our lawful basis:

• Consent (Article 6(1)(a)) for non-essential cookies and similar technologies where required under PECR and UK GDPR
• Legitimate interests (Article 6(1)(f)) for essential functionality, service security, and fraud prevention
• Legal obligation (Article 6(1)(c)) where retention or disclosure is required by law

How we collect it:

• Automatically through cookies, log files, and similar technologies when you interact with the Website or Platform, subject to your cookie preferences

How long we keep it:
We keep technical, device, usage, and log data for as long as reasonably necessary for security, troubleshooting, service improvement, and compliance purposes, then delete or anonymise it. Further detail is in Section 13.

6.5 Marketing preferences

Examples: subscription status, communication preferences, consent records where applicable, and opt-out and suppression list records.

How we use it:

• to send marketing communications, where permitted
• to record and apply your preferences (including opt-outs and objections)
• to demonstrate compliance with applicable marketing rules

Our lawful basis:

• Consent (Article 6(1)(a)) where required (including where PECR requires consent)
• Legitimate interests (Article 6(1)(f)) where permitted for business-to-business marketing and to maintain suppression lists so we respect your preferences
• Legal obligation (Article 6(1)(c)) where record-keeping is required by law

How we collect it:

• Directly from you when you sign up, update preferences, or unsubscribe
• Generated through our marketing systems as you interact with communications (for example, unsubscribe logs)

How long we keep it:
We retain marketing preference records for as long as needed to respect your preferences and demonstrate compliance. We may keep a limited record of an opt-out or objection to ensure we do not contact you again. Further detail is in Section 13.

6.6 Special Category Data

We do not intentionally collect Special Category Data. If you voluntarily provide Special Category Data (for example, dietary or accessibility requirements for an event), we will:

• use it only for the purpose for which it was provided
• process it only where we have a valid UK GDPR lawful basis and a special category condition (including explicit consent where required)
• apply additional safeguards such as minimisation and access restriction
• delete it when it is no longer needed, in line with Section 13  

6.7 Children’s Data

Our Website and Platform are not directed to children, and we do not knowingly collect Personal Data from children. If you believe a child has provided Personal Data to us, please contact us at [email protected] so we can take appropriate steps to delete it.

7. Who we share Personal Data with

We share Personal Data only with recipients who need it for the purposes described in this Privacy Policy, and subject to appropriate contractual and security protections.

• Within Omnisient: authorised personnel who need access for their role
• Service providers: providers who support our business operations – for example, IT and cloud hosting, communications, customer relationship management, support ticketing, and security providers
• Professional advisers: for example, legal, audit, and compliance advisers
• Legal and regulatory disclosures: regulators, courts, law enforcement, or other third parties where disclosure is required or permitted by law, or necessary to establish, exercise, or defend legal rights.

8. International data transfers
   • Transfers outside the United Kingdom

Your Personal Data may be transferred to, stored in, or accessed from countries outside the United Kingdom, including where our service providers and their sub-processors operate.

These countries may include, for example, the United States, South Africa, the United Arab Emirates, Brazil, and Australia, depending on the location of the relevant service provider at the time.

• Our international service providers

We use service providers that may process Personal Data internationally in order to operate and secure the Website and Platform and manage our business operations. These may include cloud hosting and infrastructure providers (such as Microsoft Azure), and other vendors that support functions such as customer relationship management, communications, marketing, analytics (where enabled), and security.

• Safeguards for international transfers

Where we transfer Personal Data outside the United Kingdom to a country that is not subject to a UK adequacy regulation, we put appropriate safeguards in place in accordance with the UK GDPR. Depending on the transfer, these safeguards may include one or more of the following:

• the UK International Data Transfer Agreement (“IDTA”) and the UK Addendum to the EU Standard Contractual Clauses, as applicable
• contractual requirements designed to protect Personal Data to UK GDPR standards, including obligations relating to confidentiality, security measures, and handling of legal requests
• supplementary technical and organisational measures where appropriate, such as encryption in transit, access controls, and audit logging

• Further information

You can request further information about our international transfers and the safeguards we use by contacting us at [email protected].

9. Cookies, similar technologies and electronic marketing

• Cookies and similar technologies

We use cookies and similar technologies, such as pixels, tags and scripts, on the Website and, where applicable, parts of the Platform to:

• enable core functionality and provide the services you request
• keep the Website and Platform secure and prevent misuse
• remember your preferences, including your cookie choices
• where you choose, measure and improve performance and understand how the Website is used through analytics
  • Consent and cookie controls

Under the Privacy and Electronic Communications Regulations 2003:

• Strictly necessary cookies may be placed without your consent because they are required for the Website to function and to provide requested services.
• Non-essential cookies and similar technologies, including analytics cookies and any advertising cookies where used, will not be placed unless and until you consent through our cookie banner or preference tool.
• Our cookie banner allows you to accept all, reject all, or customise your choices.
• You can change your preferences and withdraw consent at any time using our cookie settings tool found at https://omnisient.com/privacy-center/
• We record your cookie preferences, including consent and withdrawal, so we can apply your choices.

For more information, please see our Cookie Policy at https://omnisient.com/cookie-policy/.

• Electronic marketing

Where we send electronic marketing, we do so only as permitted by the Privacy and Electronic Communications Regulations 2003 and other applicable laws. Depending on the context, we may rely on:

• your consent where opt-in is required
• our legitimate interests where permitted for business-to-business marketing, with a clear and simple opt-out

You can opt out of marketing at any time by using the unsubscribe link in our emails or by contacting us at [email protected]. If you opt out, we may still send non-marketing messages where necessary, for example security notifications or administrative communications.

10. Data Retention

We keep Personal Data only for as long as necessary for the purposes described in this Privacy Policy. We may keep Personal Data for longer where required or permitted by law, or where we need it to establish, exercise, or defend legal rights.

10.1.                  How we set retention periods

Retention depends on the type of Personal Data and how it is used. In deciding how long to keep Personal Data, we take into account:

• the nature and duration of our relationship with you or your organisation
• the purpose for which the Personal Data was collected and the lawful basis relied upon
• applicable legal, regulatory, tax, and accounting requirements
• relevant limitation periods for legal claims and dispute resolution
• security and fraud prevention needs, including incident investigation
• any legal hold, litigation hold, or similar preservation requirement

10.2.                 What this means in practice

• Enquiries, support, and communications: kept for as long as reasonably necessary to handle the request, manage follow-up, and maintain appropriate records, then deleted or anonymised.
• Business relationship records: kept for the duration of the relevant relationship and for a reasonable period afterwards for auditability, compliance, and dispute handling.
• Platform account and administrative data: kept while an account is active and for a limited period after closure to support account closure, security, and record-keeping.
• Security and audit logs: kept for as long as reasonably necessary to maintain the security of the Website and Platform and to investigate and respond to incidents.
• Accounting and invoicing records: kept in accordance with applicable legal and regulatory requirements.

We take steps to delete, destroy, or anonymise Personal Data when it is no longer needed for the purposes described above.

If you would like further information about our retention approach for a particular category of Personal Data, you can contact us at [email protected].

11. Your Privacy Rights

Under the UK GDPR, you have certain rights in relation to your Personal Data, subject to applicable conditions and exemptions.

• Your rights

You may have the right to:

• Access your Personal Data and receive a copy of the Personal Data we hold about you
• Rectify inaccurate Personal Data and complete incomplete Personal Data
• Erase your Personal Data in certain circumstances
• Restrict our processing of your Personal Data in certain circumstances
• Object to processing based on legitimate interests, and to object to direct marketing at any time
• Data portability, where applicable, which allows you to receive the Personal Data you provided to us in a structured, commonly used, machine-readable format and to have it transferred to another controller where technically feasible
• Withdraw consent where we rely on consent, without affecting the lawfulness of processing carried out before you withdraw consent
• Complain to the UK Information Commissioner’s Office (the ICO).

Automated decision-making: We do not use your Personal Data to make solely automated decisions, without human involvement, that produce legal effects concerning you or similarly significantly affect you.

• How to exercise your rights

To exercise your rights, please email [email protected].

We may ask you to verify your identity before responding, and we may request information needed to locate the relevant Personal Data. Where permitted, you may use an authorised representative to submit a request on your behalf. We may require evidence of their authority to act for you.

• Our response times

We usually respond within one month of receiving a valid request. If a request is complex or you submit multiple requests, we may extend the response time by up to two additional months. If we extend the time, we will let you know within one month and explain why.

12. Data security

We implement appropriate technical and organisational measures designed to protect Personal Data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to Personal Data. These measures are risk-based and take into account the nature of the Personal Data and how it is processed.

• Security measures

Our information security controls may include:

• encryption in transit and, where appropriate, encryption at rest
• access controls, authentication safeguards, and least-privilege access
• logging, monitoring, and auditability measures
• vulnerability management, patching, and secure configuration practices
• secure development practices and change management
• staff training and confidentiality obligations
• supplier due diligence, contractual protections, and ongoing oversight
  • Security incident management

We maintain incident management processes designed to detect, respond to, investigate, and remediate security incidents. Where required by law, we will notify the appropriate regulator and affected individuals of relevant personal data breaches.

No system can be guaranteed to be completely secure. You can help protect your information by using strong passwords, keeping credentials confidential, and contacting us promptly if you believe your account has been compromised.

13. Changes to this Privacy Policy

We may update this Privacy Policy from time to time. The “Last updated” date at the top of this page shows when it was most recently revised. Where changes are material, we will provide a prominent notice for a reasonable period. We encourage you to review this Privacy Policy periodically.

14. Contact us and complaints

If you have questions about this Privacy Policy, want to exercise your privacy rights, or wish to raise a concern, you can contact us using the details below.

Email: [email protected]
Post: 5 Churchill Place, Canary Wharf, London E14 5HU

You also have the right to complain to the UK Information Commissioner’s Office.

UK Information Commissioner’s Office
Website: https://ico.org.uk/
Telephone: 0303 123 1113
Address: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF

1. At a glance

• Controller: Omnisient International Limited (UK) (“Omnisient”)
• This notice covers: (1) Website visitors, (2) Platform account and admin users, and (3) Business Representatives (people at customers, prospects, suppliers, partners and other organisations who deal with us in a business capacity)
• We use Personal Data to: respond to enquiries, operate and secure the Website and Platform, manage business relationships, provide support, send marketing where permitted, and comply with legal obligations
• Key data types: contact details, account and admin data, communications and support data, device and usage data (including logs and cookies), marketing preferences, event and webinar data, and security and audit logs
• Your rights: access, rectification, erasure, restriction, objection (including to direct marketing), portability, withdrawal of consent, and rights relating to automated decision-making (we do not carry out solely automated decisions with legal or similarly significant effects – see Section 12).
• Contact: [email protected]
• ICO: you can complain to the UK Information Commissioner’s Office (details in Section 15)

2. Controller details and how to contact us

Controller: Omnisient International Limited (UK)
Company registration number: 14910907
Registered office address: 5 Churchill Place, Canary Wharf, London E14 5HU
Privacy lead:  Jon Jacobson, Group CEO
Email: [email protected]

3. Definitions

In this Privacy Policy:

• “Business Representative” means an individual who interacts with us in a business capacity, including personnel at our customers, prospects, suppliers, partners and other organisations (for example, procurement, legal, security, commercial and operational contacts). This may include individuals who create, manage or administer a Platform account on behalf of an organisation.
• “Controller” means the person or organisation that determines the purposes and means of processing Personal Data.
• “Cookies” means small text files and similar technologies (including pixels, SDKs and tags) that are placed on a device to enable website functionality, analytics, advertising, and user preferences.
• “Legitimate interests” means our interests in conducting and improving our business, provided those interests are not overridden by your rights and interests.
• “Personal Data” means any information relating to an identified or identifiable natural person.
• “Platform” means Omnisient’s platform and related services made available to authorised users (including account administrators) on behalf of customer organisations.
• “Platform Account and admin user” means an individual authorised by a customer organisation to access the Platform, including users with administrative permissions for account set-up, configuration, billing, or user management.
• “Processor” means a person or organisation that processes Personal Data on behalf of a Controller.
• “Special Category Data” means Personal Data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for identification, health data, or data concerning a person’s sex life or sexual orientation.
• “UK GDPR” means the UK General Data Protection Regulation, as incorporated into UK law and supplemented by the Data Protection Act 2018.
• “Website” means https://omnisient.com/ and any associated webpages we operate.

4. Scope and how this Privacy Policy applies

This Privacy Policy explains how we process Personal Data when we act as a Controller. Sections 5.4-5.6 explain situations where this Privacy Policy does not apply.

• Website visitors

This Privacy Policy applies when you access or use the Website, including when you submit enquiries or other forms, interact with embedded features, or manage your cookie preferences.

• Platform account and admin users

This Privacy Policy applies to Platform account and admin users where we act as a Controller in connection with Platform operations, such as:

• creating and administering Platform accounts and user access
• security monitoring and logging
• communicating with Platform account and admin users (for example, service notices and support communications)
  • Business Representatives

This Privacy Policy applies when you interact with us in a business capacity, including sales and procurement discussions, contracting, supplier and partner management, events and webinars, and related communications.

• Processing as a Processor (out of scope)

This Privacy Policy does not apply where we process Personal Data on behalf of a customer as that customer’s Processor. In that context, the customer is the Controller and is responsible for providing privacy information to individuals whose Personal Data is processed within the customer’s use of the Platform.

If you have questions about how your Personal Data is processed in that context, please contact the relevant customer organisation.

• Employment and contractor data (out of scope)

This Privacy Policy does not apply to Personal Data processed in connection with recruitment, employment, or engagement of individual contractors by Omnisient. If you are an employee, former employee, or contractor and have questions, please contact [email protected].

• Third-party links

Our Website and communications may include links to third-party websites or services. This Privacy Policy does not apply to those third parties. We recommend that you review the privacy policy of any third-party site or service you visit.

5. Personal data we collect and how we use it

This section describes the categories of Personal Data we may process when we act as a Controller, why we process it, our lawful basis, how we collect it, and how long we keep it.

Details about who we share Personal Data with are in Section 7. Information about cookies and similar technologies is in Section 10, and our approach to retention is explained further in Section 13.

• Contact and professional information

Examples: title, name, business email address, business telephone number, company name, job title, and other business contact details.

How we use it:

• to respond to enquiries and provide information you request
• to manage our relationship with customers, prospects, suppliers, partners and other organisations
• to create and administer Platform accounts and access, including communicating with Platform account and admin users
• to provide support and service communications
• to handle privacy queries and rights requests
• to maintain security, prevent misuse and fraud, and comply with applicable legal obligations

Our lawful basis under the GDPR:

We rely on one or more of the following, depending on the activity:

• Contract and steps prior to contract (Article 6(1)(b)) for account administration and service delivery activities
• Legitimate interests (Article 6(1)(f)) for responding to business enquiries, relationship management, service improvement, and security and fraud prevention
• Consent (Article 6(1)(a)) for marketing communications where you choose to receive them
• Legal obligation (Article 6(1)(c)) where we must comply with applicable laws – for example, responding to lawful requests

How we collect it:

• Directly from you, for example via web forms, email, phone, event registration, account set-up, support interactions, and rights requests
• Indirectly, for example from your organisation or colleagues, our business partners, event organisers, or public sources such as professional networking sites, where permitted by law

How long we keep it:

We keep contact and professional information only for as long as necessary for the purposes described above, taking into account our relationship with the relevant organisation, any ongoing enquiries or support matters, applicable legal requirements, and limitation periods for legal claims. Further detail is in Section 13.

• Account and administrative information

Examples: account identifiers, user roles and permissions, authentication and access administration details, account configuration information, and billing or contract administration contacts (where applicable).

How we use it:

• to create, manage, and administer Platform accounts and user access
• to provide service notices and administrative communications
• to provide support and manage service requests
• to maintain the security and integrity of the Platform, including access controls and auditability
• to meet contractual, audit, and compliance requirements

Our lawful basis under the GDPR:

• Contract and steps prior to contract (Article 6(1)(b)) to provide the Platform and manage accounts
• Legitimate interests (Article 6(1)(f)) to administer accounts efficiently and securely, and to prevent misuse and fraud
• Legal obligation (Article 6(1)(c)) where record-keeping or disclosures are required by law

How we collect it:

• Directly from you or from your organisation during account creation, onboarding, and administration
• Generated automatically through use of the Platform (for example, role assignments and administrative actions)

How long we keep it:
We retain account and administrative information for as long as the relevant account or relationship is active, and for a limited period afterwards where necessary for auditability, security, contractual record-keeping, and legal compliance. Further detail is in Section 13.

• Communications and support information

Examples: emails and correspondence, call notes, support tickets, issue reports, and information you provide when you contact us.

How we use it:

• to respond to enquiries and provide support
• to investigate and resolve issues
• to improve our services and customer support processes
• to maintain records of communications where needed for compliance and dispute handling

Our lawful basis:

• Contract and steps prior to contract (Article 6(1)(b)) where communications relate to service delivery or pre-contract requests
• Legitimate interests (Article 6(1)(f)) to manage communications, maintain service quality, and handle disputes
• Legal obligation (Article 6(1)(c)) where record-keeping is required by law

How we collect it:

• Directly from you when you contact us by email, phone, web form, or through support channels

How long we keep it:
We retain communications and support records for as long as needed to address the matter and for a limited period afterwards in case of follow-up, auditing, or dispute resolution. Further detail is in Section 13.

• Technical, device, and usage information (Website and Platform)

Examples: IP address, device identifiers, browser type and version, operating system, timestamps, pages viewed, referral URLs, approximate location, diagnostic data, and security and audit logs.

How we use it:

• to operate, maintain, and secure the Website and Platform
• to monitor performance and troubleshoot issues
• to detect, prevent, and investigate security incidents, misuse, and fraud
• to understand usage and improve functionality and user experience
• for analytics and measurement, where enabled through cookie preferences
• to meet legal and regulatory requirements

Our lawful basis:

• Consent (Article 6(1)(a)) for non-essential cookies and similar technologies where required under PECR and UK GDPR
• Legitimate interests (Article 6(1)(f)) for essential functionality, service security, and fraud prevention
• Legal obligation (Article 6(1)(c)) where retention or disclosure is required by law

How we collect it:

• Automatically through cookies, log files, and similar technologies when you interact with the Website or Platform, subject to your cookie preferences

How long we keep it:
We keep technical, device, usage, and log data for as long as reasonably necessary for security, troubleshooting, service improvement, and compliance purposes, then delete or anonymise it. Further detail is in Section 13.

• Marketing preferences

Examples: subscription status, communication preferences, consent records where applicable, and opt-out and suppression list records.

How we use it:

• to send marketing communications, where permitted
• to record and apply your preferences (including opt-outs and objections)
• to demonstrate compliance with applicable marketing rules

Our lawful basis:

• Consent (Article 6(1)(a)) where required (including where PECR requires consent)
• Legitimate interests (Article 6(1)(f)) where permitted for business-to-business marketing and to maintain suppression lists so we respect your preferences
• Legal obligation (Article 6(1)(c)) where record-keeping is required by law

How we collect it:

• Directly from you when you sign up, update preferences, or unsubscribe
• Generated through our marketing systems as you interact with communications (for example, unsubscribe logs)

How long we keep it:
We retain marketing preference records for as long as needed to respect your preferences and demonstrate compliance. We may keep a limited record of an opt-out or objection to ensure we do not contact you again. Further detail is in Section 13.

• Special Category Data

We do not intentionally collect Special Category Data. If you voluntarily provide Special Category Data (for example, dietary or accessibility requirements for an event), we will:

• use it only for the purpose for which it was provided
• process it only where we have a valid UK GDPR lawful basis and a special category condition (including explicit consent where required)
• apply additional safeguards such as minimisation and access restriction
• delete it when it is no longer needed, in line with Section 13
  • Children’s Data

Our Website and Platform are not directed to children, and we do not knowingly collect Personal Data from children. If you believe a child has provided Personal Data to us, please contact us at [email protected] so we can take appropriate steps to delete it.

6. Who we share Personal Data with
   We share Personal Data only with recipients who need it for the purposes described in this Privacy Policy, and subject to appropriate contractual and security protections.

• Within Omnisient: authorised personnel who need access for their role
• Service providers: providers who support our business operations – for example, IT and cloud hosting, communications, customer relationship management, support ticketing, and security providers
• Professional advisers: for example, legal, audit, and compliance advisers
• Legal and regulatory disclosures: regulators, courts, law enforcement, or other third parties where disclosure is required or permitted by law, or necessary to establish, exercise, or defend legal rights.

7. International data transfers
   • Transfers outside the United Kingdom

Your Personal Data may be transferred to, stored in, or accessed from countries outside the United Kingdom, including where our service providers and their sub-processors operate.

These countries may include, for example, the United States, South Africa, the United Arab Emirates, Brazil, and Australia, depending on the location of the relevant service provider at the time.

• Our international service providers

We use service providers that may process Personal Data internationally in order to operate and secure the Website and Platform and manage our business operations. These may include cloud hosting and infrastructure providers (such as Microsoft Azure), and other vendors that support functions such as customer relationship management, communications, marketing, analytics (where enabled), and security.

• Safeguards for international transfers

Where we transfer Personal Data outside the United Kingdom to a country that is not subject to a UK adequacy regulation, we put appropriate safeguards in place in accordance with the UK GDPR. Depending on the transfer, these safeguards may include one or more of the following:

• the UK International Data Transfer Agreement (“IDTA”) and the UK Addendum to the EU Standard Contractual Clauses, as applicable
• contractual requirements designed to protect Personal Data to UK GDPR standards, including obligations relating to confidentiality, security measures, and handling of legal requests
• supplementary technical and organisational measures where appropriate, such as encryption in transit, access controls, and audit logging

• Further information

You can request further information about our international transfers and the safeguards we use by contacting us at [email protected].

8. Cookies, similar technologies and electronic marketing

• Cookies and similar technologies

We use cookies and similar technologies, such as pixels, tags and scripts, on the Website and, where applicable, parts of the Platform to:

• enable core functionality and provide the services you request
• keep the Website and Platform secure and prevent misuse
• remember your preferences, including your cookie choices
• where you choose, measure and improve performance and understand how the Website is used through analytics
  • Consent and cookie controls

Under the Privacy and Electronic Communications Regulations 2003:

• Strictly necessary cookies may be placed without your consent because they are required for the Website to function and to provide requested services.
• Non-essential cookies and similar technologies, including analytics cookies and any advertising cookies where used, will not be placed unless and until you consent through our cookie banner or preference tool.
• Our cookie banner allows you to accept all, reject all, or customise your choices.
• You can change your preferences and withdraw consent at any time using our cookie settings tool found at https://omnisient.com/privacy-center/
• We record your cookie preferences, including consent and withdrawal, so we can apply your choices.

For more information, please see our Cookie Policy at https://omnisient.com/cookie-policy/.

• Electronic marketing

Where we send electronic marketing, we do so only as permitted by the Privacy and Electronic Communications Regulations 2003 and other applicable laws. Depending on the context, we may rely on:

• your consent where opt-in is required
• our legitimate interests where permitted for business-to-business marketing, with a clear and simple opt-out

You can opt out of marketing at any time by using the unsubscribe link in our emails or by contacting us at [email protected]. If you opt out, we may still send non-marketing messages where necessary, for example security notifications or administrative communications.

9. Data Retention

We keep Personal Data only for as long as necessary for the purposes described in this Privacy Policy. We may keep Personal Data for longer where required or permitted by law, or where we need it to establish, exercise, or defend legal rights.

9.1.   How we set retention periods

Retention depends on the type of Personal Data and how it is used. In deciding how long to keep Personal Data, we take into account:

• the nature and duration of our relationship with you or your organisation
• the purpose for which the Personal Data was collected and the lawful basis relied upon
• applicable legal, regulatory, tax, and accounting requirements
• relevant limitation periods for legal claims and dispute resolution
• security and fraud prevention needs, including incident investigation
• any legal hold, litigation hold, or similar preservation requirement

9.2.  What this means in practice

• Enquiries, support, and communications: kept for as long as reasonably necessary to handle the request, manage follow-up, and maintain appropriate records, then deleted or anonymised.
• Business relationship records: kept for the duration of the relevant relationship and for a reasonable period afterwards for auditability, compliance, and dispute handling.
• Platform account and administrative data: kept while an account is active and for a limited period after closure to support account closure, security, and record-keeping.
• Security and audit logs: kept for as long as reasonably necessary to maintain the security of the Website and Platform and to investigate and respond to incidents.
• Accounting and invoicing records: kept in accordance with applicable legal and regulatory requirements.

We take steps to delete, destroy, or anonymise Personal Data when it is no longer needed for the purposes described above.

If you would like further information about our retention approach for a particular category of Personal Data, you can contact us at [email protected].

10. Your Privacy Rights

Under the UK GDPR, you have certain rights in relation to your Personal Data, subject to applicable conditions and exemptions.

• Your rights

You may have the right to:

• Access your Personal Data and receive a copy of the Personal Data we hold about you
• Rectify inaccurate Personal Data and complete incomplete Personal Data
• Erase your Personal Data in certain circumstances
• Restrict our processing of your Personal Data in certain circumstances
• Object to processing based on legitimate interests, and to object to direct marketing at any time
• Data portability, where applicable, which allows you to receive the Personal Data you provided to us in a structured, commonly used, machine-readable format and to have it transferred to another controller where technically feasible
• Withdraw consent where we rely on consent, without affecting the lawfulness of processing carried out before you withdraw consent
• Complain to the UK Information Commissioner’s Office (the ICO).

Automated decision-making: We do not use your Personal Data to make solely automated decisions, without human involvement, that produce legal effects concerning you or similarly significantly affect you.

• How to exercise your rights

To exercise your rights, please email [email protected].

We may ask you to verify your identity before responding, and we may request information needed to locate the relevant Personal Data. Where permitted, you may use an authorised representative to submit a request on your behalf. We may require evidence of their authority to act for you.

• Our response times

We usually respond within one month of receiving a valid request. If a request is complex or you submit multiple requests, we may extend the response time by up to two additional months. If we extend the time, we will let you know within one month and explain why.

11. Data security

We implement appropriate technical and organisational measures designed to protect Personal Data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to Personal Data. These measures are risk-based and take into account the nature of the Personal Data and how it is processed.

• Security measures

Our information security controls may include:

• encryption in transit and, where appropriate, encryption at rest
• access controls, authentication safeguards, and least-privilege access
• logging, monitoring, and auditability measures
• vulnerability management, patching, and secure configuration practices
• secure development practices and change management
• staff training and confidentiality obligations
• supplier due diligence, contractual protections, and ongoing oversight
  • Security incident management

We maintain incident management processes designed to detect, respond to, investigate, and remediate security incidents. Where required by law, we will notify the appropriate regulator and affected individuals of relevant personal data breaches.

No system can be guaranteed to be completely secure. You can help protect your information by using strong passwords, keeping credentials confidential, and contacting us promptly if you believe your account has been compromised.

12. Changes to this Privacy Policy

We may update this Privacy Policy from time to time. The “Last updated” date at the top of this page shows when it was most recently revised. Where changes are material, we will provide a prominent notice for a reasonable period. We encourage you to review this Privacy Policy periodically.

13. Contact us and complaints

If you have questions about this Privacy Policy, want to exercise your privacy rights, or wish to raise a concern, you can contact us using the details below.

Email: [email protected]
Post: 5 Churchill Place, Canary Wharf, London E14 5HU

You also have the right to complain to the UK Information Commissioner’s Office.

UK Information Commissioner’s Office
Website: https://ico.org.uk/
Telephone: 0303 123 1113
Address: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF

3. Information we collect through the Website (and Platform) and how we process it

The following table describes (i) the categories of personal data we may collect, (ii) why we collect and use that personal data (the purpose for processing), (iii) the lawful basis under the UK GDPR, and (iv) how we collect the personal data.

For more information regarding cookies and how you can manage your preferences, see our Cookie Policy: https://omnisient.com/cookie-policy/.

4. How we share or disclose information

When you use our Website or Platform, your personal data may be shared with our subsidiaries and affiliates, or with our service providers who process data on our behalf.

To operate our business, we use trusted service providers, including:

• cloud hosting and infrastructure providers;
• marketing analytics and automation providers; and
• customer relationship management providers.

These third-party service providers are authorised to use personal data only as necessary to provide their services to us and in line with our instructions. Omnisient takes appropriate steps to ensure that these service providers protect your personal data, including entering into data processing agreements and assessing security measures.

Other recipients may include public authorities, regulators, courts, and law enforcement entities. Your personal data may be disclosed as required by law and when we have reason to believe that disclosure is necessary to protect our rights, protect your safety or the safety of others, investigate fraud, or respond to a lawful request.

5. Cookies, Marketing and Similar Technologies (PECR)

We use cookies and similar tracking technologies on our Website. Under PECR, strictly necessary cookies may be set without consent, but we will ask for your consent before setting non-essential cookies (such as analytics or advertising cookies).

You can manage your cookie choices at any time using our cookie settings tools (including via the cookie banner) and you can withdraw consent at any time. For more information, see our Cookie Policy: https://omnisient.com/cookie-policy/.

Where we send electronic marketing to you, we will do so only where permitted by applicable law. You can opt out at any time using the unsubscribe option within our marketing emails or by contacting us.

6. Your privacy rights

6.1. Under the UK GDPR, you may have the following rights, subject to applicable conditions and exemptions:

6.1.1. The Right of Access: You can request access to your personal data and receive a copy of the personal data we hold about you.]

6.1.2. The Right to Rectification: You can ask us to correct inaccurate or incomplete personal data.

6.1.3. The Right to Erasure: You can ask us to delete your personal data in certain circumstances.

6.1.4. The Right to Restrict Processing: You can ask us to restrict processing of your personal data in certain circumstances.

6.1.5. The Right to Object: You can object to processing based on legitimate interests. You can also object to direct marketing at any time.

6.1.6. The Right to Data Portability: Where applicable, you can ask to receive the personal data you provided to us in a structured, commonly used, machine-readable format, and to have it transmitted to another controller where technically feasible.

6.1.7. The Right to Withdraw Consent: Where processing is based on consent, you can withdraw consent at any time. This will not affect processing already carried out.

6.1.8. The Right to Complain: You have the right to lodge a complaint with the UK Information Commissioner’s Office (“ICO”).

6.2. To exercise your rights, please submit a request by email at [email protected]. We may ask you to verify your identity before we process your request. Where permitted, you may use an authorised agent to submit a request on your behalf; we may require evidence of their authority to act for you.

7. Children’s Data

We do not intentionally collect personal data from children. If you are under the age of 16, please refrain from submitting any personal details to us. If you become aware that a child has shared personal data with us, please contact us and we will promptly remove such information from our records.

8. Data Security

The security of your personal data is important to us. We maintain a comprehensive information security program designed to ensure the security of personal data by implementing physical, technical, and administrative measures and safeguards. We use reasonable and appropriate technical and organisational measures to protect personal data, including encryption in transit, access controls, logging, vulnerability management, and secure development practices. No system is completely secure. We will notify you and relevant authorities of data breaches as required by law.

9. Data Retention

We review our retention periods for personal data on a regular basis. We are legally required to hold some types of information for certain periods to fulfil our legal and statutory obligations. Outside of these obligations, we will hold your personal data in our systems for as long as is necessary:

• to provide the services you have requested (e.g. via an online form or a Platform account),
• to develop and improve our services and Website,
• as mandated by law, contract, or similar obligations that apply to our business operations,
• for preserving, resolving, defending or enforcing our legal/contractual rights, or
• as needed to maintain adequate and accurate business and financial records.

We take steps to delete, destroy, or anonymise personal data once it is no longer needed.

10. International Data Transfers

10.1. Your personal data may be transferred to, stored in, and processed in countries outside the United Kingdom, including where our service providers and their sub-processors operate.

10.2. We use service providers that may process or support the processing of personal data internationally, including Microsoft Azure (cloud hosting and infrastructure for our Platform and related services), and other vendors that support our Website, customer relationship management, marketing communications, analytics, and security.

10.3. Where personal data is transferred outside the UK to a country that is not subject to a UK adequacy regulation, we ensure appropriate safeguards are in place, including one or more of the following (as applicable):

• the UK International Data Transfer Agreement (“IDTA”) and/or the UK Addendum to the EU Standard Contractual Clauses;
• contractual commitments requiring the recipient to protect personal data to UK GDPR standards and to notify us of relevant legal requests; and
• supplementary technical and organisational measures where appropriate, such as encryption in transit, access controls, and audit logging.

 You can request further information about international transfers and the safeguards we use by contacting us at [email protected].

11. Changes to this Policy

We may make changes to this Privacy Policy from time to time. The “Last updated” date at the top of this page indicates when this Privacy Policy was last revised. If the changes to this Privacy Policy are material, we will provide a more prominent notice for a reasonable time period. We encourage you to review this Privacy Policy periodically.

12. Contact Us

If you have any questions or comments about our Privacy Policy, or wish to lodge a concern or complaint, please contact us at:

Email: [email protected]
Postal address: 5 Churchill Place, Canary Wharf, London E14 5HU

You also have the right to lodge a complaint with the UK Information Commissioner’s Office (ICO).