Contents
1. Who we are
2. The personal data we collect
3. How we collect your data
4. How and why we use your data (lawful bases)
5. Marketing and outreach
6. Who we share your data with
7. International transfers
8. How long we keep your data
9. How we keep your data secure
10. Your rights
11. How to exercise your rights
12. Complaints
13. Automated decision-making
14. Children's data
15. Cookies
16. Changes to this policy
17. How to contact us
1. Who we are
Nectra Technologies Limited ("Nectra", "we", "us", "our") is a software, integration and digital marketing agency registered in England and Wales (company number 16490496), with its registered office at 1 Beeston Grove, Clitheroe, Lancashire, England, BB7 2RF. We operate the website at nectra.co.uk.
Data controller. For the personal data described in this policy, Nectra is the "data controller" — we decide how and why your personal data is used. We are registered with the Information Commissioner's Office (ICO) under registration number C1957402 (temp).
Note on client data. When we deliver services to our clients — for example operating system integrations, AI-assisted customer-service workflows, or advertising on their behalf — we act as a "data processor" on the instructions of that client, who is the controller for the data involved. That activity is governed by our agreement with the relevant client, not by this policy. This policy covers personal data for which Nectra itself is the controller, such as the data of our website visitors, prospects, clients' representatives and suppliers.
This policy explains: what personal data we collect, how and why we use it, who we share it with, how long we keep it, how we protect it, and the rights you have. It is provided in accordance with the UK GDPR, the Data Protection Act 2018 and the Privacy and Electronic Communications Regulations 2003 (PECR), each as amended by the Data (Use and Access) Act 2025.
2. The personal data we collect
Depending on how you interact with us, we may collect and process the following categories of personal data:
Category Examples
Identity and contact data Name, job title, employer/organisation, email address, telephone number, postal/business address.
Enquiry and correspondence data The content of messages you send us via our website forms, email, phone or social channels, and our replies.
Client and project data Information needed to scope, deliver and support a project, including account/login details for systems we integrate with where you provide them, and billing details.
Marketing and engagement data Whether you have opened or responded to outreach we send, your marketing preferences, and your interactions with our campaigns.
Technical and usage data IP address, approximate location, browser and device type, operating system, the pages you view on nectra.co.uk and how you arrived there (e.g. referral or UTM information).
Supplier and contractor data Contact and payment details of our suppliers, partners and contractors.
Special category data. We do not seek to collect special category data (such as health, ethnicity, or political views). Please do not send us such data unless we specifically ask for it.
3. How we collect your data
We collect personal data:
• Directly from you — when you complete a form on our website, email or call us, engage us for a project, or otherwise correspond with us.
• Automatically — when you visit nectra.co.uk, through cookies and similar technologies (see our Cookie Policy).
• From third parties and public sources — for business-to-business marketing we may obtain business contact details from our marketing partners and reputable data sources (for example company websites, professional networking sites and business directories). Where we appoint a digital marketing agency to carry out outreach on our behalf, that agency processes personal data as our data processor (see sections 5 and 6).
4. How and why we use your data (lawful bases)
We only use your personal data where we have a lawful basis under the UK GDPR. The table below sets out our main purposes and the lawful basis for each.
Purpose Lawful basis
Responding to your enquiries and providing information you request Legitimate interests; and/or taking steps at your request prior to entering a contract
Scoping, delivering, supporting and invoicing our services Performance of a contract with you or your organisation
Business-to-business marketing and outreach, including via our marketing partner Legitimate interests (promoting our services to relevant businesses), subject to your right to object
Sending updates to existing clients and contacts about our services Legitimate interests / the "soft opt-in" under PECR, subject to your right to opt out at any time
Managing supplier and partner relationships Legitimate interests and/or performance of a contract
Operating, securing and improving our website Legitimate interests; consent where required for non-essential cookies
Keeping business and accounting records and meeting tax obligations Legal obligation
Preventing fraud and protecting our systems and people Legitimate interests
Our legitimate interests. Where we rely on legitimate interests, we have considered whether those interests are overridden by your interests and rights. You can ask us for more information about this assessment, and you can object to processing based on legitimate interests at any time (see section 10).
5. Marketing and outreach
We carry out business-to-business marketing to promote our services to organisations we believe may benefit from them. Our outreach is directed at business contacts in a professional capacity.
Your control. You can ask us to stop sending you marketing at any time — by using the opt-out or unsubscribe link in any message, or by emailing us at harri@nectra.co.uk. We will action your request promptly. You have an absolute right to object to direct marketing.
Use of a marketing partner. We engage carefully selected third-party partners and service providers who process personal data on our behalf in compliance with the UK GDPR. From time to time, we appoint digital marketing agencies to conduct outreach and marketing activities on our behalf. As part of these activities, personal data may be processed in accordance with applicable data protection laws. Our appointed data processors include:
• (i) Prospect Global Ltd (trading as Sopro), Reg. UK Co. 09648733. You can contact Sopro and view their privacy policy at sopro.io. Sopro is registered with the ICO under registration ZA346877. Their Data Protection Officer can be contacted at dpo@sopro.io.
6. Who we share your data with
We do not sell your personal data. We share it only where necessary, and with appropriate safeguards in place. Recipients may include:
• Service providers and processors who help us run our business, such as our marketing partner (Sopro), website hosting and infrastructure providers, analytics providers, email and communication providers, and our customer-relationship management (CRM) system.
• Our personnel and contractors, including our development team, who access data only as needed to perform their role and under confidentiality obligations.
• Professional advisers such as accountants, auditors and lawyers.
• Authorities or third parties where we are required to do so by law, or to establish, exercise or defend legal claims.
Where we use processors, we put a written contract in place that requires them to protect your data and to process it only on our instructions.
7. International transfers
Some of the people and providers who process personal data on our behalf may be located outside the United Kingdom. Where personal data is transferred outside the UK, we ensure a similar degree of protection by relying on one of the following safeguards:
• a transfer to a country the UK has decided provides an adequate level of protection; or
• the use of approved transfer mechanisms, such as the UK's International Data Transfer Agreement (IDTA) or the UK Addendum to the EU Standard Contractual Clauses, together with any additional measures required.
Our development team. Part of our development and support work is delivered by a team member based outside the UK. Where that involves access to personal data, it is covered by confidentiality obligations and the safeguards described above. You can ask us for details of the safeguards used by contacting harri@nectra.co.uk.
8. How long we keep your data
We keep personal data only for as long as we need it for the purposes set out in this policy, and to meet our legal, accounting and reporting obligations. As a general guide:
Type of data Typical retention period
Enquiries that do not lead to a project Up to 24 months from last contact, then deleted or anonymised
Client and project records For the duration of the relationship and up to 6 years after it ends (to meet contractual and tax requirements)
Accounting and tax records At least 6 years, in line with HMRC requirements
Marketing contact data Until you opt out or object, and reviewed periodically for relevance
Website analytics data As set out in our Cookie Policy
When we no longer need personal data, we securely delete or anonymise it.
9. How we keep your data secure
We take the security of personal data seriously and use appropriate technical and organisational measures to protect it against unauthorised access, loss, alteration or disclosure. These measures include access controls and the principle of least privilege, encryption in transit, secured and maintained servers, restricted and logged administrative access, and confidentiality obligations on our personnel and contractors. While no system can be guaranteed to be completely secure, we work to protect your data and to detect and respond to any incidents promptly.
10. Your rights
Under the UK GDPR you have the following rights in relation to your personal data:
• The right to be informed about how we use your data — this policy is part of that.
• The right of access — to obtain a copy of the personal data we hold about you (a "subject access request").
• The right to rectification — to have inaccurate data corrected and incomplete data completed.
• The right to erasure — to ask us to delete your data in certain circumstances (the "right to be forgotten").
• The right to restrict processing — to ask us to limit how we use your data in certain circumstances.
• The right to data portability — to receive certain data in a portable format.
• The right to object — including an absolute right to object to direct marketing, and a right to object to processing based on legitimate interests.
• Rights relating to automated decision-making — see section 13.
Exercising these rights is normally free of charge.
11. How to exercise your rights
How to make a request. To exercise any of your rights, contact us at harri@nectra.co.uk or by writing to us at the address in section 1. We may need to ask for information to confirm your identity before we act on your request.
Our timescales. We will respond to your request without undue delay and within one month of receipt. Where a request is complex or we receive several requests from you, we may extend this period by up to two further months; if we do, we will let you know within the first month and explain why. If we need further information to verify your identity or to clarify your request, the time limit will pause until we receive what we have asked for.
Marketing prospects contacted via our partner. If you have been contacted as part of outreach carried out on our behalf by Sopro and you wish to exercise your rights in respect of that activity, you can contact us, or you can contact Sopro directly using the details in section 5; we will work with our partner to handle your request within the required timeframes.
12. Complaints
If you are unhappy with how we have handled your personal data or a request you have made, you have the right to complain to us directly. Please contact us at harri@nectra.co.uk. We will acknowledge your complaint within 30 days of receiving it and aim to resolve it as quickly as possible, keeping you informed of progress.
If you remain dissatisfied, you can complain to the Information Commissioner's Office (ICO) at ico.org.uk, by calling 0303 123 1113, or by writing to: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF. We would, however, appreciate the chance to address your concerns first.
13. Automated decision-making
We do not make decisions about you that are based solely on automated processing and that produce legal effects concerning you or similarly significantly affect you. If this changes, we will update this policy and tell you about the logic involved and your rights.
14. Children's data
Our website and services are intended for businesses and the professionals who work in them. They are not directed at children, and we do not knowingly collect personal data relating to children. If you believe a child has provided us with personal data, please contact us so we can delete it.
15. Cookies
Our website uses cookies and similar technologies. For full details of the cookies we use, why we use them, and how you can manage your preferences, please see our separate Cookie Policy.
16. Changes to this policy
We may update this policy from time to time. The version and effective date are shown at the top of this document and in the footer. Where changes are significant, we will take reasonable steps to bring them to your attention. Please check back periodically.
17. How to contact us
Nectra Technologies Limited
Registered office: 1 Beeston Grove, Clitheroe, Lancashire, England, BB7 2RF
Email: harri@nectra.co.uk
Website: nectra.co.uk
Company number: 16490496 · ICO registration: C1957402 (temp)