Privacy Policy
Last updated: 22 August 2025
1) Who we are
MaxIron Ltd ("MaxIron", "we", "us", "our"), registered office: 3rd Floor, 86–90 Paul Street, London, England, EC2A 4NE, is the controller for personal data processed via maxiron.com (the "Website") and the MaxIron Portal for consuming MaxIron products and services (the "Portal").
Contact: office@maxiron.com
This notice explains what we collect, why, how long we keep it, who we share it with, and your rights under the UK GDPR, the Data Protection Act 2018, and the Privacy and Electronic Communications Regulations (PECR).
2) Scope
This policy covers Website visitors and business users who access the Portal on behalf of their employer/customer. We do not target or knowingly collect data from children.
3) Personal data we collect
A. Website usage data (when you visit)
- Cookies and similar technologies (see our Cookies Policy for details and choices).
- Device and network data (IP address, browser/OS, referrer URL, pages viewed, timestamps, approximate geolocation).
Special category data: we do not intentionally collect it. Automated decisions: none that produce legal or similarly significant effects.
B. Portal account data (when you or your employer create an account)
- Name, work email, username, password (hashed), role/title, company.
- We may receive your details from your colleagues to invite you to the Portal.
- Communications you send us (e.g., email, forms).
- Usage and audit logs (sign-ins, actions taken), support tickets, messages you exchange via the Portal.
We may aggregate/anonymise data for analytics; anonymised data is not personal data.
4) How we use your data & legal bases
| Purpose | Legal basis |
|---|---|
| Operate and secure Website & Portal | Legitimate interests; Contract (Portal users) |
| Create and manage Portal accounts | Contract |
| Provide products/services | Contract |
| Improve and analyse | Legitimate interests |
| Communicate with you | Contract / Legitimate interests |
| Marketing (optional) | Consent (withdrawable anytime) |
| Legal/compliance | Legal obligation / Legitimate interests |
Marketing & cookies: We only set non-essential cookies with your consent (PECR). You can change cookie preferences via our banner/settings and unsubscribe from marketing via links in emails or by emailing office@maxiron.com.
5) Retention
- Marketing contacts: until you opt out + up to 24 months to maintain suppression records.
- Support tickets: 6 years from closure.
- Portal account & contract data: duration of the contract + 6 years (tax, audit, limitation).
- Website logs: up to 12 months (security/diagnostics).
If consent is withdrawn and no other legal basis applies, we stop that processing. These periods may be extended if required by law or for the establishment, exercise or defence of legal claims.
6) Sharing your data
We use vetted processors acting on our instructions, such as: cloud hosting and storage, email delivery, analytics, customer support tools, and security monitoring. We also disclose data where required by law or as part of a corporate transaction under confidentiality safeguards.
We do not sell your personal data.
7) International transfers
Your data is primarily stored in the United Kingdom. Where we transfer personal data outside the UK, we implement appropriate safeguards, such as the UK International Data Transfer Agreement (IDTA) or EU Standard Contractual Clauses with the UK Addendum. Details are available on request at office@maxiron.com.
8) Security
We use appropriate technical and organisational measures, including encryption in transit, access controls, least-privilege, logging and monitoring, malware protection, and staff training. We maintain incident response procedures and will notify you and/or the ICO of personal data breaches where required by law.
9) Your rights
You can: access, rectify, erase, restrict processing, object (including to marketing), port your data, and withdraw consent at any time.
- You have the right to complain to the Information Commissioner's Office (ICO): https://ico.org.uk
- Contact: office@maxiron.com
- We aim to respond within one month (extendable in complex cases).
- We may need to verify your identity.
10) Cookies and third-party links
See our Cookies Policy for full details and choices. The Website/Portal may link to third-party sites. Their privacy policies apply; we are not responsible for their practices.
11) Changes to this policy
We may update this notice from time to time. We will post changes here and update the "Last updated" date. If changes are material, we'll take additional steps to inform you.