Byzas Research Limited An extension of your in-house capabilities

Privacy Notice

This notice explains how Byzas Research Limited (“Byzas”, “we”, “us”, “our”) collects and uses personal data when you use our website, create an account, or contact us.

Controller and contact

Controller: Byzas Research Limited
Company No: 10736955
Address: Pen-y-Bryn, Crown Lane, Denbigh, Denbighshire, LL16 3SY (United Kingdom)
Email: info@byzas.co.uk

If you have a privacy query or wish to exercise your rights, contact us using the email above. We may need to verify your identity before responding.

Personal data we collect

  • Account data: name, email address, company name, access permissions (e.g. login/correspondence).
  • Enquiry data: information you submit via our contact form (including message content and any details you choose to provide).
  • Security and technical data: IP address, login attempt records, device/browser information (limited to what is needed for security and troubleshooting).
  • Cookie consent preferences: your consent choices for non-essential cookies (managed by Cookiebot).

How we use your data

  • To create and manage user accounts and authenticate users.
  • To respond to enquiries and maintain a record of correspondence.
  • To administer the site and protect it against unauthorised access, fraud and abuse (including rate limiting and account lockout).
  • To comply with legal, regulatory, and accreditation-related obligations where applicable.

Lawful bases (UK GDPR)

  • Contract (Article 6(1)(b)): where processing is necessary to provide requested services or manage an account.
  • Legitimate interests (Article 6(1)(f)): for security, fraud prevention, and service administration (balanced against your rights).
  • Legal obligation (Article 6(1)(c)): where we must comply with applicable laws or regulator requirements.
  • Consent (Article 6(1)(a)): where required for non-essential cookies and similar technologies. These preferences are managed via Cookiebot.

Recipients and processors

We may share personal data with trusted service providers who act as our processors (for example, hosting or IT support). They are required to process data only on our instructions and to maintain appropriate security. We do not sell personal data.

International transfers

We aim to keep data within the UK. If we need to transfer personal data outside the UK, we will ensure appropriate safeguards are in place (such as the UK International Data Transfer Agreement or adequacy regulations) and document those safeguards.

Security

We implement technical and organisational measures designed to protect personal data. This includes access control, authentication, password hashing, logging and monitoring of login attempts, and administrative permission management. No system is risk-free; we review controls and improve them as appropriate.

Retention

We keep personal data for as long as necessary for the purposes described above:

  • Account data: retained while the account is active. If an account is closed or deleted, we may retain limited records where necessary for security, dispute handling, or legal obligations.
  • Enquiries/correspondence: retained to manage ongoing and historical enquiries and for audit trails where appropriate.
  • Security logs: retained for a limited period to investigate incidents and prevent abuse.

Your rights

You have the right to request:

  • access to your personal data,
  • correction of inaccurate data,
  • erasure (in certain circumstances),
  • restriction of processing,
  • objection to processing (particularly where we rely on legitimate interests),
  • data portability (where applicable).

Complaints

If you are not satisfied with our response, you can complain to the UK Information Commissioner’s Office (ICO): ico.org.uk.

Changes to this notice

We may update this notice from time to time. The latest version will be published on this page.