Privacy Policy

Introduction

At Demandtex, we are committed to protecting the privacy and security of personal data in line with applicable data protection regulations and our ISO 27001-aligned information security practices.

This Privacy Policy explains how we collect, use, store, and share personal data when you interact with our website, services, or communications. It should be read alongside our Data Protection Policy.

Information We Collect

We may collect the following categories of personal data:

  • Contact information such as name, company, email address, and phone number
  • Information submitted through contact forms, event registrations, or communications
  • Technical and usage data including IP address, browser type, device information, and website activity

How We Use Information

We use personal data to:

  • Respond to inquiries and provide services
  • Manage customer and partner relationships
  • Deliver marketing communications and event information
  • Improve website performance and user experience
  • Maintain security, prevent unauthorised access, and comply with legal obligations

All processing activities are conducted on a lawful basis as defined under UK/EU GDPR, including consent, contract, legitimate interests, or legal obligation. Lawful bases for each processing activity are documented in Demandtex’s Records of Processing Activities (ROPA).

Data Protection & Security

Demandtex applies appropriate technical and organisational security controls to protect personal data, including:

  • Access control and least privilege principles
  • Secure cloud-based systems
  • Encryption in transit
  • Security monitoring and incident management processes
  • Confidentiality obligations for employees and partners

Our information security practices are aligned with ISO 27001 principles and continuous risk management processes. Full security requirements are set out in the Information Security Policy v2.0.

Data Retention

Personal data is retained only for as long as necessary to fulfil the purposes for which it was collected, or as required by law. Demandtex maintains a retention schedule reviewed annually. When personal data is deleted, deletion is carried out securely and irreversibly in accordance with the Secure Disposal Policy.

Data Sharing

We do not sell personal data. Information may be shared with trusted service providers and partners supporting our business operations, under appropriate confidentiality and security obligations. Any third-party processors are subject to data processing agreements ensuring equivalent levels of protection.

International Transfers

As a global organisation, data may be processed in countries outside the UK or European Economic Area. Where such transfers occur, appropriate safeguards are in place as required by UK/EU GDPR, such as standard contractual clauses or adequacy decisions.

Your Rights

Depending on applicable laws, you may have the following rights regarding your personal data:

  • Right of access — to request a copy of the personal data we hold about you
  • Right to rectification — to request correction of inaccurate or incomplete data
  • Right to erasure — to request deletion of your personal data in certain circumstances
  • Right to restriction — to request that we limit how we use your data
  • Right to data portability — to receive your data in a structured, machine-readable format
  • Right to object — to object to processing based on legitimate interests or for direct marketing

Requests should be directed to the Information Security Lead or DPO and will be responded to within one calendar month, in accordance with our Data Protection Policy.

Cookies

Our website may use cookies and analytics technologies to improve functionality and user experience. Cookies may collect technical usage data such as pages visited, session duration, and browser preferences. Users may manage cookie preferences through their browser settings. We do not use cookies to collect sensitive personal information without explicit consent.

Data Breach Notification

In the event of a personal data breach, Demandtex will follow the breach escalation process defined in the Information Security Policy v2.0. Where required by UK/EU GDPR, affected individuals and the Information Commissioner’s Office (ICO) will be notified within applicable timeframes.

Policy Review

This policy is reviewed annually or upon any of the following triggers:

  • A significant security incident or data breach
  • A material change to Demandtex’s systems, tools, or operating model
  • A change in applicable law or regulation
  • Publication of a new or significantly updated related policy

Contact

For any questions regarding this Privacy Policy or our information security practices, please contact:

Demandtex
www.demandtex.com
info@demandtex.com
Owner Information Security Lead / DPO

Proprietary & Confidential © 2026 Demandtex