3. What Data We Collect

Averma collects personal data to provide web design, SEO, and digital marketing services, improve user experience, and ensure compliance with applicable regulations. The data we collect depends on how you interact with us, whether as a website visitor, client, or business contact.

We collect the following types of data:

3.1 Personal Data You Provide to Us

We collect personal data directly from you when you:

• Contact us via our website, email, or phone
• Request a quote or consultation
• Sign up for newsletters or marketing communications
• Provide details for invoicing and contractual purposes
• Submit inquiries or customer support requests
• Engage with us on social media

This may include:

• Full Name
• Email Address
• Phone Number
• Company Name & Business Address
• Billing Details & Payment Information (if applicable)
• Project-Related Information (such as website details, design preferences, and business objectives)

3.2 Data We Collect Automatically

When you visit our website, we use tracking technologies (such as cookies, analytics tools, and server logs) to automatically collect certain information, including:

• IP Address
• Browser Type & Version
• Operating System
• Device Type (e.g., desktop, tablet, mobile)
• Referring Website & Pages Viewed
• Date & Time of Visit
• Clickstream Data (how you navigate through the website)
• Approximate Location Data (based on your IP address)

This data helps us monitor website performance, improve security, and optimise user experience.

3.3 Cookies and Tracking Technologies

We use cookies and similar tracking technologies to collect and store data about how visitors use our website. This includes:

• Essential Cookies – Necessary for website functionality (e.g., login, security, session management)
• Analytics Cookies – Helps us measure traffic and user behaviour (e.g., Google Analytics)
• Marketing & Advertising Cookies – Used for targeted advertising and remarketing campaigns
• Performance Cookies – Improve website speed and usability

For more details, see our Cookie Policy.

3.4 Third-Party Data

We may receive personal data from third-party sources, including:

• Business Partners & Referrals – When someone refers you to our services
• Publicly Available Sources – Such as LinkedIn, company websites, or industry directories
• Marketing & Advertising Platforms – From campaigns or retargeting services

We ensure that any third-party data collection complies with applicable privacy laws.

3.5 Data for Marketing & Communication

If you opt-in to receive marketing communications from Averma, we may collect:

• Email preferences & engagement history
• Marketing campaign interactions (e.g., email opens, link clicks)
• Social media interactions

You can unsubscribe from marketing emails at any time by clicking the “Unsubscribe” link in our emails or contacting us directly.

4. How We Use Your Data

Averma collects and processes personal data lawfully, fairly, and transparently to provide services, improve user experience, and comply with legal obligations. We do not sell or share personal data with third parties for their own marketing purposes.

We process personal data for the following reasons:

4.1 Providing Our Services

We use personal data to:

• Communicate with clients, respond to inquiries, and provide customer support
• Deliver website design, SEO, and digital marketing services
• Manage projects, contracts, and invoicing
• Process payments and issue receipts
• Send service updates, maintenance notifications, and relevant support information

4.2 Improving & Optimising Our Website

We analyse visitor data to:

• Understand website traffic and user behaviour
• Improve functionality, performance, and user experience
• Detect and resolve technical issues or security vulnerabilities
• Personalise content based on visitor interests

This is done through cookies, analytics tools (e.g., Google Analytics), and other tracking technologies. You can control or disable cookies via your browser settings. See our Cookie Policy for more details.

4.3 Marketing & Communications

If you opt-in to receive marketing materials, we may use your data to:

• Send newsletters, promotions, and industry insights
• Inform you about new services, offers, or relevant updates
• Conduct market research and customer feedback surveys

You can withdraw consent and unsubscribe from marketing communications at any time via the link in our emails or by contacting us directly.

4.4 Legal & Regulatory Compliance

We may process and retain personal data to:

• Comply with UK GDPR, the Data Protection Act 2018, and other legal obligations
• Respond to lawful requests from authorities
• Maintain accurate financial and tax records
• Prevent fraud, cyber threats, and unauthorised access

In cases where we are legally required to retain data, we do so only for the necessary period.

4.5 Security & Fraud Prevention

We take data security seriously and process information to:

• Detect and prevent unauthorised access, hacking, or fraud
• Protect our website, systems, and user accounts from cyber threats
• Investigate and resolve security breaches

This may include monitoring login attempts, IP addresses, and unusual account activity.

4.6 Business Transfers & Corporate Transactions

In the event of a merger, acquisition, or sale of Averma, personal data may be transferred to the new owner. Any such transfer will be in compliance with data protection laws and safeguard user rights.

5. How We Share Your Data

Averma respects your privacy and does not sell, rent, or trade your personal data to third parties for marketing purposes. However, in certain situations, we may share personal data with trusted third parties for legitimate business, legal, or operational reasons.

5.1 Service Providers & Business Partners

We may share personal data with third-party service providers who assist in delivering our services, including:

• Website hosting & IT support – To ensure secure website functionality and data storage.
• Payment processors – To facilitate transactions and process payments securely.
• Marketing & analytics providers – To analyse website traffic, user engagement, and optimise marketing efforts.
• Professional advisors – Such as accountants or legal professionals for business operations and compliance.

All service providers are contractually obligated to handle data securely and in compliance with UK GDPR and other relevant laws.

5.2 Legal Compliance & Law Enforcement Requests

We may disclose personal data if required to:

• Comply with legal obligations, court orders, or regulatory authorities.
• Respond to law enforcement agencies or government requests.
• Enforce our terms of service, agreements, or protect our legal rights.
• Prevent or investigate fraud, cyber threats, or illegal activities.

Such disclosures will be strictly limited to what is necessary under the applicable law.

5.3 Business Transfers & Corporate Changes

In the event of a merger, acquisition, restructuring, or sale of Averma Ltd, personal data may be transferred to the new entity or organisation. Any such transfer will:

• Be subject to appropriate legal safeguards.
• Maintain the same level of protection for your personal data.
• Notify affected users where legally required.

5.4 Cookies & Tracking Technologies

We may share limited, anonymised data with third-party analytics and advertising platforms to enhance user experience and website performance. This includes:

• Google Analytics & Search Console – To track website traffic and performance.
• Social media platforms – If you interact with social media features on our site.
• Third-party advertising networks – To deliver relevant digital ads (where applicable).

See our Cookie Policy for further details on how to manage your preferences.

5.5 Third-Party Links & External Websites

Our website may contain links to third-party websites, tools, or services. Clicking on these links may allow third parties to collect or process your data.

Averma Ltd does not control these third-party websites and is not responsible for their privacy practices. We encourage users to review the privacy policies of any external sites they visit.

6. Data Retention & Storage

Averma Ltd retains personal data only for as long as necessary to fulfil the purposes for which it was collected, including legal, accounting, or regulatory obligations. Below, we outline how long we retain different types of data, where it is stored, and the measures in place to protect it.

6.1 How Long We Retain Personal Data

We follow a data retention policy that ensures personal data is not kept for longer than necessary. The retention periods depend on the type of data and legal requirements:

• General inquiries & contact form submissions – Retained for up to 12 months after the last communication, unless required for ongoing business or legal obligations.
• Customer account & transactional data – Retained for 6 years to comply with UK tax and financial record-keeping laws.
• Marketing & newsletter subscriptions – Retained until the user opts out or requests deletion.
• Analytics & website usage data – Retained for 26 months in Google Analytics, as per industry best practices.
• Legal or contractual records – Retained for the duration of any applicable contract and up to 7 years after termination for legal compliance.
• Job applications & recruitment data – Retained for 6 months, unless the applicant consents to a longer period for future opportunities.

Once the retention period expires, data is securely deleted or anonymised, unless legally required to retain it longer.

6.2 Where Personal Data is Stored

Averma stores personal data within the UK and the European Economic Area (EEA) where possible. However, some third-party service providers may process data outside these regions.

• Website & form submissions – Stored on our website backend and email servers (Microsoft Exchange, part of Microsoft 365).
• Cloud storage & backups – Securely hosted on servers within the UK/EEA.
• Third-party services – Some data may be processed by trusted providers (e.g. Google Analytics, search engines, or payment processors). These services are selected for their compliance with UK GDPR and data security standards.

If personal data is transferred outside the UK/EEA, we ensure adequate protection through mechanisms such as:

• UK International Data Transfer Agreements (IDTAs).
• Standard Contractual Clauses (SCCs) approved by the UK and EU regulators.
• Data hosting in countries with adequate data protection laws.

6.3 How We Keep Personal Data Secure

Averma implements strict security measures to protect personal data from unauthorised access, loss, or misuse. These include:

• SSL encryption – All data transferred via our website is encrypted using Secure Sockets Layer (SSL) technology.
• Access controls – Only authorised personnel can access personal data.
• Firewall & malware protection – Our servers are protected against unauthorised intrusions.
• Regular security audits – We monitor and update our security practices in line with best practices.
• Data minimisation – We collect only the necessary information required for our services.

In the event of a data breach, we have a response plan in place to assess the impact, notify affected individuals (where required), and report to the Information Commissioner’s Office (ICO) as per legal obligations.

7. Your Data Protection Rights

Under the UK General Data Protection Regulation (UK GDPR), individuals have several rights regarding their personal data. Averma is committed to ensuring that you can exercise these rights easily and transparently. Below, we outline your rights and how you can act on them.

7.1 Your Rights Under UK GDPR

As a data subject, you have the following rights:

1. Right to Access – You have the right to request a copy of the personal data we hold about you.
2. Right to Rectification – If your data is inaccurate or incomplete, you can request corrections.
3. Right to Erasure (‘Right to Be Forgotten’) – You can ask us to delete your data when it is no longer needed, if you withdraw consent, or if processing is unlawful.
4. Right to Restrict Processing – You can ask us to temporarily or permanently stop processing your data under certain conditions.
5. Right to Data Portability – You can request your data in a structured, commonly used, machine-readable format to transfer to another service.
6. Right to Object – You can object to data processing, particularly for direct marketing or when processing is based on our legitimate interests.
7. Rights Related to Automated Decision-Making – If decisions affecting you are made solely by automated means (without human involvement), you have the right to request human intervention or challenge the decision.

7.2 How to Exercise Your Rights

To exercise any of these rights, you can contact us via our website’s contact form. Please provide:

• Your full name and contact details.
• A clear description of your request.
• Proof of identity (for security reasons, we may ask for confirmation before fulfilling requests).

We aim to respond within one month of receiving your request. If your request is complex or requires more time, we will inform you of any necessary extensions.

7.3 When We Can Refuse a Request

We will always aim to comply with valid requests. However, in some cases, we may legally refuse or charge a reasonable fee if:

• The request is excessive, repetitive, or unfounded.
• We must retain data for legal or regulatory purposes.
• The data is needed for establishing, exercising, or defending legal claims.

If we refuse your request, we will explain the reason and inform you of your right to complain to the UK Information Commissioner’s Office (ICO).

7.4 Complaints and Further Assistance

If you are unhappy with how we handle your personal data or respond to your request, you can complain directly to us via our contact form.

Alternatively, you can contact the Information Commissioner’s Office (ICO) at:

• Website: https://ico.org.uk/make-a-complaint/
• Helpline: 0303 123 1113
• Address: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF

8. Third-Party Services & Data Sharing

Averma does not sell, rent, or trade personal data to third parties. However, we may share your data in specific circumstances where it is necessary to provide our services, comply with legal obligations, or protect our rights. Below are the instances in which data may be shared:

8.1. Service Providers & Subcontractors

We may engage third-party service providers, contractors, or subcontractors to assist in delivering our services. This includes, but is not limited to:

• Website hosting & maintenance: Our website and associated services are hosted on secure third-party servers.
• Analytics & performance tracking: We use Google Analytics, Google Search Console, and other analytics tools to understand user interactions on our website. These tools collect anonymised data such as IP addresses, browser types, and session durations.
• Email & communication services: We use Microsoft Exchange (as part of Microsoft 365) for business communications, which means some personal data (such as contact details) may be processed through their secure systems.
• Payment processing (if applicable): If we offer paid services directly via our website in the future, we may use third-party payment processors who will handle transactions securely.

These third parties are contractually obligated to process data securely and in accordance with applicable data protection laws, including UK GDPR and the Data Protection Act 2018.

8.2. Legal & Compliance Obligations

We may disclose personal data when required to do so by law or in response to valid legal requests from authorities such as law enforcement agencies, regulatory bodies, or courts. This may include:

• Compliance with tax, fraud prevention, or other legal obligations.
• Responding to government requests in line with applicable laws.
• Enforcing our legal rights or defending against legal claims.

8.3. Business Transfers or Mergers

If Averma is involved in a merger, acquisition, or sale of assets, personal data may be transferred as part of the transaction. We will take reasonable steps to notify users if their personal information is subject to new terms as a result of such changes.

8.4. Data Shared with Consent

Where we need to share personal data beyond the purposes outlined above, we will seek explicit consent from the individual before sharing their information with third parties.

8.5. International Data Transfers

Since Averma has clients outside the UK, we may process or store data in jurisdictions outside the United Kingdom. If we transfer data internationally, we ensure that appropriate safeguards are in place, such as Standard Contractual Clauses (SCCs) approved by the UK Information Commissioner’s Office (ICO) or other recognised legal mechanisms.

9. International Data Transfers

Averma operates primarily in the United Kingdom, but we also serve clients and partners in other countries. As a result, personal data may be transferred outside the UK and European Economic Area (EEA). This section explains how we ensure the lawful and secure transfer of personal data to international locations.

9.1. Data Transfers Outside the UK & EEA

We may transfer personal data to third parties, service providers, or clients located outside the UK and EEA in the following circumstances:

• When working with international clients who require our web design, SEO, or digital marketing services.
• When using cloud-based service providers (e.g. Microsoft 365, Google Analytics) whose servers may be located outside the UK.
• When using subcontractors or freelance professionals based in other jurisdictions to assist in project delivery.
• When required by law or in response to international legal requests.

9.2. Legal Safeguards for International Transfers

Whenever we transfer personal data outside the UK or EEA, we ensure that adequate safeguards are in place to protect your data in accordance with UK GDPR and Data Protection Act 2018 requirements. These safeguards may include:

• Standard Contractual Clauses (SCCs): If data is transferred to a country that does not have an adequacy decision from the UK Government, we implement SCCs approved by the UK Information Commissioner’s Office (ICO) to ensure data protection standards are met.
• Adequacy Decisions: If personal data is transferred to a country that the UK Government has deemed to have adequate data protection laws (e.g. the EU, EEA, Canada, Japan), no additional safeguards may be required.
• Binding Corporate Rules (BCRs): If working with multinational companies, we may rely on BCRs where applicable, ensuring that personal data is processed securely within a corporate group.
• Encryption & Security Measures: For data stored or processed outside the UK, we ensure it is encrypted and protected using industry-standard security measures.

9.3. User Rights Regarding International Transfers

If you would like more information about how your data is handled in international transfers or to request a copy of the safeguards we have in place, you can contact us via our contact form.

10. Data Retention & Storage

Averma retains personal data only for as long as necessary to fulfil the purposes for which it was collected, comply with legal obligations, resolve disputes, and enforce agreements. This section outlines how long we keep data, where it is stored, and how we ensure its security.

10.1. Data Retention Periods

We retain personal data based on the following criteria:

• Client and business communications: Retained for up to 7 years after the end of our contractual relationship for legal and tax compliance purposes.
• Contact form submissions and inquiries: Retained for 12 months after the last communication, unless a business relationship is established.
• Marketing and newsletter subscriptions: Retained until you opt out or withdraw consent.
• Analytics and website tracking data: Retained for a maximum of 26 months, in line with Google Analytics data retention policies.
• Legal and regulatory records: Retained in accordance with applicable UK laws and regulatory requirements.

If you request that we delete your personal data, we will assess whether we are legally required or permitted to retain it before proceeding with deletion.

10.2. Data Storage Locations

Personal data collected by Averma Consulting Limited is stored in the following locations:

• Microsoft Exchange (Microsoft 365) – used for storing emails and business communications.
• WordPress website backend – where contact form submissions may be temporarily stored before processing.
• Cloud-based analytics and tracking tools – such as Google Analytics and Google Search Console.
• Secure backups – stored on secure servers to prevent data loss.

Our website and hosting services are managed in the United Kingdom, but some third-party tools may process data outside the UK and EEA. In such cases, we ensure that appropriate safeguards, such as Standard Contractual Clauses (SCCs), are in place (see Section 9: International Data Transfers).

10.3. Data Security Measures

We take appropriate technical and organisational measures to protect personal data from unauthorised access, alteration, disclosure, or destruction. These measures include:

• SSL encryption for all website interactions to ensure secure data transmission.
• Access control and authentication for all systems handling personal data.
• Regular security updates to our website and hosting infrastructure.
• Data minimisation to ensure we only collect and store necessary data.
• Secure disposal of data when it is no longer required, using industry-standard deletion methods.

10.4. User Rights & Data Deletion Requests

If you would like to request the deletion of your personal data, you can do so by contacting us via our contact form. We will review your request and respond in accordance with UK GDPR requirements.

11. Your Rights Under Data Protection Law

Under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018, individuals have several rights regarding their personal data. Averma is committed to upholding these rights and ensuring transparency in how we handle personal data.

11.1. Right to Access

You have the right to request a copy of the personal data we hold about you. This is commonly known as a Data Subject Access Request (DSAR).

• You can request details of the data we collect, the purpose of processing, who we share it with, and how long we retain it.
• Requests must be made in writing via our contact form.
• We will respond within one month of receiving a valid request. If a request is complex, we may extend this by up to two additional months, in which case you will be informed.

11.2. Right to Rectification

If any personal data we hold about you is inaccurate or incomplete, you have the right to request corrections.

• You can request updates to incorrect information at any time.
• We will make the necessary changes within one month and inform you once updates are completed.

11.3. Right to Erasure (“Right to Be Forgotten”)

You have the right to request that we delete your personal data in certain circumstances, such as:

• If the data is no longer necessary for the purpose it was collected.
• If you withdraw your consent (where applicable).
• If you object to the processing, and there are no overriding legitimate grounds.
• If the data has been unlawfully processed.
• If required by legal obligations.

However, we may decline deletion requests where we need to retain data for legal, tax, regulatory, or security purposes.

11.4. Right to Restrict Processing

You can request that we temporarily suspend processing of your data if:

• You contest the accuracy of the data.
• You object to processing, and we need time to assess whether our legitimate grounds override yours.
• Processing is unlawful, but you prefer restriction over erasure.
• We no longer need the data, but you require it for legal claims.

While processing is restricted, we will only store the data and will not use it for any other purpose without your consent.

11.5. Right to Data Portability

Where processing is based on consent or contractual necessity, you can request that we provide your data in a structured, commonly used, and machine-readable format (e.g., CSV or JSON) for transfer to another service provider.

11.6. Right to Object

You can object to the processing of your personal data where:

• Processing is based on legitimate interests, and you believe your rights override our interests.
• Data is used for direct marketing purposes (we will immediately stop sending marketing communications if requested).
• Processing involves automated decision-making or profiling that produces legal or significant effects on you.

11.7. Right to Withdraw Consent

If we rely on consent to process your personal data, you can withdraw it at any time. This will not affect any processing carried out before withdrawal.

11.8. Right to Lodge a Complaint

If you believe that we have violated data protection laws, you have the right to lodge a complaint with the Information Commissioner’s Office (ICO), the UK’s independent data protection authority.

• ICO website: https://ico.org.uk
• ICO helpline: 0303 123 1113

Alternatively, you may also seek legal remedies if you believe your rights have been infringed.

12. Changes to This Privacy Policy

12.1. Policy Updates

Averma Consulting Limited reserves the right to update this Privacy Policy from time to time to reflect:

• Changes in legal or regulatory requirements.
• Updates in our business operations, services, or technologies.
• Adjustments to our data processing practices.

Any updates will be posted on this page, and where legally required, we will notify you of significant changes.

12.2. How You Will Be Notified of Changes

We will notify you of material changes to this policy in one or more of the following ways:

• Posting an updated version on our website with the “Last Updated” date at the top.
• Sending an email to users who have opted in for policy updates.
• Displaying a notice on our website when significant changes occur.

12.3. Continued Use of Our Services

By continuing to use our website, products, or services after any updates to this Privacy Policy, you acknowledge and accept the changes. If you do not agree with the updated policy, you should discontinue using our services and contact us with any concerns.

12.4. Reviewing This Policy

We encourage you to periodically review this Privacy Policy to stay informed about how we collect, use, and protect your data.

13. Contacting Us

If you have any questions, concerns, or requests regarding this Privacy Policy, you can contact us via our contact form on our website.