Privacy Policy

Last updated: 14 May 2026

This Privacy Policy explains how Pretius Ltd. collects, uses, discloses and otherwise processes your personal data when you visit our website at pretius.co.uk, contact us, or otherwise engage with our business. It is provided in accordance with Articles 13 and 14 of the UK General Data Protection Regulation (“UK GDPR“), the Data Protection Act 2018 (“DPA 2018“) and the Privacy and Electronic Communications Regulations 2003 (“PECR“).

I. Data Controller

The controller of your personal data is:

Pretius Ltd. Ealing Cross, 1st Floor 85 Uxbridge Road London W5 5TH United Kingdom

Company No.: 147557660 Governed by English law

(hereinafter referred to as the “Controller“, “we“, “us” or “our“).

II. Point of Contact

We have designated a contact person for data protection matters. You can reach us:

• by email at rodo@pretius.com
• by post at the registered address above.

Please mark any postal correspondence “Data Protection” so it is routed appropriately.

III. Purposes and Legal Bases of Processing

We process personal data for the following purposes:

1. Establishing and maintaining business relationships.
2. Marketing and promotional activities.
3. Correspondence management and communication.

Below we explain the purposes and corresponding legal bases in detail.

Establishing and maintaining business relationships

We process personal data of customers, business partners and prospective clients in order to identify and contact potential clients, provide information about our services, conduct pre-contractual communication, conclude and perform contracts, and maintain ongoing business relationships.

Legal bases:

• processing necessary to take steps at your request prior to entering into a contract, or for the performance of a contract — Article 6(1)(b) UK GDPR;
• compliance with legal obligations to which we are subject, in particular under UK tax and accounting law — Article 6(1)(c) UK GDPR;
• our legitimate interests in establishing, exercising and defending legal claims, and in maintaining business relationships within our professional network — Article 6(1)(f) UK GDPR.

We may also collect personal data during business meetings and industry events, processed solely for the purpose of fostering business relationships, on the basis of our legitimate interest (Article 6(1)(f) UK GDPR).

For business development purposes, we may collect data from publicly available sources (for example, search engines or LinkedIn) to present cooperation proposals via email, social media or telephone. This is based on our legitimate interest in expanding our business network (Article 6(1)(f) UK GDPR) or on your consent (Article 6(1)(a) UK GDPR). You may object to such processing at any time.

Where you supply your data directly to us, providing personal data is voluntary but may be necessary to conclude and perform a contract with us.

Marketing and promotional activities

We process personal data in order to inform you about our services, products and offers, promote our brand and activities, and conduct industry-related analyses to better tailor our offer.

Legal bases:

• our legitimate interest in direct marketing and brand promotion — Article 6(1)(f) UK GDPR;
• your consent, to the extent specified in its content — Article 6(1)(a) UK GDPR; and
• where applicable, Regulation 22 of PECR in relation to electronic marketing communications.

This also applies to users visiting our social media profiles, where data is processed in connection with the operation of those profiles, including publishing content, informing users about our activities and promoting events, based on our legitimate interest — Article 6(1)(f) UK GDPR.

Providing data for marketing purposes is voluntary. You may use your browser’s incognito or private mode to browse our website without sharing visit information; this does not affect your ability to use our services.

Correspondence management and communication

If you contact us by email, through our website, through social media or by traditional post, we process your personal data in order to respond to your enquiry and to ensure effective and continuous communication in ongoing matters.

Legal bases:

• our legitimate interest in handling correspondence and communication — Article 6(1)(f) UK GDPR; or, where applicable,
• your consent — Article 6(1)(a) UK GDPR — if you choose to provide additional information that is not necessary for the primary enquiry.

Providing data is voluntary but necessary for us to respond. Failure to provide data may make it difficult or impossible to process your request.

IV. Retention Periods

Personal data is processed for the following periods:

• where processing is based on our legitimate interest — until that interest ceases to exist (for example, until the relevant limitation periods expire) or until an effective objection is raised, where applicable;
• where processing is based on a contract — for the duration of the contract and thereafter for the period required by applicable law, in particular for accounting and bookkeeping purposes;
• where processing is based on a legal obligation — for the period required by that law;
• where processing is based on consent — until the purpose of processing is fulfilled or consent is withdrawn, whichever occurs first, without affecting the lawfulness of processing carried out on the basis of consent before its withdrawal.

After the above periods, data may be retained to a limited extent for evidentiary or claims-related purposes, where permitted by law.

V. Sources of Personal Data

We process personal data that we receive from you — for example, by email, through forms submitted on our website, or via cookies. In these cases you have full control over how much information you choose to share.

We may also process personal data provided to us by third parties (for example, our clients) or obtained from publicly available sources (for example, internet search engines or professional networking sites). The categories of personal data we process in this context may include: name, professional position, employer, business contact details, and publicly available information about professional experience.

VI. Recipients of Personal Data and International Transfers

Personal data may be transferred to third parties who process personal data on our behalf, such as IT service providers and providers of internal management tools. These entities process data based on a written agreement with us and only in accordance with our documented instructions.

Personal data may also be disclosed to other recipients where necessary for a specific processing purpose — for example, postal operators, banks, telecommunications providers, accountants, auditors and legal advisers. Personal data may also be disclosed to public authorities and judicial bodies where required under applicable law.

Where personal data is transferred outside the United Kingdom — for example to providers of tools such as Jira, Confluence, HubSpot or MailerLite — such transfers are carried out in accordance with Chapter V of the UK GDPR. We rely in particular on:

• UK adequacy regulations made by the Secretary of State;
• the UK International Data Transfer Agreement (IDTA); or
• the UK International Data Transfer Addendum to the European Commission’s Standard Contractual Clauses,

together, where required, with supplementary technical and organisational measures. You may request a copy of the relevant safeguards by contacting us at the address provided in Section II.

VII. Your Rights

Under the UK GDPR and the DPA 2018, you have the following rights:

• the right to be informed about the processing of your personal data;
• the right of access to your personal data;
• the right to rectification of inaccurate or incomplete data;
• the right to erasure (“right to be forgotten”) — Article 17 UK GDPR;
• the right to restriction of processing — Article 18 UK GDPR;
• the right to data portability, where applicable — Article 20 UK GDPR;
• the right to object to processing based on our legitimate interests, including an absolute right to object to processing for direct marketing purposes — Article 21 UK GDPR;
• the right not to be subject to a decision based solely on automated processing, including profiling, that produces legal or similarly significant effects concerning you — Article 22 UK GDPR;
• the right to withdraw consent at any time, without affecting the lawfulness of processing carried out on the basis of consent before its withdrawal.

To exercise any of these rights, please contact us at the details provided in Section II.

You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO), the UK’s supervisory authority for data protection:

Information Commissioner’s Office Wycliffe House, Water Lane Wilmslow, Cheshire SK9 5AF Helpline: 0303 123 1113 Website: https://ico.org.uk

VIII. Social Media and External Business Services

We process personal data in connection with our social media profiles on platforms such as Facebook, LinkedIn, X (formerly Twitter) and YouTube in order to:

• manage our profiles and pages;
• publish content and promote our activities;
• communicate with users;
• analyse user activity using tools provided by the social media platforms.

We also process personal data on external business platforms such as Clutch and Oracle for the purposes of managing our profile, communicating with users of these platforms and analysing activities carried out on our profile.

This processing is based on our legitimate interest in brand promotion and communication — Article 6(1)(f) UK GDPR.

The independent data controllers on these platforms include, among others: Meta Platforms Ireland Limited (Facebook/Instagram), LinkedIn Ireland Unlimited Company (LinkedIn), Twitter International Unlimited Company (X, formerly Twitter), and Google Ireland Limited (YouTube). In some cases we may act as a joint controller with these platforms in respect of audience insights and similar analytics; further information is available in the privacy notices published by those platforms.

IX. Cookies and Automatic Data Collection

Cookies are small text files placed on your device by websites you visit. They help websites function properly, improve performance and provide information to site owners. Our use of cookies and similar technologies is governed by PECR and, in respect of any personal data collected through them, by the UK GDPR.

We use the following categories of cookies:

• strictly necessary cookies — required for the operation of the website and exempt from the consent requirement under PECR;
• functional cookies — enable personalisation and additional features;
• analytical and performance cookies — help us analyse website traffic and performance;
• marketing (advertising) cookies — used to measure the effectiveness of marketing activities and to deliver tailored advertising.

The use of any cookies other than strictly necessary cookies requires your prior consent, which you may give, refuse or withdraw at any time using our cookie consent management platform available on the website.

We use third-party tools such as Google Analytics (GA4), Google Tag Manager, Facebook Pixel, LinkedIn Insight Tag, Leadfeeder and Dripify. These tools may process IP addresses and other online identifiers, which may constitute personal data within the meaning of the UK GDPR.

We also use social media plug-ins. Data collected through these plug-ins is transferred only between your browser and the selected social media operator and is not accessible to us. We therefore encourage you to consult the privacy policies of the respective social media platforms.

X. Security

We implement appropriate technical and organisational measures designed to protect personal data against unauthorised or unlawful processing, accidental loss, destruction or damage, in accordance with Article 32 UK GDPR. These measures are reviewed and updated as necessary to reflect the state of the art, the costs of implementation and the nature, scope, context and purposes of processing, as well as the risks to your rights and freedoms.

XI. Changes to this Privacy Policy

We may update this Privacy Policy from time to time, in particular to reflect changes in law, technology or our operations. The current version will always be available on our website, with the date of the latest update indicated at the top of this document. We encourage you to review this Privacy Policy periodically.