Privacy Policy | Xiphranneuphex United Kingdom

Overview and scope

This Privacy Policy explains how Xiphranneuphex (“we”, “us”, “our”) processes personal data when you use the website at https://xiphranneuphex.world/ (the “Site”), contact us, or interact with optional cookies and communications. We process personal data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

The Policy applies to visitors, enquirers, and anyone who submits information through our contact channels. It does not cover third-party websites that we link to; those services have their own privacy notices. If you use our Site only to browse public pages and you do not submit forms or accept optional cookies, we still process limited technical data as described under server logs and strictly necessary operations.

We describe what we collect, why we use it, how long we keep it, who we share it with, and your rights. We avoid unnecessary data collection and review our practices when we update features or suppliers.

Where we use optional analytics or advertising technologies (for example to measure visits from online campaigns), we only activate them when permitted by law and, where required, when you have given consent through our cookie controls. We do not use such tools to circumvent your choices.

Data controller and contact details

The data controller responsible for personal data processed through the Site is:

Legal name: Xiphranneuphex
Registered address: 40-41 Rathbone Pl, London, W1T 1HX, United Kingdom
Country: United Kingdom
Phone: +44 20 7792 9090
Email: callback@xiphranneuphex.world
Website: https://xiphranneuphex.world/

For privacy enquiries, including requests to exercise your rights, please email us using the address above. We may ask for reasonable information to confirm your identity before responding, such as matching your email address to a recent enquiry or requesting a brief verification step where we have security concerns. We do not charge a fee for ordinary requests unless they are manifestly unfounded or excessive, in which case we may charge a reasonable fee or refuse the request, explaining our reasons.

We do not require you to create an account to read general lifestyle information on the Site. Account-style features, if introduced later, will be described in an updated Policy before they affect your data.

Categories of personal data

Depending on how you use the Site, we may process the following categories of personal data:

Identity and contact data

Name, email address, telephone number if you provide it, postal address if you include it in a message, and similar identifiers you choose to share.

Communication content

The text of enquiries submitted through contact forms or email, including attachments if you send them, and notes we record internally to respond consistently.

Technical and usage data

IP address, browser type and version, device type, approximate location derived from IP, pages viewed, referring URLs, timestamps, and similar diagnostics collected through server logs or analytics technologies if you consent to analytics cookies.

Cookie and similar technologies data

Identifiers stored on your device when permitted, as described in our Cookie Policy, including consent preferences and session identifiers.

Marketing preferences

Records of consent, opt-outs, and communication preferences where applicable, including unsubscribe events and proof of consent where required.

We do not intend to collect special categories of personal data (such as data about health) through the Site. Please avoid sending sensitive information unless we explicitly request it for a defined purpose. If you voluntarily include sensitive details in a free-text message, we will treat such content carefully and delete it when not needed.

Sources of personal data

We obtain personal data directly from you when you submit forms, send email, or call us. We also receive technical data automatically when your browser accesses the Site and, where permitted, through cookies and similar technologies. Occasionally we may receive information from analytics or email delivery providers in aggregated or pseudonymous form.

If another person submits a form on your behalf, we will assume they have authority to share your details unless we learn otherwise. You may ask us to correct or delete inaccurate data as described in your rights section.

Purposes and legal bases for processing

We process personal data for the following purposes and on the following legal bases under UK GDPR:

Responding to enquiries and delivering information you request (legal bases: performance of a contract or steps prior to a contract at your request; legitimate interests in managing communications).
Operating, securing, and improving the Site (legal bases: legitimate interests in reliability and security; legal obligations where applicable).
Compliance with law and regulatory requests (legal basis: legal obligation).
Analytics in aggregate form (legal basis: consent where non-essential cookies or similar technologies are used).
Marketing communications (legal basis: consent where required; soft opt-in only where permitted by law and clearly described).
Establishing, exercising, or defending legal claims (legal basis: legitimate interests).

Where we rely on legitimate interests, we balance our interests against your rights and expectations. You may object to processing based on legitimate interests as described in Section on your rights. We document key decisions where processing could significantly affect individuals.

Recipients and categories of recipients

We may share personal data with:

Service providers who assist with hosting, email delivery, analytics (where consented), customer relationship tools, and IT security, bound by contractual confidentiality and data-processing terms that require them to protect information and use it only for specified purposes.
Professional advisers such as lawyers and accountants where required for legal compliance or corporate transactions.
Authorities when disclosure is necessary to comply with law or valid legal process.

We do not sell your personal data. We may disclose aggregated anonymised statistics that cannot identify you. If we merge with or are acquired by another entity, personal data may transfer subject to the same or materially similar protections, and we will notify you where required.

International transfers

If we transfer personal data outside the United Kingdom, we will ensure appropriate safeguards are in place, such as the UK International Data Transfer Agreement, UK Addendum to the EU Standard Contractual Clauses, adequacy regulations where applicable, or another lawful transfer mechanism. We assess transfer risks for relevant countries and providers, and we rely on supplementary measures where appropriate.

You may request a summary of safeguards we use for a specific transfer by contacting us. Where a provider cannot meet UK standards, we will change providers or stop the transfer where feasible.

Retention periods

We retain personal data only as long as necessary for the purposes described in this Policy, unless a longer period is required by law. Indicative retention periods include:

Enquiry and contact records: up to twenty-four months after the last interaction unless a longer period is needed to resolve an ongoing matter.
Contract and billing records (if applicable): up to seven years from the end of the relevant tax or contractual period, unless a different statutory period applies.
Server and security logs: typically up to ninety days, unless extended for incident investigation.
Analytics data tied to cookies: in line with vendor settings and your consent status, often up to twenty-six months for aggregated analytics where used.
Marketing consent records: for the duration of consent plus a short period to demonstrate compliance after withdrawal.

When retention ends, we delete or anonymise personal data in a secure manner. Backup systems may retain copies for a limited technical period before they are overwritten.

Security measures

We implement appropriate technical and organisational measures designed to protect personal data against unauthorised access, alteration, disclosure, or destruction. Measures may include access controls, encryption in transit where appropriate for services we operate, secure development practices, malware protection on managed endpoints, logging and monitoring, and staff training on confidentiality.

We limit access to personal data to personnel and service providers who need it for their roles. We review access periodically and respond to suspected incidents in line with UK guidance. No method of transmission over the internet is completely secure; we encourage you to use strong passwords and protect your devices.

Your rights

Subject to UK GDPR conditions, you may have the following rights:

Right of access: request a copy of the personal data we hold about you.
Right to rectification: request correction of inaccurate or incomplete data.
Right to erasure: request deletion where applicable.
Right to restriction of processing: request that we limit processing in certain cases.
Right to data portability: receive certain data in a structured, commonly used, machine-readable format where processing is based on consent or contract and carried out by automated means.
Right to object: object to processing based on legitimate interests or to direct marketing.
Rights related to automated decision-making: including profiling that produces legal or similarly significant effects, where such processing occurs (we do not intend to use solely automated decisions with legal effects on this Site).
Right to withdraw consent where processing is based on consent, without affecting the lawfulness of processing before withdrawal.

You may exercise these rights by contacting us using the details in the contact section. We aim to respond within one month, subject to extension for complex requests as permitted by law. You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO) in the United Kingdom: https://ico.org.uk/.

Automated decision-making and profiling

We do not use solely automated decision-making that produces legal or similarly significant effects in relation to visitors to the Site. If we introduce profiling for analytics or marketing, we will describe the logic and consequences in an updated Policy and obtain consent where required.

Children

The Site is directed to adults. We do not knowingly collect personal data from children without appropriate parental authority. If you believe a child has provided personal data, please contact us and we will take steps to delete it where appropriate.

Marketing and communications

Where we send optional updates about swimming sessions or resources, we rely on consent or another permitted basis. Every marketing email includes an unsubscribe link. You may also contact us to opt out. We will not sell your personal data to third-party marketers.

Complaints and supervisory authority

If you have concerns about how we handle personal data, please contact us first so we can resolve the matter. You have the right to lodge a complaint with the ICO in the United Kingdom without prejudice to any other administrative or judicial remedy.

Changes to this Privacy Policy

We may update this Policy to reflect legal, technical, or business changes. The “Last updated” date will change accordingly. Material changes may be communicated through the Site or by email where appropriate. Continued use of the Site after changes constitutes acceptance of the updated Policy where permitted by law.

Contact

For questions about this Privacy Policy or our processing activities, contact us at callback@xiphranneuphex.world or write to Xiphranneuphex, 40-41 Rathbone Pl, London, W1T 1HX, United Kingdom.