Privacy Policy

Last updated: 1 May 2025

1. Introduction and Controller Identity

CoinBrumblex Ltd ("CoinBrumblex", "we", "us", "our") is a company registered in England and Wales, with its principal place of business at 47 Moorgate Street, London, EC2M 6SQ. We are the data controller in respect of personal data collected through this website and through our consulting services.

We are committed to protecting your personal information and to being transparent about how we collect, use, and share it. This Privacy Policy explains your rights under UK GDPR and the Data Protection Act 2018, and how you may exercise them. If you have any questions, please contact us at [email protected].

2. Data We Collect

We may collect the following categories of personal data when you interact with our website or engage with our services:

• Identity data: your full name, job title, and professional role where provided.
• Contact data: your email address, telephone number, and postal address.
• Usage data: information about how you access and use our website, including your IP address, browser type and version, time zone, operating system, and pages visited.
• Communication data: the content of any messages, enquiries, or correspondence you send us via our contact forms or by email.
• Cookie and tracking data: information collected through cookies and similar technologies as described in our Cookie Policy.
• Marketing preferences: your preferences regarding receiving marketing communications from us.

We do not intentionally collect special category data (such as health information, racial or ethnic origin, or religious beliefs) through this website. If you inadvertently include such data in a communication to us, we will handle it with appropriate care and delete it once no longer required.

3. How and Why We Use Your Data

We use your personal data only where we have a lawful basis to do so under UK GDPR. The lawful bases we rely on are as follows:

• Performance of a contract: to respond to enquiries, provide consulting services, and fulfil our contractual obligations to clients.
• Legitimate interests: to improve our website, prevent fraud, ensure network security, and send direct marketing to existing clients where our interests are not overridden by your rights.
• Consent: where we ask for your permission, for example when setting non-essential cookies or sending email marketing to prospective clients.
• Legal obligation: where we are required by law to process your data, for example for tax, accounting, or regulatory compliance purposes.

4. Data Sharing and Third Parties

We do not sell, rent, or trade your personal data to third parties. We may share your data in the following limited circumstances:

• Service providers: third-party companies that assist us in operating our website and delivering our services, including hosting providers, email platforms, and analytics vendors. These parties process data on our behalf under strict data processing agreements.
• Professional advisers: solicitors, accountants, auditors, and insurers who provide professional services to CoinBrumblex under duties of confidentiality.
• Regulatory and law enforcement authorities: where required by law, court order, or other legal process, or where necessary to protect our legal rights.
• Business transfers: in the event of a merger, acquisition, or sale of all or part of our business, your data may be transferred to the relevant third party subject to appropriate confidentiality protections.

5. International Transfers

Your personal data is primarily stored and processed within the United Kingdom and the European Economic Area. Where we transfer data to countries outside these territories, we ensure that appropriate safeguards are in place, such as the use of Standard Contractual Clauses approved by the UK Information Commissioner's Office, or reliance on an adequacy decision. You may request details of these safeguards by contacting us at the address below.

6. Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected, including satisfying any legal, accounting, or reporting obligations. Our general retention periods are as follows:

• Website enquiry data: up to 24 months from the date of last contact, unless you become a client.
• Client engagement data: up to 7 years from the end of the engagement in accordance with our legal obligations.
• Cookie and analytics data: as specified in our Cookie Policy, typically 12 to 24 months.

When data is no longer required, it is securely deleted or anonymised so that it can no longer be associated with you.

7. Your Rights

Under UK GDPR, you have the following rights in relation to your personal data, which you may exercise free of charge:

• Right of access: to receive a copy of the personal data we hold about you.
• Right to rectification: to have inaccurate or incomplete data corrected.
• Right to erasure: to request deletion of your data in certain circumstances.
• Right to restrict processing: to request that we limit how we use your data in certain circumstances.
• Right to data portability: to receive your data in a structured, machine-readable format where processing is based on consent or contract.
• Right to object: to object to processing based on legitimate interests or for direct marketing purposes.
• Rights related to automated decision-making: not to be subject to decisions made solely by automated means where those decisions have a significant effect on you.

To exercise any of these rights, please contact us at [email protected]. We will respond within one calendar month. You also have the right to lodge a complaint with the UK Information Commissioner's Office (ICO) at www.ico.org.uk if you believe we have not handled your data lawfully.

8. Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, accidental loss, alteration, or disclosure. These measures include the use of encrypted connections (HTTPS), restricted staff access, and regular security reviews. However, no transmission of data over the internet is entirely secure, and we cannot guarantee absolute security. If you suspect that your data has been compromised, please notify us immediately at [email protected].

9. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or applicable law. When we make material changes, we will update the "Last updated" date at the top of this page. We encourage you to review this policy periodically. Your continued use of our website after any changes constitutes your acknowledgement of the updated policy.