This Cookie Policy explains how Antillion Limited ("we", "us", "our") uses cookies and similar technologies to recognise you when you visit our website ("Site"). It explains what these technologies are, why we use them, and your rights to control their use.

What Are Cookies?
‍Cookies are small text files that are stored in your browser or on your computer's hard drive when you visit a website. Cookies help a website remember information about your visit, such as your preferences and other settings, which can make your next visit easier and the site more useful to you.Cookies can be "session cookies" (which expire when you close your browser) or "persistent cookies" (which remain on your device until deleted or they expire). Cookies can also be first-party (set by our Site) or third-party (set by a different website).

Types of Cookies We Use
We use various types of cookies to enhance your experience on our Site:

• Strictly Necessary Cookies: These cookies are essential for you to browse our Site and use its features, such as accessing secure areas of the website. Without these cookies, the services you have requested cannot be provided.
• Performance and Analytics Cookies: We use these cookies to collect information about how visitors use our Site. For example, they allow us to understand which pages are most popular and see how visitors move around the site. This information helps us improve the Site's functionality.
• Functionality Cookies: These cookies allow our Site to remember choices you make, such as your user name, language, or the region you are in. This helps us personalise your experience and make the Site more responsive to your needs.
• Third-Party Cookies: We may allow third parties, such as analytics providers or advertisers, to set cookies on your device. These third parties may use the information collected by their cookies to provide you with targeted advertisements on other websites.

Specific Cookies We Use
Below are the specific cookies used on our Site, their purpose, storage duration, and who serves them:

How We Use Cookies
‍We use cookies for a variety of reasons, including:

• To Improve User Experience: We use cookies to remember your preferences and provide personalised content, such as location-based services or tailored offers.
• To Analyse Website Usage: Cookies help us understand how visitors interact with our Site, which pages are visited most often, and how we can improve our services.
• To Ensure Website Functionality: Some cookies are essential to ensure that our Site operates correctly, including managing user logins and secure transactions.

Managing Cookies
‍You have the right to decide whether to accept or reject cookies:

• Browser Settings: You can set your browser to refuse cookies or to alert you when cookies are being sent. Please note that if you choose to refuse cookies, some features of our Site may not function properly.
• Cookie Preferences: You can manage your cookie preferences at any time by visiting our Cookie Manager. This allows you to opt in or out of different types of cookies.
• Opt-Out Links: For third-party cookies related to advertising, you can also visit sites like Your Online Choices or All About Cookies to learn more about how to manage cookies.

Consent
When you first visit our Site, we will display a cookie consent banner. By continuing to use our Site after seeing this banner, you are agreeing to our use of cookies as described in this policy. You can withdraw your consent at any time by changing your cookie preferences in our Cookie Manager.

Changes to This Cookie Policy
We may update this Cookie Policy from time to time to reflect changes in our practices or for other operational, legal, or regulatory reasons. Any changes will be posted on this page with an updated revision date. We encourage you to review this policy periodically to stay informed about our use of cookies.

At Antillion Limited, we are committed to collecting personal data only for specified, explicit, and legitimate purposes, as required by the GDPR. We collect data from our clients, suppliers, and partners through various methods, detailed below:

Personal Data
We collect the following types of personal data:

• Customer Information: When you or your organisation contracts with us for the provision of goods or services, we collect contact details of individuals within the customer organisation. This includes names, email addresses, job titles, and telephone numbers.
• Enquiries and Communications: If you contact us for any reason—such as prospective sales enquiries, responses to job advertisements, shareholder enquiries, general company information requests, or marketing enquiries—we may keep a record of your contact details. The information collected may include your name, email address, correspondence address, and telephone number.
• Marketing Database Subscription: When you request to be added to our marketing database, we collect your name, the name of your company or organisation (if applicable), your email address, and your preferences for the types of marketing information you wish to receive from us.
• Publicly Available Data: We may collect personal data from publicly accessible sources such as LinkedIn and Companies House. This data may include your name, the name of your current and former companies or organisations (if applicable), job history, and qualifications.

Technical Data
In addition to personal data, we also collect non-personal technical data to enhance your experience on our website and improve our services. This includes:

• Cookies: We use cookies and similar tracking technologies on our website to collect data automatically. Cookies help us understand your behaviour on our site, which pages you visit, and how often you return. This data helps us improve our website and provide you with a better user experience. You can manage your cookie preferences through your browser settings.
• Server Logs: Our web servers automatically record certain information when you visit our website, including your IP address, browser type, operating system, referring URLs, and other technical data. This information is used for system administration, troubleshooting, and to improve our website's performance.

Third-Party Sources

• Publicly Available Sources: We may collect personal data from publicly available sources, such as LinkedIn and Companies House. This can include your name, the name of your company or organisation (if applicable), the names of any former companies or organisations you have worked for or are connected with, and details of your job history and qualifications.
• Business Partners and Service Providers: We may also receive personal data from our business partners, service providers, and other third parties in the context of providing our services. This data is typically collected to enhance our services or to facilitate business operations.

The GDPR requires that personal data be processed lawfully, fairly, and transparently. At Antillion Limited, we use the personal data we collect for a variety of purposes, each of which is aligned with specific legal basis under GDPR.

Purpose of Data Usage

• Contractual Obligations: When you or your organisation contracts with us for the provision of goods or services, we use the personal data collected—such as contact details of individuals within your organisation—to fulfil our contractual obligations. This includes processing orders, delivering products or services, and managing our business relationship with you. Additionally, we may use this data for related internal management purposes that are compatible with the original purpose.
• Sales Enquiries: If you contact us with a prospective sales inquiry, we will use the information you provide to respond to your inquiry. This is done on the basis that we have a legitimate interest in following up on sales leads, supporting tendering activities, and maintaining accurate records for internal management purposes.
• Complaints Handling: If you make a complaint, we will use the personal data you provide to address your concerns. This is done on the basis of our legitimate interest in ensuring customer satisfaction and maintaining our competitiveness in the market.
• Marketing Communications: If you ask to be added to our marketing database, we will use your details to send marketing information in line with your stated preferences. This is done on the basis of your consent, which you can update or withdraw at any time.
• Publicly Available Data: Information collected from publicly accessible sources, such as LinkedIn and Companies House, is used to assess the legitimacy of your enquiries (e.g., verifying your role as a director of a company seeking to engage with us) and to confirm the accuracy of any key information you provide (e.g., employment history).
• Legal Obligations: We may also use personal data to fulfil our legal obligations, such as complying with tax regulations (e.g., HMRC payments) and adhering to relevant regulatory requirements (e.g., the Market Abuse Regulation).
• Website Data: If you visit our website, we may collect personal data through cookies and similar technologies to enhance your experience on our site.

Legal Basis for Data Processing
Under the GDPR, the legal bases on which we process your personal data include:

• Performance of a Contract: We process personal data to fulfil our contractual obligations to you or your organisation.
• Legitimate Interests: We process personal data based on our legitimate interests, which include managing our business relationships, responding to enquiries, handling complaints, and improving our services.
• Consent: We rely on your consent for sending marketing communications and any other data processing activities that require your explicit agreement.
• Legal Obligation: We process personal data to comply with legal obligations, such as tax reporting and regulatory compliance.

At Antillion Limited, we take the security and confidentiality of your personal data very seriously. We implement stringent measures to ensure that your data is handled securely, whether it is stored, processed, or shared.

Internal Sharing
‍Personal data collected by Antillion Limited is stored electronically, primarily within our Customer Relationship Management (CRM) system. Access to this data is strictly controlled and limited to authorised personnel within our company who need the information to perform their job functions, such as customer support, sales, and account management. We ensure that all internal data handling practices comply with GDPR standards, including data anonymisation and encryption where appropriate.

External Sharing
We may share your personal data with trusted third parties for specific purposes, including:

• Service Providers: We work with third-party service providers who assist us in operating our business and delivering our products and services. These providers may include IT support, cloud storage services, payment processors, and marketing platforms. We ensure that these third parties are GDPR-compliant and that they process your data only in accordance with our instructions.
• Business Partners: In certain cases, we may share your data with business partners who collaborate with us on providing services or developing products. This sharing is done on a need-to-know basis and only when it is essential for fulfilling our contractual obligations to you.
• Legal Compliance: We may disclose your personal data if required to do so by law or in response to valid requests by public authorities (e.g., a court or government agency). This is done to comply with legal obligations and to protect the rights, property, or safety of Antillion Limited, our customers, or others.

International Transfers
‍Antillion Limited may transfer personal data outside of the UK/EEA if required to provide services or for operational reasons, such as working with international partners or service providers. When such transfers occur, we ensure that adequate safeguards are in place to protect your data. These safeguards may include:

• Standard Contractual Clauses (SCCs): We implement SCCs in contracts with third parties to ensure that your data is protected to GDPR standards, even when transferred internationally.
• Privacy Shield Certification (where applicable): For transfers to the US, we work with partners who are Privacy Shield certified, ensuring that they comply with EU data protection standards.

Data Security Measures
‍We store your personal data securely within our electronic systems, using encryption and other security measures to protect it from unauthorised access, loss, or corruption. All electronic data is backed up daily to ensure recoverability in the event of an IT-related incident. Additionally, if any personal data is stored in paper format, it is kept in a secure location with access restricted to relevant personnel only.

Antillion Limited is committed to maintaining a high standard of cybersecurity. We have achieved Cyber Essentials Plus accreditation through our participation in the UK government-backed Cyber Essentials scheme, which helps organisations protect themselves against common online threats. While we strive to implement the highest security standards, it is important to note that no computer system is entirely secure, and there is always a degree of risk when personal data is transmitted electronically.

At Antillion Limited, we take the security of your data very seriously. We have implemented a range of robust internal policies and controls designed to protect personal data from loss, accidental destruction, misuse, or unauthorised disclosure. These measures ensure that your data is only accessed by authorised personnel in the performance of their duties.

Security Measures
‍We employ various security measures to safeguard personal data, including:

• Internal Policies and Controls: Antillion has established comprehensive internal policies and controls to prevent the loss, accidental destruction, misuse, or unauthorised disclosure of your data. Access to personal data is restricted to employees who need the information to perform their duties, and their access is regularly reviewed to align with their role requirements.
• Encryption: We use encryption to protect personal data, ensuring that it remains confidential and secure during both storage and transmission.
• Access Controls: Access to personal data is strictly controlled. Only authorised personnel, such as employees and contractors, who need the information to perform their job functions, are granted access. These access rights are regularly reviewed and adjusted to meet the evolving needs of the organisation.
• Secure Data Storage: Personal data is stored in secure electronic systems, protected by advanced security protocols. We also maintain secure backup systems to ensure that data can be recovered in the event of an IT-related incident. Any personal data stored in paper format is kept in a secure location with restricted access.
• Third-Party Processing: Where Antillion engages third parties to process personal data on our behalf, we do so on the basis of written instructions. These third parties are under a duty of confidentiality and are obliged to implement appropriate technical and organisational measures to ensure the security of the data they process.
• Incident Management: We are committed to preventing security incidents and managing them effectively should they occur. All breaches of information security, whether actual or suspected, are reported, investigated, and addressed in accordance with our incident management procedures.
• Compliance: We meet all applicable legal, regulatory, and contractual obligations related to data security. Our security practices are continuously reviewed to ensure they are up-to-date and comprehensive.
• Security Awareness: We foster a culture of security awareness across the company. Regular training and awareness programs are conducted to enhance the security skills of our employees and to ensure that they understand their responsibilities regarding data security.

Data Breach Handling
In the event of a data breach, Antillion Limited follows a structured approach to minimise the impact and comply with legal requirements:

• Immediate Response: We promptly assess the nature and scope of the breach, take immediate steps to contain it, and mitigate any potential damage.
• Investigation and Reporting: We conduct a thorough investigation to determine the cause of the breach and the extent of the data compromised. All relevant authorities, including the Information Commissioner’s Office (ICO), are notified in accordance with GDPR requirements.
• Communication: Affected individuals are informed of the breach if it poses a high risk to their rights and freedoms, providing them with timely and accurate information on the steps they can take to protect themselves.
• Continuous Improvement: Following a breach, we review and update our security practices to prevent future incidents. Lessons learnt from the breach are integrated into our ongoing security efforts.

Responsibilities

• Top Management: Ensures that our security practices align with the strategic direction of the company and provide the necessary resources for their effective implementation.
• Security Team: Oversees the development, implementation, and maintenance of security measures, ensuring they remain effective and up-to-date.
• Managers are responsible for implementing security practices within their areas of work and ensuring adherence by their teams.
• Employees must comply with security policies and procedures and report any security incidents or concerns promptly.

In general, we retain personal data for up to 7 years after it is no longer needed for the purposes for which it was initially collected. This extended retention period allows us to address potential legal claims and comply with other legal obligations.

However, there are exceptions to this general rule:

• Legal Requirements: If the law requires us to retain your personal data for a longer or shorter period, we will comply with those legal obligations.
• Erasure Requests: If you exercise your right to have your personal data erased (where applicable) and we no longer need to retain it for any legal, contractual, or other permitted reasons, we will delete your data sooner.
• Ongoing Legal Proceedings: If we are involved in legal proceedings during the retention period, we will retain your personal data until the conclusion of those proceedings, including any possible appeals.
• Regulatory Requirements: In some cases, existing or future laws, regulations, or court orders may require us to retain your personal data for a longer or shorter period than our standard retention timeframe.

Data deletion and anonymisation
Once personal data is no longer required for the purposes for which it was collected and we are not legally obligated to retain it, we will either delete it or anonymise it. Anonymisation involves modifying the data so that it can no longer be associated with an identifiable individual. This ensures that your personal information is no longer accessible or usable for any purpose.

Under the General Data Protection Regulation (GDPR), you have a number of rights regarding your personal data. These rights allow you to have greater control over the personal information we hold about you. Below is a summary of your key rights:


‍Your Data Subject Rights
‍
Right to Transparency: You have the right to be informed about how we collect, use, and store your personal information. This privacy policy is part of our effort to provide clear and transparent information about our data practices.


Right of Access: You can request access to your personal data at any time. This is commonly known as a “data subject access request.” It allows you to receive a copy of the personal data we hold about you and check that we are processing it lawfully. Requests for access are generally fulfilled free of charge within 30 days, unless the request is excessive or unfounded, in which case we may charge a reasonable fee or refuse the request.

Right to Rectification: If the personal data we hold about you is inaccurate or incomplete, you have the right to request that we correct it. We may need to verify the accuracy of the new data you provide to us.


Right to Erasure: Also known as the "Right to be Forgotten," this right allows you to request the deletion or removal of your personal data when there is no longer a legitimate reason for us to keep it. This right also applies if you successfully exercise your right to object to processing, if your data has been unlawfully processed, or if we are required to erase your personal data to comply with the law. Please note that we may not always be able to comply with your request for specific legal reasons, which will be communicated to you at the time of your request.


Right to Restriction of Processing: You have the right to request a restriction on processing your personal data. This means we can store your data but not use it. You can exercise this right in the following circumstances:

• You want us to verify the data’s accuracy.
• The data has been unlawfully processed, but you do not want it erased.
• We no longer need the data, but you want us to keep it to establish, exercise, or defend legal claims.
• You have objected to our use of your data, but we need to verify whether we have overriding legitimate grounds to use it

Right to Data Portability: You can request the transfer of your personal data to you or a third party in a structured, commonly used, machine-readable format. This right applies only to automated data that you initially provided consent for us to use or where we used the data to perform a contract with you.


Right to Object: You have the right to object to our processing of your personal data where we rely on a legitimate interest (or those of a third party) if you feel it impacts your fundamental rights and freedoms. You also have the right to object if we process your personal data for direct marketing purposes. In some cases, we may demonstrate that we have compelling, legitimate grounds to process your information that override your rights and freedoms.


Rights Related to Automated Decision-Making and Profiling: You have the right not to be subject to decisions based solely on automated processing, including profiling, which produce legal effects concerning you or similarly significantly affect you.


Right to Withdraw Consent: If we rely on your consent to process your personal data, you have the right to withdraw that consent at any time. However, withdrawing consent will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you, and we will inform you if this is the case.


Right to lodge a complaint

‍If you believe that your personal data has been misused or that we have not upheld your rights, you have the right to lodge a complaint with a data protection regulator. In the UK, this is the Information Commissioner’s Office (ICO). We encourage you to contact us first so we can address your concerns.


Information Commissioner's Office (ICO)

website: www.ico.org.uk

Our website may contain links to other websites that we believe may be of interest to you. However, please be aware that once you follow a link to an external website, this privacy policy no longer applies. The privacy practices of those other websites are beyond our control, and we encourage you to review the privacy policy of each website you visit before submitting any personal data. Antillion Limited is not responsible for the protection and privacy of any information you provide while visiting such sites.

We may update this privacy policy from time to time, particularly to reflect changes in the law or our business practices. Any changes will be posted immediately on our website, and the updated policy will be effective from the time it is published. By continuing to use our website or engage in business with us after these changes are posted, you are agreeing to the revised terms of the Privacy Policy.

We recommend that you review this page periodically to stay informed about how we are protecting your personal data.

How to Contact Us
‍

If you have any questions, concerns, or requests regarding this privacy policy or how we handle your personal data, please feel free to contact us using the details below:

Telephone: +44 117 313 7080

Email: sales@antillion.com

Postal Address:

Antillion UK

Rio House

715 Waterside Drive

Aztec West

Bristol

BS32 4UD

United Kingdom

We are committed to addressing your enquiries promptly and thoroughly.