Website and Customer Privacy Notice

Website and Customer Privacy Notice

Last updated: [14 July 2026]


1. Who We Are

Stylux Limited (‘Stylux’, ‘we’, ‘us’ or ‘our’) is a company registered in England and Wales under company number 12874853. Our registered office is 423 Rush Green Road, Romford, London, England, RM7 0NH. We provide website development, branding, digital marketing, CRM, database, Moodle and learning-management, cloud, managed-support and related technology services.

For questions about this notice, data-protection rights or complaints, contact our Data Protection Contact at info@stylux.uk or write to the registered office above.


2. When this notice applies

This notice applies when Stylux determines why and how personal information is used, including information about website visitors, prospective and current clients, client contacts, suppliers, event participants, newsletter subscribers, support users and other business contacts.

When Stylux processes personal information solely on a client’s documented instructions—for example, while hosting or supporting a client CRM or Moodle platform—the client is normally the controller and Stylux is the processor. That processing is governed by the client agreement and Data Processing Agreement. Individuals should usually direct platform-specific rights requests to the relevant client organisation.


3. Personal information we collect

  • Identity and contact information, including name, organisation, role, address, email address and telephone number.
  • Enquiry, proposal and contract information, including requirements, communications, approvals and project records.
  • Account and support information, including usernames, permissions, tickets, diagnostic information and system logs. Passwords should be stored only in appropriately protected systems.
  • Financial and transaction information, including invoices, payments, refunds and tax information. Payment-card details are handled by authorised payment providers rather than stored by Stylux where possible.
  • Technical and usage information, including IP address, device, browser, referral source, website activity and cookie choices.
  • Marketing preferences and records of consent, objections and unsubscribes.
  • Security information, including authentication events, suspected misuse and incident records.
  • Information supplied through client systems where Stylux acts as processor, which may include learner, employee, customer or service-user information specified by the client.

4. Sources of information

We collect information directly from you through forms, email, telephone calls, meetings, contracts, support requests and use of our services. We may also receive business-contact information from your employer or organisation, referrals, professional networks, public business sources, event partners and authorised service providers. Where required, we provide privacy information within the applicable legal period.


5. Purposes and lawful bases

PurposeTypical lawful basis
Responding to enquiries and preparing proposalsSteps requested before a contract; legitimate interests in operating our business
Providing, administering and supporting servicesContract; legitimate interests; legal obligations
Client relationship and account managementContract; legitimate interests in service delivery and communication
Billing, payments, tax and accountingContract; legal obligation; legitimate interests in debt management
Website security, fraud prevention and diagnosticsLegitimate interests in protecting systems, users and services; recognised legitimate interests where applicable
Analytics and non-essential cookiesConsent where required by PECR; applicable statutory cookie exceptions where conditions are met
Email marketing to individualsConsent or the lawful soft opt-in where available; legitimate interests for the related UK GDPR processing
Relevant B2B marketing to corporate subscribersLegitimate interests, with a clear opt-out and suppression record
Managing complaints and legal claimsLegal obligation; legitimate interests in resolving disputes and protecting legal rights

Where we rely on legitimate interests, those interests include operating and improving our services, communicating with business contacts, protecting systems, preventing fraud, maintaining records and establishing or defending legal claims. We assess whether those interests are outweighed by the rights and interests of affected people, except where the law recognises an interest without requiring that balancing test.


6. Marketing

We do not add people to marketing lists merely because they submit a service enquiry. Where consent is required, marketing consent is specific, optional and separate from service delivery. Every marketing email includes an unsubscribe method. We maintain a limited suppression record when someone opts out so that we can respect the request.


7. Sharing personal information

We share information only where reasonably necessary with authorised staff, professional advisers, payment providers, hosting and infrastructure providers, analytics and advertising providers, communications and productivity providers, CRM and support systems, scheduling and review platforms, learning-technology providers, regulators, courts and public authorities where legally required. Our principal service-provider categories and current sub-processors are described in the Sub-processor List.

We do not sell personal information.


8. International transfers and overseas operations

Stylux has business locations or contacts outside the UK, including Pakistan and the United Arab Emirates. Personnel operating from those locations do not have access to UK customer systems. Access controls, role separation and authentication measures are used to maintain that restriction.

Some cloud providers may process or make support access to information from outside the UK. Where a restricted transfer occurs, we use an applicable UK adequacy regulation, the UK International Data Transfer Agreement, the UK Addendum to approved EU Standard Contractual Clauses or another lawful safeguard, together with a transfer-risk assessment where required. Further information about the relevant safeguard is available on request, subject to security and confidentiality limitations.


9. Retention

RecordTypical retention period
Unsuccessful enquiries and proposalsUp to 24 months after the last meaningful contact
Client contracts, project and account recordsContract term plus up to 6 years, or longer where a claim or legal duty requires
Invoices, credit notes and accounting recordsNormally 6 years after the relevant accounting period
Support tickets and routine technical logsUsually 12–24 months; security logs may be retained longer where justified
Marketing consent and suppression recordsWhile marketing continues; suppression records retained as necessary to respect opt-outs
Cookie and consent recordsFor the period stated in the Cookies Policy and as needed to demonstrate choices
Processor-held client dataAs instructed by the client and stated in the applicable DPA or service schedule

We may retain information longer where litigation, fraud prevention, safeguarding, regulatory action or another legal requirement reasonably requires it. We delete, anonymise or securely archive information when no longer needed.


10. Security

We use proportionate technical and organisational measures, including access controls, multi-factor authentication where available, encryption in transit, secure credential management, system updates, logging, backups where contracted, staff confidentiality and supplier review. No internet service is completely risk-free, but this does not reduce our legal responsibility to apply appropriate security.


11. Your rights

Depending on the circumstances, you may have rights to access, correct or erase information; restrict or object to processing; receive portable data; withdraw consent; and obtain safeguards relating to certain automated decisions. Withdrawal of consent does not affect processing already carried out lawfully. Rights may be limited by exemptions or by the lawful basis used.

To exercise a right, email info@stylux.uk. We may request proportionate information to confirm identity and authority. We normally respond within one month, subject to lawful extensions.


12. Data-protection complaints

You can make a data-protection complaint by emailing info@stylux.uk with the subject ‘Data Protection Complaint’ or by writing to our registered office. We will acknowledge the complaint within 30 days, make appropriate enquiries, keep you informed and communicate the outcome without undue delay. You may also complain to the Information Commissioner’s Office at https://ico.org.uk/make-a-complaint/.


13. Children and education platforms

Our corporate website is not directed at children. When we provide or support an education platform, the education provider normally determines the purposes of processing and is the controller. We process learner information only on documented instructions and apply age-appropriate, privacy-by-design and security considerations to services likely to be used by children. We do not use client learner data for our own advertising.


14. Automated tools and artificial intelligence

Stylux may use automation or artificial-intelligence tools to assist with drafting, diagnostics, coding, support triage or service improvement. We do not place confidential client information or personal information into an AI service unless authorised, necessary, appropriately protected and consistent with the client agreement. We do not currently make solely automated decisions about website users that produce legal or similarly significant effects. We will update this notice before introducing materially different processing.


15. Changes

We review this notice regularly. Material changes will be identified on this page and, where appropriate, communicated directly before the new processing begins.