Privacy Policy
1. Introduction and Identity of the Data Controller
This Privacy Policy is issued by NETWISE LTD, a company registered in England and Wales, with its principal place of business at Datum House, Electra Way, Crewe, CW1 6ZF, United Kingdom (hereinafter referred to as "NETWISE LTD", "we", "us" or "our"). NETWISE LTD is the data controller in respect of all personal data collected and processed as described in this Privacy Policy.
We are committed to protecting the privacy and security of the personal data of all individuals who interact with our business, including visitors to our website at netwise.wiki, prospective clients, existing and former clients, business contacts, suppliers, contractors and members of the public who communicate with us through any channel.
This Privacy Policy is intended to provide you with clear, transparent and comprehensive information about how we collect, use, store, share and protect your personal data, and about the rights you hold in relation to that data under applicable data protection legislation. We encourage you to read this policy carefully and to contact us if you have any questions or concerns about the matters it addresses.
NETWISE LTD processes personal data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. Where we process personal data of individuals located in the European Union or European Economic Area, we also comply with the General Data Protection Regulation (EU GDPR) to the extent required by applicable law.
Our Data Protection contact point is the company director, contactable at the address above or by email at info@netwise.wiki. We do not currently have a statutory obligation to appoint a Data Protection Officer, but we take our data protection responsibilities seriously and have designated a senior member of staff to oversee compliance with applicable data protection legislation.
2. Scope of this Privacy Policy
This Privacy Policy applies to all personal data collected and processed by NETWISE LTD in the context of its business activities. This includes, without limitation:
- Personal data collected through our website at netwise.wiki, including contact forms, enquiry submissions and any cookies or tracking technologies we use;
- Personal data collected during the course of business development activities, including initial consultations, proposal development and contract negotiation;
- Personal data collected and processed in the course of delivering professional services to clients;
- Personal data of employees, contractors, consultants and associates of NETWISE LTD (which is subject to a separate internal privacy notice provided to those individuals);
- Personal data contained in business communications, whether by email, telephone, post or other means;
- Personal data obtained from publicly available sources, such as corporate registers, professional directories and publicly visible social media profiles, in the context of business development or due diligence;
- Personal data relating to suppliers and third-party service providers whose services are used in the operation of our business.
This Privacy Policy does not apply to the personal data processing activities of third-party websites or services that may be linked to from our website. We are not responsible for the privacy practices of third parties and we encourage you to review the privacy policies of any third-party websites you visit.
3. Categories of Personal Data We Collect
The categories of personal data we collect depend on the nature of your relationship with us and the circumstances of our interaction. The following sets out the main categories of personal data we may collect and process.
3.1 Identity and Contact Data
This includes your name, job title, employer or organisation name, business address, telephone number, email address and any other contact details you provide to us. We collect this data when you contact us through our website, by telephone, by email, or in person at meetings or events.
3.2 Enquiry and Communication Data
This includes the content of any messages, questions, enquiries or other communications you send to us, together with metadata such as the date and time of communication, the subject matter and any documentation or attachments provided. This data is collected when you use the contact form on our website, when you send us email, when you call us or when you communicate with us by any other means.
3.3 Professional and Organisational Data
In the context of client engagements and business development, we may collect information about your professional background, expertise and responsibilities, as well as information about your organisation including its structure, operations, technology environment and business challenges, to the extent that this is relevant to the services we are providing or considering providing. This data may include data from publicly available sources such as Companies House, LinkedIn and other professional directories.
3.4 Contractual and Financial Data
When we enter into a contract with a client, supplier or other party, we collect and retain the personal data necessary to manage and perform that contract. This may include information about the individuals named in or authorised under the contract, payment information including bank account details for invoicing and payment purposes, and records of performance under the contract.
3.5 Technical and Usage Data
When you visit our website, we may collect certain technical data automatically through the use of cookies and similar technologies, including your IP address, browser type and version, operating system, referral source, pages visited, time spent on pages, links clicked and other browsing behaviour. Please refer to our Cookie Policy for more information about our use of cookies on netwise.wiki.
3.6 Correspondence and Meeting Records
We maintain records of our correspondence with you and, where appropriate, records of meetings and discussions. These records may include notes, summaries, minutes or recordings made with the knowledge and consent of the participants.
4. How We Collect Personal Data
We collect personal data through the following primary means:
4.1 Direct Collection from You
The majority of the personal data we hold is provided to us directly by you in the course of your interaction with us. This includes data provided through the contact form on our website, data provided in email correspondence, data provided during telephone conversations, data provided at meetings and events, and data provided in the course of client engagements.
4.2 Automated Collection through Our Website
When you visit our website at netwise.wiki, certain data is collected automatically through cookies and similar technologies embedded in the website. This includes standard internet log information and details of your browsing behaviour within our website. For further information about the cookies we use and how to manage your cookie preferences, please refer to our Cookie Policy.
4.3 Collection from Publicly Available Sources
In the course of our business development activities and due diligence processes, we may collect personal data about individuals from publicly available sources. These sources include the Companies House register, the Land Registry, professional directories, published academic or industry papers, publicly visible social media profiles on platforms such as LinkedIn, and public sector registers. We rely on legitimate interests as the legal basis for this processing, as described further in Section 5 below.
4.4 Collection from Third Parties
We may receive personal data about you from third parties in limited circumstances. For example, a client organisation may provide us with the contact details of individuals within their organisation as part of the process of setting up an engagement. A referral contact may pass your details to us with your knowledge and consent. Business associates may share relevant contact information in the course of legitimate professional networking. Where we receive your data from a third party, we will inform you of this within a reasonable period of receipt, and in any event prior to our first direct communication with you.
5. Legal Bases for Processing Personal Data
Under UK GDPR, we are required to have a legal basis for each processing activity in which we engage. The legal bases we rely on are as follows:
5.1 Contractual Necessity
We process certain personal data where it is necessary for the performance of a contract to which you are a party, or in order to take steps at your request prior to entering into a contract. This applies to the personal data of clients and their representatives that is processed in the context of negotiating, entering into and performing professional services agreements, and to the personal data of suppliers and contractors processed in the context of procurement and supplier management.
5.2 Legal Obligation
We process certain personal data where we are required to do so by law. This applies, for example, to the retention of financial and accounting records as required by the Companies Act 2006 and HM Revenue and Customs requirements, the retention of employment records as required by employment law, and compliance with anti-money laundering and counter-terrorist financing requirements.
5.3 Legitimate Interests
We process certain personal data on the basis of our legitimate interests as a business, where those interests are not overridden by your rights and interests. Our legitimate interests include operating and improving our website, responding to enquiries received from prospective clients, maintaining business relationships, conducting business development activities, carrying out due diligence on prospective clients and counterparties, managing our legal obligations and protecting our legal rights, and ensuring the security of our systems and facilities. Where we rely on legitimate interests as a legal basis, we have carried out a balancing test to satisfy ourselves that our legitimate interests are proportionate and do not override the rights and expectations of the individuals concerned.
5.4 Consent
In limited circumstances, we may rely on your consent as the legal basis for processing your personal data. This applies to the use of non-essential cookies on our website, where we seek your consent through our cookie consent mechanism. Where we rely on consent, you have the right to withdraw that consent at any time without affecting the lawfulness of processing carried out prior to withdrawal.
5.5 Vital Interests
In exceptional circumstances, we may process personal data where it is necessary to protect the vital interests of an individual, for example in a medical emergency. This legal basis applies only in genuinely exceptional circumstances.
6. How We Use Personal Data
We use the personal data we collect for the following purposes:
- To respond to enquiries and communications received through our website, by email, telephone or other means;
- To assess enquiries from prospective clients and to prepare proposals and responses;
- To negotiate, draft and execute professional services agreements and other contracts;
- To deliver the professional services we have agreed to provide, including systems architecture and design, infrastructure planning, technical consulting, systems integration, digital transformation and related services;
- To manage our ongoing client relationships, including communicating project updates, issuing invoices, managing payments and resolving any disputes or issues that arise;
- To comply with our legal and regulatory obligations, including tax and accounting requirements, anti-money laundering obligations and any other applicable legal requirements;
- To manage our relationships with suppliers and other third parties whose services we use in the operation of our business;
- To maintain and improve our website at netwise.wiki, including by analysing usage data to understand how visitors use the site and to identify opportunities for improvement;
- To protect the security of our systems, premises and business information;
- To defend legal claims or to exercise our legal rights where necessary;
- To keep records of our business activities for administrative, accounting and legal purposes;
- To carry out background checks and due diligence on prospective clients, contractors and suppliers as appropriate to the nature and scale of the relationship.
7. Sharing of Personal Data
We do not sell personal data to third parties. We do not share personal data with third parties for their own marketing purposes. We share personal data only in the limited circumstances described below.
7.1 Associates and Subcontractors
In some engagements, we work with a vetted network of specialist associates and subcontractors who provide specific expertise required for the delivery of client services. Where this involves sharing client personal data with those associates, we do so only to the extent necessary for the delivery of the services, and we require those associates to process the data only for the agreed purpose and subject to appropriate confidentiality and data protection obligations.
7.2 Professional Advisors
We share personal data with our professional advisors, including legal counsel, accountants and auditors, to the extent necessary for them to provide their services to us. These parties are subject to professional duties of confidentiality and applicable data protection requirements.
7.3 Technology and Infrastructure Providers
We use a small number of technology and infrastructure service providers in the operation of our business, including email hosting providers, cloud storage services and software as a service providers. These providers may process personal data on our behalf as data processors. We select providers with appropriate security and privacy standards and ensure that data processing agreements are in place where required.
7.4 Legal and Regulatory Disclosure
We may disclose personal data to law enforcement authorities, courts, regulators or other public authorities where we are required to do so by law, or where such disclosure is necessary to protect the vital interests of an individual, to prevent or detect crime, or to protect our legal rights.
7.5 Business Transfers
In the event of a merger, acquisition, sale of assets or other business combination, personal data held by NETWISE LTD may be transferred to the successor entity as part of the transaction, subject to the continued protection of that data in accordance with applicable data protection legislation.
8. International Transfers of Personal Data
NETWISE LTD is a United Kingdom-based company and the majority of the personal data we process is held and processed within the United Kingdom. In limited circumstances, personal data may be transferred to or accessed from countries outside the United Kingdom, for example where we use cloud-based services hosted in data centres located outside the UK.
Where personal data is transferred to countries outside the United Kingdom that do not benefit from an adequacy decision by the UK Secretary of State, we ensure that appropriate safeguards are in place to protect the data, in accordance with the requirements of UK GDPR. These safeguards may include standard data protection clauses approved by the Information Commissioner's Office (ICO), binding corporate rules, or other approved transfer mechanisms.
If you would like further information about the specific safeguards in place for any international transfers of your personal data, please contact us using the details provided in Section 13 of this Privacy Policy.
9. Data Retention
We retain personal data for as long as is necessary for the purposes for which it was collected and processed, and to comply with our legal obligations. Our general approach to data retention is as follows:
9.1 Enquiries and Pre-Contract Communications
Personal data collected through the website contact form or in the course of pre-contract communications is retained for a period of twenty-four months from the date of last contact, unless the enquiry results in a contract being entered into, in which case the data is retained in accordance with the contractual and post-contractual retention periods described below.
9.2 Client Engagement Records
Personal data collected in the context of a client engagement is retained for a period of seven years from the conclusion of the engagement. This retention period reflects our legal obligations in respect of accounting and tax records, the potential for professional indemnity claims arising from our advice and services, and the practical need to maintain adequate records for the purpose of managing any ongoing support obligations.
9.3 Financial and Accounting Records
Financial records containing personal data, including invoices, payment records and expense claims, are retained for a minimum of six years in accordance with the requirements of the Companies Act 2006 and HMRC guidance.
9.4 Website Usage Data
Usage data collected through cookies and website analytics is retained for periods specified in our Cookie Policy, which does not in any case exceed twenty-six months from the date of collection.
9.5 Review and Deletion
We periodically review the personal data we hold to assess whether it remains necessary to retain it, and we delete or anonymise data that is no longer required for the purposes for which it was collected and for which there is no legal basis for continued retention.
10. Security of Personal Data
NETWISE LTD takes the security of personal data seriously. We implement appropriate technical and organisational measures to protect personal data against unauthorised access, disclosure, alteration, loss or destruction. Our security measures include, but are not limited to, the following.
Access to personal data is restricted to employees, associates and contractors who have a legitimate need to access that data in the performance of their duties, and those individuals are subject to appropriate confidentiality obligations. We use encrypted storage and communication channels for personal data. We maintain access controls and authentication requirements for systems containing personal data. We conduct periodic reviews of our security arrangements to identify and address vulnerabilities. We maintain incident response procedures to address any security breaches promptly and effectively.
While we take all reasonable steps to protect the personal data we hold, no information security system can guarantee complete security against all threats. In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the Information Commissioner's Office within seventy-two hours of becoming aware of the breach, and we will notify you directly without undue delay where the breach is likely to result in a high risk to your rights and freedoms.
11. Your Rights in Relation to Your Personal Data
Under UK GDPR, you have the following rights in relation to your personal data held by NETWISE LTD. We will respond to all rights requests within one calendar month of receipt, unless the complexity or volume of requests requires an extension of up to two further months, in which case we will inform you of the extension within the first month.
11.1 Right of Access
You have the right to request a copy of the personal data we hold about you, together with information about how we process that data. This right is subject to certain exceptions, including where disclosure would adversely affect the rights and freedoms of others.
11.2 Right to Rectification
You have the right to request that we correct any inaccurate personal data we hold about you, and to have incomplete personal data completed.
11.3 Right to Erasure
You have the right to request the deletion of your personal data in certain circumstances, including where the data is no longer necessary for the purposes for which it was collected, where you have withdrawn consent and there is no other legal basis for processing, or where the data has been unlawfully processed. This right is subject to exceptions, including where we are required to retain the data to comply with a legal obligation.
11.4 Right to Restriction of Processing
You have the right to request that we restrict our processing of your personal data in certain circumstances, for example while the accuracy of the data is being contested, or while an objection to processing is being assessed.
11.5 Right to Data Portability
Where processing is based on consent or on a contract and is carried out by automated means, you have the right to receive your personal data in a structured, commonly used and machine-readable format, and to have it transmitted to another controller where technically feasible.
11.6 Right to Object
You have the right to object at any time to the processing of your personal data where that processing is based on our legitimate interests. If you raise an objection, we will cease processing unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights and freedoms, or unless the processing is necessary for the establishment, exercise or defence of legal claims.
11.7 Right to Withdraw Consent
Where processing is based on your consent, you have the right to withdraw that consent at any time. Withdrawal of consent does not affect the lawfulness of processing carried out prior to the withdrawal.
11.8 Right to Lodge a Complaint
If you are not satisfied with how we have handled your personal data or your rights request, you have the right to lodge a complaint with the Information Commissioner's Office (ICO), which is the supervisory authority for data protection in the United Kingdom. The ICO can be contacted at the following address: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF. Telephone: 0303 123 1113. Website: ico.org.uk.
12. Children's Privacy
Our website and professional services are directed at business organisations and professional individuals. We do not knowingly collect personal data from children under the age of sixteen. If you believe that we have inadvertently collected personal data from a child under sixteen, please contact us immediately and we will take appropriate steps to delete that data.
13. Changes to this Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our data processing practices, changes in applicable law, or for other operational reasons. When we make changes, we will update the effective date at the top of this policy and, where the changes are material, we will take reasonable steps to bring them to your attention. We encourage you to review this policy periodically to stay informed about how we process your personal data.
Continued use of our website or engagement with our services following notification of changes to this Privacy Policy constitutes acceptance of those changes. If you do not agree to the amended Privacy Policy, you should cease using our website and contact us to discuss the implications for any ongoing relationship.
14. Contact Us
If you have any questions, concerns or requests relating to this Privacy Policy or to our processing of your personal data, please contact us using the following details:
NETWISE LTD
Datum House, Electra Way
Crewe, CW1 6ZF
United Kingdom
Email: info@netwise.wiki
Telephone: +44 7761 711302
We will aim to respond to all data protection enquiries within five working days. Where your enquiry constitutes a formal rights request under UK GDPR, we will respond within the statutory one-month period.
This Privacy Policy should be read in conjunction with our Cookie Policy, our Terms of Service and our Terms and Conditions, all of which are available on our website at netwise.wiki.
