GDPR Data Privacy Notice for Customers and Clients

This Notice sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed by us. Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it.

The rules on processing of personal data are set out in the General Data Protection Regulation (the “GDPR”).

1. Definitions

Consent – The individual has given clear consent for you to process their personal data for a specific purpose.

Contract – The processing is necessary for a contract you have with the individual, or because they have asked you to take specific steps before entering into a contract.

A contract does not have to be a formal signed document, or even written down as long as you both intend the terms to be legally binding and there is an element of exchange e.g. exchange of goods or services for money.

Controller– A controller determines the purposes and means of processing personal data.

Legitimate interests – The processing is necessary for your legitimate interests or the legitimate interests of a third party unless there is a good reason to protect the individual ’s personal data which overrides those legitimate interests.

Processor – A processor is responsible for processing personal data on behalf of a controller.

Data subject – Natural person.

Personal data – The GDPR applies to ‘personal data’ meaning any information relating to an identifiable person who can be directly or indirectly identified in particular by reference to an identifier (as explained in Article 6 of GDPR). For example name, passport number, home address or private email address. Online identifiers include IP addresses and cookies.

Processing – means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

2. Definitions

IBEX Innovations Ltd is the ‘controller and processor’. This means that we control your personal data and only process it for the purpose it was received.

3. The purpose(s) of processing your personal data

We require your personal data for the following purposes:

  • As part of a contract
  • And / or as part of a non-disclosure agreement
  • And / or as part of a supplier agreement
  • And / or as part of the purchasing process

4. The categories of personal data concerned

We process the following categories of your personal data and have obtained this information from you directly:

  • Name, email address, company telephone number, job title, company address

5. What is our lawful basis for processing your personal data (GDPR Article 6)?

Our lawful basis for processing your personal data


  • Processing necessary for legitimate interests because you have shown an interest in our product and technology and therefore are a potential customer.
  • Processing necessary for the performance of a contract or to take steps to enter into a contract or agreement.
  • Processing necessary for compliance with legal obligations, with regards to protecting our IP.


  • Processing necessary for the performance of a contract or to take steps to enter into a contract as part of the Supplier approval process.
  • And for ‘legitimate purposes’ so that you can provide a product, which we can purchase from you.

More information on lawful processing can be found on the ICO website.

6. Sharing your personal information

Your personal data will be treated as strictly confidential and will be shared only with employees of IBEX.

7. How long do we keep your personal data?

We keep your personal data for no longer than reasonably necessary in relation to the purpose it is being processed.

8. Your rights and your personal data

Unless subject to an exemption under the GDPR, you have the following rights with respect to your personal data:

  • The right to request a copy of the personal data which we hold about you
  • The right to request that we correct any personal data if it is found to be inaccurate or out of date
  • The right to request your personal data is erased where it is no longer necessary to retain such data
  • The right, where there is a dispute in relation to the accuracy or processing of your personal data, to request a restriction is placed on further processing
  • The right to object to the processing of personal data, (where applicable i.e. where processing is based on legitimate interests)

9. Transfer of data abroad

We do not transfer personal data outside the UK.

10. Automated decision making

We do not use any form of automated decision making in our business.

11. Further processing

If we wish to use your personal data for a new purpose not covered by this Notice then we will provide you with a new notice explaining this new use prior to commencing this processing and setting out the relevant purposes and processing conditions.

12. How to complain

If you have any concerns as to how your data is processed you can contact: Kurt March, Operations Manager at [email protected] or you can write to Kurt, marking the envelope confidential to IBEX Innovations Ltd, NETPark Plexus, Thomas Wright Way, Sedgefield, TS21 3FD.

If this does not resolve your complaint, you have the right to lodge a complaint to the Information Commissioners’ Office on 0303 123 1113 or via email or at the Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF, England if you believe that we have not complied with the requirements of the GDPR with regard to your personal data.