Privacy Policy

1. Who We Are

HorizonFlow ("we", "us", "our") is a sole trader business providing workflow automation services, based in Rochdale, Greater Manchester, United Kingdom. We are the data controller for personal data collected through this Website.

Contact:  ·  Website: https://horizonflow.co.uk

We are committed to protecting your privacy and handling your personal data responsibly, transparently, and in full compliance with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018 (DPA 2018), and the Data (Use and Access) Act 2025 (DUAA 2025).

2. What Personal Data We Collect

Contact Form Submissions

When you submit our contact form, we collect: your full name, email address, company name, company website (if provided), industry type (if provided), a description of any business challenges you share (if provided), and the content of your message.

Website Usage Data

We may collect technical data about your visit to this Website, including your IP address, browser type and version, operating system, referring URL, pages visited, and time and date of your visit. This data may be collected through essential cookies and, where you have consented, analytics tools.

Communications

If you contact us directly by email or other means, we will collect and retain the information contained in those communications for the purpose of responding to you and managing our business relationship with you.

Service Delivery

Where you engage HorizonFlow for services, we may collect additional personal and business data necessary to deliver the agreed services, as set out in the applicable service agreement.

3. How We Use Your Personal Data

We use your personal data for the following purposes:

• To respond to your enquiry and communicate with you about our services
• To prepare and deliver bespoke automation proposals and service agreements
• To fulfil our contractual obligations to you as a client
• To improve the quality and content of this Website
• To comply with our legal obligations under UK law
• To maintain accurate business records as required by applicable law and regulation

We do not use your personal data for automated decision-making or profiling that produces legal or similarly significant effects on you.

4. Lawful Basis for Processing

We process your personal data on the following lawful bases under UK GDPR Article 6:

• Consent — where you have explicitly consented to processing (for example, by ticking the consent checkbox on our contact form)
• Contract — where processing is necessary to fulfil a contract with you, or to take pre-contractual steps at your request
• Legal obligation — where processing is necessary to comply with a legal obligation to which we are subject
• Legitimate interests — where we have a legitimate business interest that does not override your fundamental rights and freedoms (for example, improving our Website and maintaining business records)

5. How Long We Keep Your Data

We retain personal data for no longer than is necessary for the purposes for which it was collected:

• Contact form enquiries that do not result in a contract: retained for up to 12 months from receipt, then securely deleted
• Client records, correspondence, and financial records relating to a service engagement: retained for up to 6 years after the end of the engagement, in line with the Limitation Act 1980 and HMRC requirements
• Website analytics data: as configured in the analytics tools used, typically 14–26 months from collection

After the applicable retention period, personal data is securely and permanently deleted or anonymised so that it can no longer be attributed to you.

6. Who We Share Your Data With

We do not sell, rent, or trade your personal data to any third party under any circumstances. We may share your data only in the following limited circumstances:

• With trusted service providers who assist us in operating this Website and delivering our services (such as hosting providers and email delivery services), who are contractually bound by data processing agreements to process your data only in accordance with our instructions
• With law enforcement agencies, regulatory bodies, or courts where we are legally required to do so

All third-party service providers are carefully selected and are required to implement appropriate technical and organisational measures to protect your data.

7. International Data Transfers

We aim to keep all personal data within the United Kingdom or the European Economic Area (EEA). Where data is transferred outside these areas — for example, if a third-party service provider operates internationally — we ensure appropriate safeguards are in place in accordance with UK GDPR Chapter V, including adequacy decisions issued by the UK Secretary of State or standard contractual clauses.

8. Your Rights Under UK GDPR

You have the following rights regarding your personal data held by HorizonFlow:

• Right of access — you may request a copy of the personal data we hold about you (Subject Access Request)
• Right to rectification — you may request correction of any inaccurate or incomplete personal data
• Right to erasure — you may request deletion of your personal data in certain circumstances ("right to be forgotten")
• Right to restrict processing — you may request that we limit how we use your personal data in certain circumstances
• Right to data portability — you may request your personal data in a structured, machine-readable format where technically feasible
• Right to object — you may object to processing based on legitimate interests or for direct marketing purposes
• Right to withdraw consent — where processing is based on your consent, you may withdraw it at any time without affecting the lawfulness of processing carried out prior to withdrawal

To exercise any of these rights, please contact us at . We will respond within one calendar month as required by UK GDPR Article 12. We may need to verify your identity before processing your request.

9. Cookies

This Website uses cookies. Please refer to our Cookie Policy for full details of the cookies we use, their purpose, and how to manage your preferences.

10. Security

We take the security of your personal data seriously and implement appropriate technical and organisational measures to protect it against unauthorised access, disclosure, alteration, or accidental loss. These measures include secure HTTPS connections, access controls, and secure data storage practices.

While we take all reasonable steps to protect your data, no method of transmission over the internet or electronic storage is completely secure. In the unlikely event of a personal data breach that poses a risk to your rights and freedoms, we will notify the Information Commissioner's Office (ICO) within 72 hours and will notify affected individuals without undue delay, as required by UK GDPR Articles 33 and 34.

11. Children's Privacy

This Website and our services are directed at businesses and are not intended for individuals under the age of 18. We do not knowingly collect personal data from children. If you believe we have inadvertently collected personal data from a child, please contact us immediately at and we will take steps to delete it promptly.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable law. The most current version will always be published on this page with the date of the most recent update. We recommend reviewing this policy periodically. Material changes will be communicated to existing clients directly where practicable.

13. Complaints

If you have concerns about how we handle your personal data that we have not resolved to your satisfaction, you have the right to lodge a complaint with the UK's supervisory authority for data protection, the Information Commissioner's Office (ICO):

• Website: ico.org.uk
• Telephone: 0303 123 1113
• Post: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF

We would, however, appreciate the opportunity to address your concerns directly before you contact the ICO, so please reach out to us first at .

14. Contact Us

For any questions, concerns, or requests relating to this Privacy Policy or how we handle your personal data, please contact us at: