‍

PRIVACY POLICY – ELEVYN SYSTEMS LTD

Last updated: 6 January 2026

This Privacy Policy explains how Elevyn Systems LTD (“Elevyn”, “we”, “us”, “our”) collects, uses, stores, shares, and protects personal data when you:

• visit our websites, including any subdomains (the “Site”);
• use our lead generation and customer relationship management platform and related tools (the “Services”); or
• communicate with us (e.g. email, phone, web forms).

We process personal data in line with the UK GDPR, the Data Protection Act 2018, and (where applicable) PECR and the EU GDPR.

1. Who We Are

Company: Elevyn Systems LTD
Registered address: 71–75 Shelton Street, Covent Garden, London, United Kingdom, WC2H 9JQ
Website: elevynsystems.com
General contact: admin@elevynsystems.com

Data Controller

For most personal data collected via our Site and for our own business operations, Elevyn Systems LTD is the data controller (meaning we decide why and how your personal data is processed).

Data Processor (when you use our platform)

If you are a lead/customer/contact whose details have been uploaded into our platform by one of our business customers, we typically act as a data processor and our customer is the data controller. In that case, you should also refer to that customer’s privacy notice.

2. Scope of This Policy

This Policy applies to:

• Website visitors
• Prospective customers and business leads (B2B)
• Customers and Authorised Users using our Services
• Individuals whose data is stored in our Services by our customers (e.g. leads/contacts)

This Policy does not cover third-party websites, products, or services that we do not control, even if they are linked to or integrated with our Services.

3. Personal Data We Collect

We may collect and process the following types of personal data.

3.1 Data you provide directly

• Identity and contact details: name, job title, company name, business email, business phone number
• Account details (for Service users): username, password (stored securely), profile details, role/permissions
• Billing and admin data: billing address, VAT details, invoices, payment status (note: payment card details are handled by payment providers)
• Communications: support tickets, emails, call notes, chat transcripts, meeting notes, feedback, survey responses
• Preferences: marketing opt-ins/opt-outs and communication preferences
• CRM / platform content (submitted by customers/users): leads, contacts, pipeline data, tags, notes, templates, messages, and any custom fields

3.2 Data collected automatically (Site/Services)

• Technical data: IP address, device identifiers, browser type/version, operating system, time zone/locale
• Usage data: pages visited, clicks, session duration, feature usage, login timestamps, referring URLs
• Log/security data: access logs, error logs, audit logs, security events

3.3 Cookies and similar technologies

We use cookies and similar tools to support core functionality, measure performance, and understand how the Site/Services are used. See Section 11 (“Cookies”) for more.

3.4 AI/automation-related data

If you use AI/automation features within the Services, we may process:

• Inputs you provide (e.g. text, lead information, notes, prompts, templates); and
• Outputs generated (e.g. suggested messages, lead scores, summaries, classifications).

AI outputs are generated to provide functionality inside the Services. You remain responsible for reviewing and verifying outputs before use.

3.5 Data we receive from third parties (B2B context)

We may receive business contact data from:

• Public sources (e.g. company websites and publicly available business listings)
• Professional platforms (e.g. LinkedIn)
• B2B data providers (e.g. Kaspr and Apollo)
• Integration partners you connect to the Services (e.g. calendars, email providers)

We do not intentionally collect special category data (e.g. health, religion) and do not intend the Services for consumer profiling.

4. How We Use Personal Data

We use personal data for the following purposes:

4.1 Operating the Site and Services

• creating and managing user accounts
• providing CRM/lead management features (pipelines, contact management, reporting)
• enabling integrations and workflows
• providing customer support and responding to enquiries

4.2 B2B signal-based lead generation and outreach (where applicable)

Where we process business contact data for our own B2B marketing/outreach (or provide tooling to customers), purposes may include:

• ICP analysis and targeting
• signal-based filtering and scoring (e.g. relevance/timing indicators)
• outreach via email, phone, and professional channels
• call booking and lead qualification
• reporting and analytics

Important: We do not claim to have a “secret buyer intent database”. Our approach may use publicly available information and existing B2B sources combined with filtering/scoring logic.

4.3 Payments, billing, and account administration

• processing payments
• sending invoices, receipts, and payment notices
• fraud prevention and transaction verification

4.4 Security, abuse prevention, and service integrity

• monitoring and protecting accounts and systems
• detecting/preventing unauthorised access, spam, misuse, and fraud
• maintaining logs for security and auditing

4.5 Product improvement and analytics

• analysing usage patterns and performance
• testing features and improving reliability
• generating aggregated statistics (where possible)

4.6 Legal and compliance

• complying with legal obligations (tax, accounting, regulatory requests)
• enforcing our Terms and protecting our rights

5. Lawful Bases for Processing

Where UK GDPR/EU GDPR applies, we rely on one or more of the following lawful bases:

• Contract: processing necessary to provide the Services or take steps at your request before entering a contract.
• Legitimate interests: to operate and grow our B2B business, maintain security, improve the Services, and conduct proportionate B2B outreach, provided your rights do not override our interests.
• Consent: where required (e.g. non-essential cookies; certain marketing in some contexts).
• Legal obligation: where we must comply with law (e.g. tax records, lawful requests).

PECR note (marketing rules)

For email/SMS marketing rules (PECR), requirements depend on the context (e.g. business vs individual subscribers, consent requirements, opt-outs). We aim to apply appropriate controls and always provide opt-out routes where required.

6. How We Share Personal Data

We may share personal data with:

6.1 Sub-processors / service providers

We use vetted providers to run our business and Services, such as:

• GoHighLevel (platform/CRM infrastructure where applicable)
• Google Workspace (email and collaboration)
• Stripe / PayPal (payments)
• Webflow (website hosting/content)
• Aircall (telephony, where used)
• LinkedIn (professional platform interactions, where applicable)
• Kaspr / Apollo (B2B data sources, where applicable)
• Analytics and monitoring providers (e.g. website analytics)

These providers process personal data under contracts that require confidentiality and appropriate safeguards.

6.2 Integrations you enable

If you connect third-party tools, data may be shared with those tools as part of the integration.

6.3 Legal and compliance

We may disclose information where necessary to:

• comply with law, regulation, legal process, or governmental request;
• enforce our Terms; or
• protect rights, property, safety, and users.

6.4 Business transfers

If we undergo a merger, acquisition, restructuring, or sale of assets, personal data may be transferred as part of that transaction (subject to appropriate protections).

6.5 No sale of personal data

We do not sell your personal data.

7. International Transfers

We may store/process data in the UK, EEA, and other countries (including the United States) depending on our providers and infrastructure.

Where personal data is transferred outside the UK/EEA to a country without an adequacy decision, we use safeguards such as:

• the UK International Data Transfer Addendum and/or
• Standard Contractual Clauses (SCCs),
  plus additional measures where appropriate.

You can contact us to request more information about transfer safeguards.

8. Data Retention

We keep personal data only as long as necessary for the purposes in this Policy, including legal, accounting, and reporting obligations.

Typical retention approach:

• Account and CRM data: for the duration of the customer relationship and a reasonable period after, unless deleted/anonymised earlier.
• Marketing/outreach data: until you opt out, object, or it is no longer needed.
• Security/log data: retained for a limited period appropriate for security/audit needs.

We may anonymise data so it can no longer be linked to an individual, and may keep anonymised data for analytics.

9. Your Rights (UK & EEA)

If UK/EU data protection law applies to you, you may have the right to:

• Access your personal data
• Rectify inaccurate/incomplete data
• Erase your data in certain circumstances
• Restrict processing in certain circumstances
• Object to processing based on legitimate interests and for direct marketing
• Data portability (where applicable)
• Withdraw consent (where processing is based on consent)

How to exercise your rights

Email: admin@elevynsystems.com (Subject: “Data Rights Request”)

Complaints

You can lodge a complaint with the UK regulator: the Information Commissioner’s Office (ICO).

10. If Your Data Is in Our Platform via a Customer

If you believe your data is stored in our Services because a business customer uploaded it (e.g. as a lead/contact):

• that customer is typically the data controller;
• you should contact them first to exercise your rights; and
• we will assist our customer as required under our contractual obligations.

11. Cookies and Tracking Technologies

We may use:

• Strictly necessary cookies (security, login, core features)
• Functional cookies (preferences)
• Analytics cookies (understand usage and performance)

Where required, we will request consent for non-essential cookies via a cookie banner/preferences tool. You can also control cookies via browser settings. Blocking cookies may affect Site/Service functionality.

12. Security

We use reasonable technical and organisational measures to protect personal data, such as:

• access controls and authentication
• monitoring and logging
• limiting access to authorised personnel
• secure configurations and vendor controls

No system is 100% secure; we cannot guarantee absolute security.

13. Children’s Privacy

Our Site and Services are not intended for children under 16, and we do not knowingly collect their personal data.

14. Third-Party Links

Our Site/Services may link to third-party sites or tools. We are not responsible for their privacy practices. Please review their policies separately.

15. Updates to This Policy

We may update this Privacy Policy to reflect changes in our practices, technology, or legal requirements. We will update the “Last updated” date and, for material changes, may provide additional notice (e.g. email or in-app notice).

16. Contact

Elevyn Systems LTD
71–75 Shelton Street, Covent Garden
London, United Kingdom, WC2H 9JQ
📩 admin@elevynsystems.com

‍

‍