Privacy Policy
How OPSENSE LIMITED collects, uses and protects your personal data.
Privacy Policy
1. Introduction and Identity of the Data Controller
This Privacy Policy describes how OPSENSE LIMITED ("OPSENSE", "we", "us" or "our") collects, uses, discloses, stores and protects personal data relating to individuals who visit our website at opsense.digital, submit enquiries through our contact forms, engage with us as clients or prospective clients, correspond with us by email or telephone, or otherwise interact with us in the course of our business activities.
OPSENSE LIMITED is registered in England and Wales. Our registered office is located at 5 Great James Street, London, WC1N 3DB, United Kingdom. We operate as a data controller for the purposes of the UK General Data Protection Regulation ("UK GDPR") as retained and amended by the Data Protection, Privacy and Electronic Communications (Amendments etc.) (EU Exit) Regulations 2019, and the Data Protection Act 2018 ("DPA 2018").
We are committed to processing personal data fairly, lawfully and transparently, and to maintaining the security and confidentiality of any information we hold about you. This policy sets out clearly what data we collect, why we collect it, what legal basis we rely upon, how long we keep it and what rights you hold in relation to that data.
If you have any questions about this Privacy Policy or about how we handle your personal data, please contact us at devops@opsense.digital or by post at the address above.
2. Scope of This Policy
This Privacy Policy applies to personal data processed by OPSENSE LIMITED in connection with:
- Visitors to the OPSENSE website at opsense.digital and any subdomains we operate
- Individuals who submit contact forms, enquiries or requests for information through our website
- Individuals who correspond with us by email, telephone or other channels
- Existing and prospective clients and their representatives and authorised contacts
- Suppliers, contractors and subcontractors who work with us
- Job applicants and candidates for positions with OPSENSE LIMITED
- Any other individuals whose personal data we process in connection with our business operations
This policy does not apply to data we process on behalf of our clients as data processors. Where OPSENSE acts as a data processor for a client organisation, the relevant data processing agreement and the client's own privacy policy govern that processing. We maintain separate data processing agreements with each client that involves personal data processing on their behalf.
Our website may contain links to third-party websites. This policy does not apply to those external websites, and we are not responsible for the data practices of organisations other than OPSENSE LIMITED.
3. Personal Data We Collect
3.1 Data You Provide Directly
We collect personal data that you provide to us directly when you:
- Submit an enquiry through the contact form on our website — including your name, email address, company name and the content of your message
- Contact us by email — including your email address, name, job title, company and any other information included in your correspondence
- Contact us by telephone — including your name, telephone number and any information you share during the conversation
- Enter into a client engagement with us — including billing contact details, authorised representatives and project-related information
- Apply for a position with OPSENSE — including your name, contact details, employment history and qualifications
- Subscribe to any communications we issue — including your name and email address
3.2 Data Collected Automatically
When you visit our website, certain data is collected automatically by our web hosting infrastructure and analytics tools. This may include:
- Your IP address and approximate geographic location derived from it
- The type and version of your browser and operating system
- The pages you visit on our website, the order in which you visit them and the time spent on each page
- The referring URL through which you arrived at our website
- Device identifiers and screen resolution data
- Technical performance data relating to page load times and errors encountered
This automatically collected data is used to maintain the technical performance of our website, to understand how visitors use our site and to improve the quality and relevance of the content we provide. For further information about cookies and tracking technologies, please see our Cookie Policy at cookie-policy.html.
3.3 Data Received from Third Parties
We may receive personal data about you from third parties in limited circumstances, including:
- Client organisations who provide us with details of their employees or representatives as part of onboarding for an engagement
- Professional referral networks or professional contacts who introduce potential clients or candidates to us
- Publicly available professional directories and business information sources such as Companies House or LinkedIn, where we are researching potential business relationships
- Background verification services used in the context of recruitment, where applicable and disclosed to the individual
Where we receive personal data about you from a third party, we will handle it in accordance with this Privacy Policy and, where required by UK GDPR, we will inform you that we hold data about you and identify the source, unless doing so would be disproportionate or is not required by applicable law.
4. Purposes of Processing and Legal Bases
We process personal data only where we have a valid legal basis for doing so under UK GDPR. The legal bases we rely upon are set out below alongside the specific purposes of processing.
4.1 Performance of a Contract or Pre-contractual Steps
We process personal data where this is necessary for the performance of a contract to which you are a party, or to take steps at your request before entering into such a contract. This applies to:
- Processing your enquiry and corresponding with you about a potential engagement
- Managing the delivery of services to clients under an executed engagement agreement
- Processing payments and managing billing in connection with client engagements
- Communicating with client representatives, authorised contacts and stakeholders during an engagement
4.2 Compliance with Legal Obligations
We process personal data where this is necessary to comply with our legal obligations under UK law. This includes:
- Maintaining records required for tax and accounting purposes under UK tax legislation
- Responding to lawful requests from law enforcement, regulatory authorities or courts
- Complying with employment law obligations where applicable to our own staff and contractors
- Meeting our obligations under anti-money laundering regulations where applicable to the nature of an engagement
4.3 Legitimate Interests
We process personal data where this is necessary for the purposes of our legitimate interests or those of a third party, provided those interests are not overridden by your interests or fundamental rights and freedoms. The legitimate interests we pursue include:
- Responding to enquiries received through our website or by other means and managing our pre-sales activities
- Maintaining records of our business relationships and client history for the purpose of delivering and improving our services
- Sending relevant business communications to existing clients and contacts where there is a reasonable expectation of receiving such communications
- Monitoring and improving the performance and security of our website and digital systems
- Protecting OPSENSE against fraud, security threats, legal claims and regulatory risk
- Conducting internal business planning, forecasting and performance analysis
- Evaluating and making decisions about potential business partnerships, supplier relationships and recruitment
Where we rely on legitimate interests as our legal basis, we have assessed that our legitimate interests are not overridden by the rights and interests of the individuals concerned. You have the right to object to processing based on legitimate interests; see Section 9 for further information.
4.4 Consent
In limited circumstances, we may ask for your consent to process personal data for specific purposes, such as sending marketing communications to individuals who are not existing clients. Where we rely on consent, you have the right to withdraw it at any time without affecting the lawfulness of processing that took place before withdrawal. Withdrawal of consent can be effected by contacting us at devops@opsense.digital.
5. How We Use Personal Data
More specifically, the personal data we collect is used for the following purposes:
- To respond to enquiries submitted through our website contact forms and by email or telephone
- To assess whether an engagement is commercially and technically suitable and to prepare and issue proposals
- To deliver contracted services to clients, including project management, engineering delivery and operational support
- To issue and collect invoices and manage financial records in accordance with UK accounting and tax obligations
- To communicate project status, milestones, deliverables and technical information to client representatives
- To maintain records of previous engagements and client relationships for operational continuity and quality assurance purposes
- To analyse the use of our website and improve its content, performance and security
- To prevent fraud, unauthorised access and other security incidents affecting our systems or our clients' systems
- To comply with legal, regulatory and contractual obligations applicable to our business
- To assess job applications and manage recruitment processes where applicable
- To administer and manage our contractual relationships with suppliers and subcontractors
We will not use your personal data for automated decision-making that produces legal or similarly significant effects without informing you and ensuring a valid legal basis exists for such processing.
6. Disclosure of Personal Data
6.1 Internal Access
Access to personal data within OPSENSE LIMITED is limited to those members of staff and engaged contractors who need to process that data in order to perform their functions. We apply the principle of least privilege to all internal access controls.
6.2 Service Providers and Data Processors
We engage a limited number of third-party service providers who process personal data on our behalf as data processors. These include:
- Cloud hosting and infrastructure service providers used to operate our website and internal systems
- Email and communication platform providers
- Accounting and financial management software providers
- Project and task management software providers used in the delivery of client engagements
- Website analytics service providers
All third-party processors we engage are required to process personal data in accordance with our instructions and in compliance with applicable data protection law. We enter into data processing agreements with such processors as required by UK GDPR Article 28.
6.3 Professional Advisers
We may disclose personal data to our professional advisers — including solicitors, accountants and insurers — where necessary for the purpose of obtaining professional advice or in connection with legal proceedings.
6.4 Law Enforcement and Regulatory Authorities
We may disclose personal data to law enforcement agencies, regulatory bodies, courts or other public authorities where required or permitted to do so by applicable law, including where we are required to comply with a valid legal order, court order or regulatory direction.
6.5 Business Transfers
In the event that OPSENSE LIMITED undergoes a merger, acquisition, restructuring or sale of all or part of its business or assets, personal data held by us may be transferred to the relevant third party as part of that transaction, subject to appropriate safeguards and notification to affected individuals where required by law.
6.6 No Sale of Personal Data
We do not sell, rent or trade personal data to third parties for their independent marketing or commercial purposes. This is an absolute commitment.
7. International Transfers of Personal Data
OPSENSE LIMITED is a UK-based business and processes personal data primarily within the United Kingdom. Where we engage service providers that process data outside the UK or the European Economic Area, we ensure that appropriate safeguards are in place as required by UK GDPR Chapter V.
Appropriate safeguards for international transfers may include:
- Adequacy regulations issued by the UK Secretary of State recognising that the destination country provides an adequate level of data protection
- UK International Data Transfer Agreements or UK Addenda to EU Standard Contractual Clauses approved by the Information Commissioner's Office
- Binding corporate rules approved by the ICO, where applicable
- Other derogations permitted under UK GDPR Article 49, in exceptional circumstances only
For further information about the international transfers we make and the safeguards in place, please contact us at devops@opsense.digital.
8. Retention of Personal Data
We retain personal data only for as long as necessary for the purposes for which it was collected, or as required by applicable law. The following indicative retention periods apply:
- Enquiry data from website contact forms — up to 24 months from the date of submission, or such longer period as is necessary if the enquiry results in an engagement
- Client engagement data — for the duration of the engagement and for 7 years after its conclusion, to satisfy UK accounting, tax and limitation period requirements
- Financial and accounting records — 7 years from the end of the relevant financial year, as required by UK tax legislation
- Correspondence and communications — up to 7 years from the date of the last communication, where there is a reasonable business purpose for retention
- Website analytics data — typically aggregated and anonymised within 26 months of collection; identifiable data retained for shorter periods
- Recruitment data for unsuccessful applicants — up to 12 months from the conclusion of the relevant recruitment process, unless you request earlier deletion
- Supplier and contractor data — for the duration of the relationship and for 7 years thereafter
At the end of the applicable retention period, personal data is securely deleted or anonymised. Where data must be retained for legal purposes beyond a standard retention period, access is restricted during that extended retention period.
9. Your Rights Under UK GDPR
Under UK GDPR and the Data Protection Act 2018, you have the following rights in respect of your personal data held by OPSENSE LIMITED:
9.1 Right of Access
You have the right to request a copy of the personal data we hold about you and to receive information about how that data is processed. We will respond to subject access requests within one calendar month of receipt, or within three months where the request is complex or numerous, in which case we will notify you of the extended period within the first month.
9.2 Right to Rectification
You have the right to require us to correct any inaccurate personal data we hold about you, and to have incomplete data completed. Please notify us if any data we hold about you is inaccurate or has changed.
9.3 Right to Erasure
You have the right to request that we delete personal data we hold about you in certain circumstances — for example, where the data is no longer necessary for the purpose for which it was collected, where you withdraw consent and there is no other legal basis for processing, or where you object to processing under legitimate interests and there are no overriding legitimate grounds.
The right to erasure does not apply where processing is necessary for compliance with a legal obligation, for the establishment, exercise or defence of legal claims, or in certain other circumstances defined by UK GDPR.
9.4 Right to Restriction of Processing
You have the right to request that we restrict the processing of your personal data in certain circumstances, including where you contest the accuracy of the data, where the processing is unlawful and you prefer restriction to erasure, where we no longer need the data but you require it for legal proceedings, or where you have objected to processing pending our verification of the grounds for processing.
9.5 Right to Data Portability
Where processing is based on consent or on the performance of a contract and is carried out by automated means, you have the right to receive the personal data you have provided to us in a structured, commonly used and machine-readable format, and to have that data transmitted to another controller where technically feasible.
9.6 Right to Object
You have the right to object at any time to the processing of your personal data where we rely on legitimate interests as our legal basis for that processing. Where you object, we will cease processing unless we can demonstrate compelling legitimate grounds that override your interests, rights and freedoms, or where the processing is necessary for the establishment, exercise or defence of legal claims.
You also have the right to object at any time to the processing of your data for direct marketing purposes. Where you object to direct marketing, we will cease processing your data for that purpose promptly.
9.7 Rights in Relation to Automated Decision-Making
You have the right not to be subject to a decision based solely on automated processing, including profiling, that produces legal or similarly significant effects. OPSENSE does not currently employ automated decision-making of this type, but we will notify you if we introduce any such processing and ensure that appropriate safeguards and rights are in place.
9.8 How to Exercise Your Rights
To exercise any of the above rights, please contact us in writing at devops@opsense.digital or by post to OPSENSE LIMITED, 5 Great James Street, London, WC1N 3DB. We may need to verify your identity before responding to your request. We will respond to requests within the timeframes set out in UK GDPR and will not charge a fee for requests unless they are manifestly unfounded or excessive.
10. Security of Personal Data
We implement appropriate technical and organisational security measures to protect personal data against accidental loss, destruction or damage, and against unauthorised or unlawful access, disclosure and alteration. The specific measures we apply include:
- Encryption of data in transit using TLS and, where appropriate, at rest
- Access controls based on the principle of least privilege — data is accessible only to those who need it to perform their role
- Multi-factor authentication on all systems containing personal data
- Regular security patching and vulnerability management on all systems we operate
- Incident detection and response procedures, including breach notification processes
- Staff awareness training on data protection obligations and secure data handling
- Data processing agreements with all third-party processors, requiring equivalent security standards
Despite these measures, no data transmission or storage system can be guaranteed to be 100% secure. If you have concerns about the security of personal data you have provided to us, please contact devops@opsense.digital.
11. Personal Data Breaches
In the event of a personal data breach that is likely to result in a risk to the rights and freedoms of individuals, we will notify the Information Commissioner's Office within 72 hours of becoming aware of the breach, as required by UK GDPR Article 33. Where a breach is likely to result in a high risk to the rights and freedoms of individuals, we will also notify affected individuals directly without undue delay, as required by UK GDPR Article 34.
We maintain an internal personal data breach register and incident response procedure to manage breaches effectively and to ensure compliance with notification obligations.
12. Cookies and Tracking Technologies
Our website uses cookies and similar tracking technologies to function correctly and to analyse visitor behaviour. A full explanation of the cookies we use, the purposes for which they are used and your choices regarding cookies is provided in our Cookie Policy, which is available at cookie-policy.html.
13. Children's Data
Our website and services are directed to business professionals and organisations and are not intended for use by individuals under the age of 18. We do not knowingly collect personal data from anyone under 18 years of age. If you are under 18, please do not submit any personal data to us. If we become aware that we have collected personal data from a person under the age of 18 without verification of parental consent, we will delete that data as quickly as practicable.
14. Right to Complain to the Supervisory Authority
You have the right to lodge a complaint with the Information Commissioner's Office (ICO), which is the supervisory authority for data protection matters in the United Kingdom, if you consider that our processing of your personal data infringes UK GDPR or the Data Protection Act 2018.
The ICO can be contacted at:
- Website: ico.org.uk
- Helpline: 0303 123 1113
- Address: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
We would, however, request that you contact us in the first instance at devops@opsense.digital if you have a concern about how we handle your personal data, so that we have the opportunity to address the matter directly.
15. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our data processing practices, changes in applicable law or other operational requirements. When we make material changes to this policy, we will update the effective date shown at the top of this page and, where appropriate, provide notice of the changes through our website or by direct communication.
We encourage you to review this Privacy Policy periodically. Your continued use of our website or engagement with our services following the posting of changes constitutes your acknowledgement of those changes.
16. Contact Information
For any questions, concerns or requests relating to this Privacy Policy or to our handling of your personal data, please contact us:
- By email: devops@opsense.digital
- By post: OPSENSE LIMITED, 5 Great James Street, London, WC1N 3DB, United Kingdom
- By telephone: +44 707 472 9827
We aim to respond to all data protection enquiries within 10 working days, and in any event within the statutory timeframes applicable to formal requests under UK GDPR.