Privacy Policy

This Privacy Policy explains how PREFEX AI LTD processes personal data in connection with this website. It is provided in accordance with Article 13 of the UK General Data Protection Regulation (UK GDPR) and Article 13 of the EU General Data Protection Regulation (EU GDPR / DSGVO), because this website is directed at visitors in both the United Kingdom and Germany.

We have designed this website to collect as little personal data as possible. We use no cookies, no analytics, no tracking, no profiling, and no automated decision-making. The only personal data we hold about you is whatever you choose to send us directly when you contact us, together with the standard technical information described below that is generated automatically when any website is delivered over the internet.

1. Who Is Responsible for Your Data (Controller)

The controller responsible for the processing of personal data described in this policy is:

PREFEX AI LTD

• Registered office and business address: 77 Renfrew Street, Glasgow, G2 3BZ, United Kingdom
• Email: [email protected]
• Telephone: +44 (0)333 335 7530

The controller is represented by Tobias Christian Kaechele.

2. Data Protection Contact

For any questions about this Privacy Policy or about how we handle your personal data, please contact:

Tobias Christian Kaechele, [email protected]

3. What Data We Process, Why, and on What Legal Basis

3.1 Server Log Data (Hosting)

This website is hosted on Cloudflare Pages, a service provided by Cloudflare, Inc. When you visit the site, our hosting provider's servers automatically record standard request information that your browser transmits, including:

• your IP address;
• the URL or resource requested;
• the date and time of the request.

This information is processed so that we can deliver the website to you reliably and securely, and to detect, prevent, and investigate abuse, attacks, and technical faults.

Legal basis: our legitimate interests in operating a functioning and secure website (Article 6(1)(f) UK GDPR / EU GDPR). Our legitimate interest is the secure and stable provision of the website.

3.2 Enquiries by Email or Telephone

If you contact us by email or telephone, we will process the personal data you choose to provide — such as your name, email address, telephone number, and the content of your message — solely in order to receive, understand, and respond to your enquiry.

Providing this information is voluntary. If you do not provide it, we may be unable to respond to your enquiry.

Legal basis: our legitimate interest in responding to and dealing with enquiries addressed to us (Article 6(1)(f) UK GDPR / EU GDPR). Where your enquiry concerns entering into or performing a contract, the legal basis may instead be Article 6(1)(b).

4. Recipients and Processors

We do not sell, rent, or otherwise share your personal data, and we do not disclose it to third parties for their own purposes.

The following processor acts on our behalf:

• Cloudflare, Inc. — provides the hosting and content-delivery infrastructure for this website (see section 3.1). Cloudflare processes server log data on our behalf under a data processing agreement.

We may disclose personal data where we are legally obliged to do so, for example in response to a lawful request from a public authority.

5. International Transfers

Cloudflare is a US-headquartered provider. As part of providing hosting and security, Cloudflare may store or process server log data (including IP addresses) on servers located in the United States or in other countries outside the UK and the European Economic Area (EEA).

Cloudflare is certified under the EU-US Data Privacy Framework (DPF) and the UK Extension to the DPF. Transfers to the United States are therefore based on the respective adequacy decisions of the European Commission and the UK Government. Where the DPF does not apply, transfers are safeguarded by the European Commission's Standard Contractual Clauses (SCCs) and, for transfers from the UK, the UK International Data Transfer Addendum. You can request a copy of the relevant safeguards using the contact details in section 2.

6. How Long We Keep Your Data

• Enquiry data (emails, telephone notes, and related correspondence): where your enquiry leads to a contract or an ongoing engagement, we keep the related correspondence for up to six years after the end of that relationship, in line with the limitation periods for legal claims (the Limitation Act 1980 in the United Kingdom and § 257 HGB in Germany). Where an enquiry does not lead to a business relationship, we delete the correspondence within twelve months. We retain data beyond these periods only where a legal obligation requires it.
• Server log data: we have not enabled server-log retention. Cloudflare does not store HTTP request logs on our behalf by default; any logging Cloudflare carries out for its own security and network-analytics purposes is governed by Cloudflare's own data processing terms and kept only for short, rolling periods.

7. Your Rights

Under the UK GDPR and the EU GDPR, you have the following rights in relation to your personal data:

• Right of access — to obtain confirmation of whether we process your personal data and, if so, a copy of it (Article 15).
• Right to rectification — to have inaccurate personal data corrected and incomplete data completed (Article 16).
• Right to erasure — to have your personal data deleted in certain circumstances (Article 17).
• Right to restriction of processing — to have our processing of your data restricted in certain circumstances (Article 18).
• Right to data portability — to receive certain data in a structured, commonly used, machine-readable format, where applicable (Article 20).
• Right to object — because the processing described in this policy relies on our legitimate interests, you have the right to object, on grounds relating to your particular situation, to that processing at any time (Article 21).

To exercise any of these rights, please contact us using the details in section 2. We will respond within the time limits set by applicable law.

8. Right to Complain to a Supervisory Authority

If you believe that our processing of your personal data infringes data protection law, you have the right to lodge a complaint with a supervisory authority. This is without prejudice to any other legal remedy.

• United Kingdom: the Information Commissioner's Office (ICO), Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF, United Kingdom — ico.org.uk.
• Germany / European Union: you may complain to the supervisory authority of the EU Member State of your habitual residence, place of work, or the place of the alleged infringement. In Germany, this is the data protection authority of the relevant federal state (Landesdatenschutzbehörde). A list of the German supervisory authorities and the federal authority (BfDI) is available at bfdi.bund.de.

9. No Cookies, Tracking, or Automated Decision-Making

This website does not set cookies, does not use web analytics, and does not carry out any tracking, profiling, or advertising measurement. We do not carry out any automated decision-making, including profiling, within the meaning of Article 22 UK GDPR / EU GDPR.

10. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or in the applicable law. The version published on this website is the version that currently applies. Please review this page periodically for any updates.