Privacy Policy

Last updated: 13 November 2025

1. Introduction

This Privacy Policy explains how Helmbyte Ltd (“Helmbyte”, “we”, “us”, “our”) collects, uses and protects personal data when you visit helmbyte.com (the “Website”) or contact us.

We are committed to protecting your privacy and handling your personal data in accordance with applicable data protection laws, including the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. If you are located in the EEA, we also process your personal data in line with the EU GDPR.

2. Who we are and how to contact us

Controller Helmbyte Ltd is the controller of your personal data processed in connection with the Website.

Legal entity: Helmbyte Ltd, a company incorporated in England and Wales
Registered jurisdiction: England and Wales
Contact: via the contact form

If you have questions about this Policy or our data protection practices, you can contact us using the contact form linked above.

3. Scope

This Policy covers:

Visitors to the Website;
Individuals who contact us via the Website’s contact form or by email;
Prospective business customers and partners.

It does not cover personal data we process as part of delivering any specific services under a separate contract. Where applicable, those services may be subject to additional or different terms and data processing arrangements.

4. Personal data we collect

4.1 Data you provide to us

When you use the contact form, we collect:

Name;
Work email address;
Your message, including any information you choose to provide.

If you contact us directly (for example by email or phone), we will process the content of your communication and any contact details you provide.

4.2 Data we collect automatically (analytics and logs)

When you visit the Website, we collect limited information about your visit to help us understand usage and improve the Website. This includes, for example:

the pages you visit and the time and date of your visit;
general information about the device, browser type and operating system;
referrer information (the site that linked you to ours, where available).

We use a privacy-friendly, self-hosted analytics tool that does not use tracking cookies or similar technologies and does not allow us to identify you as an individual. The analytics data we see is aggregated and anonymised.

In addition, our web servers and security systems automatically log technical information (such as IP address, request time, and user-agent) as part of operating and securing the Website.

4.3 Security and anti-abuse tools

The Website uses security technology to protect our forms and infrastructure from spam, automated abuse and attacks. This is implemented using a third-party challenge/verification service (for example, a CAPTCHA/anti-bot solution) which may:

collect technical information such as IP address, user-agent, browser settings and interaction data;
analyse these signals to distinguish legitimate human visitors from automated abuse and to ensure the security and availability of the Website.

This security functionality does not rely on cookies or similar local storage to track you across sites, and is not used for advertising or behavioural profiling.

5. How we use personal data

We use personal data for the following purposes:

a. To operate and provide the Website

delivering content;
ensuring the Website is secure, available and performant.

b. To respond to enquiries

processing contact form submissions;
communicating with you about your enquiry, potential projects, or our services.

c. To maintain security and prevent abuse

detecting and blocking spam or automated abuse of the Website;
protecting our infrastructure from attacks and misuse.

d. To understand and improve the Website

analysing aggregated, anonymous usage patterns;
improving content, navigation and performance.

e. To meet legal and regulatory obligations

keeping appropriate records;
responding to lawful requests from authorities.

f. To pursue and defend legal claims

establishing, exercising or defending legal claims.

6. Legal bases for processing

We rely on the following legal bases under UK/EU data protection law:

We process personal data where necessary for our legitimate interests, provided those interests are not overridden by your rights and interests. This includes:

operating and improving the Website;
ensuring security, preventing fraud and abuse;
maintaining appropriate records;
engaging with potential business customers and partners.

b. Performance of a contract or steps taken at your request (Article 6(1)(b))

Where your enquiry relates to a potential or existing contract with us, we process your personal data as necessary to take steps at your request prior to entering into a contract, or to perform a contract with you or your organisation.

c. Compliance with legal obligations (Article 6(1)(c))

We may process your personal data where necessary to comply with legal obligations, for example relating to accounting, tax, or regulatory requirements.

If we ever rely on your consent (for example, for certain optional communications), we will clearly explain what you are consenting to and you can withdraw your consent at any time by contacting us.

We may share personal data with:

Hosting and infrastructure providers who host the Website and related systems;
Security and anti-abuse providers that protect the Website from spam, bots and attacks;
Analytics infrastructure used to generate aggregated, anonymous usage statistics (self-hosted, under our control);
Professional advisers (such as lawyers, accountants or auditors) where reasonably necessary;
Regulators, law enforcement or courts where we are legally required to do so or where it is necessary to establish, exercise or defend legal claims;
Potential buyers, investors or partners as part of any actual or contemplated merger, acquisition, restructuring or similar corporate transaction, subject to appropriate confidentiality protections.

We do not sell your personal data.

Where we use third parties to process personal data on our behalf, they act as our processors and are subject to contractual obligations to process the data only on our instructions and to protect it appropriately.

8. International transfers

Our primary infrastructure and main establishment are located in the UK. Some of our service providers may be located, or may process personal data, outside the UK or EEA.

Where we transfer personal data outside the UK/EEA, and the destination country has not been deemed to provide an adequate level of protection, we implement appropriate safeguards, such as standard contractual clauses or equivalent measures, as required by applicable law.

You can contact us for more information about the specific safeguards in place.

9. How long we keep personal data

We keep personal data only for as long as necessary for the purposes described in this Policy or as required by law. Retention periods vary depending on the type of data and context, but generally:

Contact form enquiries and related correspondence are kept for up to 3 years after our last interaction with you, to manage our relationship and handle any follow-up.
Technical logs and security-related data are kept for a shorter period (typically 12 months), unless needed longer for security investigations or legal reasons.
Aggregated analytics data is kept for longer periods, but it does not identify individuals.

We may retain certain records for longer where necessary to comply with legal, tax or accounting requirements, or to establish, exercise or defend legal claims.

10. Cookies and similar technologies

We do not use cookies, local storage, tracking pixels or similar technologies to store or access information on your device when you use the Website.

Our analytics is cookie-less and relies on aggregated usage information collected on our own infrastructure, configured so that we cannot identify individual visitors. Security and anti-abuse measures operate using server-side logs and standard technical information transmitted by your browser.

If we introduce any non-essential cookies or similar technologies in the future, we will update this Policy and, where required by law, provide appropriate information and obtain your consent before they are used.

11. Your rights

Depending on where you are located (for example in the UK or EEA), you may have the following rights in relation to your personal data, subject to certain conditions and exemptions:

Right of access – to obtain confirmation as to whether we process your personal data and a copy of that data.
Right to rectification – to have inaccurate or incomplete personal data corrected.
Right to erasure – to request deletion of your personal data in certain circumstances.
Right to restriction of processing – to request that we restrict processing in certain circumstances.
Right to data portability – to receive certain personal data you provided to us in a structured, commonly used and machine-readable format, and to transmit it to another controller where technically feasible.
Right to object – to object to processing based on our legitimate interests, including profiling, and to object at any time to direct marketing.
Right to withdraw consent – where we rely on consent, you can withdraw it at any time (this will not affect the lawfulness of processing based on consent before its withdrawal).

To exercise any of these rights, please contact us using the details in Section 2.

12. Complaints

If you have concerns about how we handle your personal data, we encourage you to contact us first so we can try to resolve your concerns.

You also have the right to lodge a complaint with your local data protection authority. In the UK, this is the Information Commissioner’s Office (ICO):

Website: https://ico.org.uk
Telephone: +44 303 123 1113

If you are in the EEA, you may also contact your local supervisory authority.

13. Changes to this Privacy Policy

We may update this Policy from time to time. When we do, we will revise the “Last updated” date at the top of this page and, where appropriate, notify you by other means.