Privacy Policy
This policy explains how MONODROMY LTD collects, uses, stores and protects your personal data in accordance with UK GDPR and the Data Protection Act 2018.
1. Introduction
MONODROMY LTD ("we", "us", "our", or "the Company") is a company registered in England and Wales, with its registered office at 19 George Street West, LUTON, LU1 2BJ, United Kingdom. We are committed to protecting and respecting your privacy and handling your personal information in an open and transparent manner.
This Privacy Policy sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed by us. Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it. This policy applies to information we collect through our website at monodromy.click (the "Website"), through our services, through enquiries submitted to us, and through any other interaction you have with us.
We operate in compliance with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and all other applicable data protection legislation in force in the United Kingdom. Where we refer to "applicable data protection law" throughout this policy, we mean all of the foregoing as applicable from time to time.
For the purposes of applicable data protection law, MONODROMY LTD is the data controller in respect of personal data collected through this Website and in the course of providing our services. We are responsible for deciding how and why personal data about you is used.
2. Who We Are
MONODROMY LTD is a United Kingdom company engaged in the provision of custom computer programming services, computer systems design and related services, scientific research and development services, and professional, scientific and technical services. Our registered address is 19 George Street West, LUTON, LU1 2BJ, United Kingdom.
You can contact us in connection with any aspect of this Privacy Policy by:
- Writing to us at: MONODROMY LTD, 19 George Street West, LUTON, LU1 2BJ, United Kingdom
- Emailing us at: assist@monodromy.click
- Telephoning us on: +44 7829 254654
We have designated a point of contact for data protection matters who can be reached at the above contact details. All queries relating to your personal data, the exercise of your rights, or any concern about how we handle personal information should be directed to this contact in the first instance.
3. Information We Collect About You
We may collect and process the following categories of personal data about you:
3.1 Information You Provide to Us Directly
When you interact with our Website or contact us in relation to our services, you may provide us with information about yourself. This includes:
- Identity Data: your full name, job title, professional role and the name of your organisation or institution.
- Contact Data: your email address, telephone number, postal address and other contact details you choose to share with us.
- Correspondence Data: the content of any messages, project descriptions, technical briefs, enquiries, requests or other communications you send to us via email, the contact form on our Website, by telephone or by post.
- Transaction Data: details of services you have requested or purchased from us, including contractual correspondence, invoice records and payment history, to the extent we hold such information about you.
- Preference Data: any preferences, interests or requirements you communicate to us in the course of our business relationship.
3.2 Information We Collect Automatically
When you visit our Website, we may automatically collect technical information about your visit. This may include:
- Technical Data: your internet protocol (IP) address, browser type and version, operating system and platform, the type of device you use to access the Website, and other technical identifiers associated with your visit.
- Usage Data: information about how you use our Website, including pages visited, time spent on each page, links clicked, referral sources, and the date and time of your visit.
- Location Data: approximate geographic location derived from your IP address.
We collect this technical information through cookies and similar tracking technologies. Please refer to our Cookie Policy for detailed information about the cookies we use and how you can manage them.
3.3 Information We Receive from Third Parties
In certain circumstances, we may receive personal data about you from third parties, including:
- Professional networking platforms and directories, where your profile information is publicly available;
- Your employer or colleagues, who may provide your contact details in the course of initiating a business enquiry with us;
- Analytics service providers and technology platforms we use to operate our Website.
4. How We Collect Your Information
We collect personal data about you through the following methods:
- Direct interactions: You may provide data when you complete and submit the contact form on our Website, when you send us an email, when you call us by telephone, when you correspond with us by post, or when you engage with us in any other direct manner.
- Automated technologies: As you navigate our Website, we collect technical and usage data automatically using cookies, server logs and similar technologies.
- Third parties and publicly available sources: We may receive or collect data about you from publicly available sources, professional networks or from third parties with whom you have shared information.
5. How We Use Your Personal Data
We will only use your personal data where we have a lawful basis for doing so. The lawful bases we rely on are set out below, together with the purposes for which we use your personal data:
5.1 Responding to Enquiries and Providing Services
Lawful basis: Contract performance and legitimate interests. We use your Identity Data and Contact Data to respond to enquiries you make to us, to assess whether and how we can assist you, to conduct initial technical scoping discussions, to negotiate and enter into contracts with you, and to deliver our engineering and consulting services. Where we have entered into a contract with you, we process this data as necessary for the performance of that contract. Where we have not yet entered into a contract, we process this data on the basis of our legitimate interest in developing new client relationships and delivering our professional services.
5.2 Managing Our Business Relationship with You
Lawful basis: Contract performance, legal obligation and legitimate interests. Once we are engaged in a service relationship with you or your organisation, we use your personal data to manage that relationship, to communicate with you about project progress, to issue invoices and to maintain our business records. Where required by law, such as for tax and accounting purposes, we process data on the basis of legal obligation.
5.3 Improving Our Website and Services
Lawful basis: Legitimate interests. We use Technical Data and Usage Data to understand how our Website is used, to improve its performance and content, to ensure it operates correctly across different devices and browsers, and to enhance the overall experience we provide. We have a legitimate interest in maintaining and improving our Website as a means of communicating with existing and prospective clients.
5.4 Security and Fraud Prevention
Lawful basis: Legitimate interests and legal obligation. We process personal data as necessary to protect our Website, our systems and our business from unauthorised access, fraudulent activity, cyberattacks and other security threats. We also process data where required by law in connection with security and law enforcement matters.
5.5 Compliance with Legal Obligations
Lawful basis: Legal obligation. We are required by law to retain certain records and to provide certain information to regulatory authorities. We process personal data where necessary to comply with these legal obligations, which may include obligations under company law, tax law, health and safety law, and other applicable regulation.
5.6 Direct Marketing Communications
Lawful basis: Legitimate interests or consent. We may use your Identity Data, Contact Data and Correspondence Data to send you information about our services, publications, industry insights and company news that we believe may be of interest to you. Where you are an existing client or professional contact, we do so on the basis of our legitimate interests in developing our client relationships. In all other cases, we will only contact you for marketing purposes where you have given us your consent to do so. You can withdraw your consent or object to marketing at any time by contacting us at assist@monodromy.click.
6. Disclosure of Your Personal Data
We may share your personal data with third parties in the following circumstances:
6.1 Service Providers and Sub-Processors
We engage third-party service providers to support the operation of our business and Website. These may include providers of hosting services, email platforms, analytics services, payment processing, accounting software and other business tools. We require all such providers to process your personal data only on our instructions and in accordance with applicable data protection law, and to maintain appropriate security measures.
6.2 Professional Advisers
We may share your personal data with lawyers, accountants, auditors and other professional advisers where necessary in connection with the conduct of our business, including in the context of legal proceedings, regulatory matters or due diligence exercises.
6.3 Regulatory Authorities and Law Enforcement
We may disclose personal data to regulatory bodies, law enforcement agencies, courts or other public authorities where we are required or permitted to do so by applicable law, or where we believe in good faith that disclosure is necessary to protect the rights, property or safety of MONODROMY LTD, our clients or others.
6.4 Business Transfers
If MONODROMY LTD or its business is acquired, merged with another entity or undergoes any other form of business reorganisation, personal data held by us may be transferred to the acquiring or successor entity as part of that transaction. We will give reasonable notice of any such transfer where possible and where it would materially affect how your personal data is processed.
6.5 Consent
We may share your personal data with other third parties where you have given your express consent to such sharing.
We do not sell your personal data to any third party, and we do not share your personal data with third parties for their own marketing or advertising purposes without your explicit consent.
7. International Transfers of Personal Data
Our primary operations and data storage are based in the United Kingdom. Where we transfer personal data outside of the UK or the European Economic Area (EEA), we take steps to ensure that such transfers are carried out in accordance with applicable data protection law.
Transfers may occur where our service providers or sub-processors are located in countries outside the UK or EEA. In such cases, we ensure that adequate safeguards are in place, which may include:
- Relying on adequacy decisions made by the UK Government or the European Commission in relation to the destination country;
- Using standard contractual clauses approved by the UK Information Commissioner's Office (ICO) or the European Commission;
- Relying on binding corporate rules or other recognised transfer mechanisms.
You may request further information about the safeguards we have in place for any specific international transfer by contacting us using the details provided in Section 2 of this policy.
8. Data Retention
We will retain your personal data only for as long as is necessary for the purposes for which it was collected, taking into account our legal obligations, the nature of the data and the purposes for which we process it.
In practice, this means that:
- Personal data relating to general enquiries that do not result in a service engagement is typically retained for up to 12 months from the date of the enquiry, after which it is securely deleted unless we have ongoing correspondence with you or a legitimate reason to retain it for longer;
- Personal data relating to client relationships and service engagements is retained for the duration of the engagement and for a period of up to seven years thereafter, in order to comply with our legal obligations under company law, tax law and other applicable regulation;
- Financial records and accounting data, which may include personal data, are retained for a minimum of six years in accordance with HMRC requirements;
- Technical and usage data collected through our Website is typically retained for up to 26 months, depending on the specific type of data and the purpose for which it was collected;
- Marketing data is retained until you withdraw your consent or exercise your right to object to processing, whichever occurs first.
Where we are required by law to retain data for a minimum period, we will do so regardless of any request by you for earlier deletion, and we will inform you of the applicable retention requirement.
9. Your Rights Under UK Data Protection Law
Under UK GDPR and the Data Protection Act 2018, you have a number of rights in relation to your personal data. These rights are summarised below. To exercise any of these rights, please contact us using the details provided in Section 2 of this policy. We will respond to your request within one calendar month of receiving it, though we may extend this period by up to two further months where the request is particularly complex or where we receive a high volume of requests. We will inform you of any such extension and the reasons for it.
9.1 Right of Access
You have the right to request a copy of the personal data we hold about you (commonly known as a "Subject Access Request" or SAR). This right allows you to understand what personal data we process about you and to verify that we are processing it lawfully. We will provide a copy of the relevant personal data free of charge, though we may charge a reasonable administrative fee if your request is manifestly unfounded or excessive.
9.2 Right to Rectification
You have the right to request that we correct any personal data we hold about you that is inaccurate or incomplete. Where we have disclosed your data to third parties, we will also inform them of the correction where it is reasonably practicable to do so.
9.3 Right to Erasure
In certain circumstances, you have the right to request the deletion or removal of personal data we hold about you. This right applies where, for example, the personal data is no longer necessary in relation to the purpose for which it was collected, where you withdraw consent on which processing is based, where you object to processing and there are no overriding legitimate grounds for us to continue, or where the personal data has been unlawfully processed.
This right is not absolute. There are circumstances in which we may decline a request for erasure, including where we are required to retain data to comply with a legal obligation, to establish, exercise or defend a legal claim, or for other legitimate purposes. We will explain our reasons to you if we are unable to comply with an erasure request.
9.4 Right to Restriction of Processing
In certain circumstances, you have the right to request that we restrict the processing of your personal data. This means that we may continue to hold your data but will not use it in the manner previously applied, pending resolution of the issue that has led to the restriction.
9.5 Right to Data Portability
Where we process your personal data on the basis of your consent or for the purposes of performing a contract with you, and where such processing is carried out by automated means, you have the right to receive the personal data you have provided to us in a structured, commonly used and machine-readable format, and to have that data transmitted directly to another data controller where technically feasible.
9.6 Right to Object
You have the right to object to the processing of your personal data where we rely on legitimate interests as our lawful basis. Where you object, we will cease processing your personal data unless we can demonstrate compelling legitimate grounds for continuing that override your interests, rights and freedoms, or where processing is necessary for the establishment, exercise or defence of legal claims.
You also have an absolute right to object to your personal data being processed for direct marketing purposes. We will act on any such objection immediately.
9.7 Rights in Relation to Automated Decision-Making
You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. We do not currently make decisions about you based solely on automated processing.
10. Security of Your Personal Data
We take the security of your personal data seriously and have implemented appropriate technical and organisational measures to protect it against accidental or unlawful destruction, loss, alteration, unauthorised disclosure, or access. These measures include:
- Encryption of data in transit using Transport Layer Security (TLS);
- Access controls and authentication measures to restrict access to personal data to authorised personnel only;
- Regular security assessments and reviews of our information security policies and procedures;
- Staff training and awareness programmes in relation to data protection and information security;
- Secure disposal procedures for data that is no longer required;
- Alignment with ISO 27001 information security management principles.
Notwithstanding these measures, the transmission of information via the internet is not completely secure. Whilst we take all reasonable steps to protect your personal data, we cannot guarantee the security of data transmitted to our Website; any such transmission is at your own risk. Once we have received your data, we apply the security measures described above.
In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the Information Commissioner's Office (ICO) within 72 hours of becoming aware of the breach, as required by UK GDPR. Where the breach is likely to result in a high risk to your rights and freedoms, we will also notify you directly without undue delay.
11. Children's Privacy
Our Website and services are directed exclusively at business professionals and organisations. We do not knowingly collect personal data from individuals under the age of 18. If you are under 18, please do not provide any personal data through our Website or in any other manner. If we become aware that we have inadvertently collected personal data from a person under the age of 18, we will take steps to delete that data as promptly as possible.
12. Third-Party Links and Services
Our Website may contain links to third-party websites, platforms and services that are not owned or controlled by MONODROMY LTD. This Privacy Policy applies only to information collected by us through our Website and our services. We have no control over the content, privacy practices or policies of third-party websites and we encourage you to review the privacy policies of any third-party site you visit.
13. Cookies and Similar Technologies
We use cookies and similar technologies on our Website to enhance your experience, to understand how the Website is used and to improve our services. Cookies are small data files placed on your device when you visit a website. They enable us to collect Technical Data and Usage Data as described in Section 3.2 of this policy.
Our Cookie Policy provides full details of the cookies we use, their purposes and how you can manage or disable them. By continuing to use our Website, you consent to our use of cookies in accordance with our Cookie Policy, subject to the cookie preferences you have set.
14. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our data processing practices, changes in applicable law, or changes to our business. When we make material changes to this policy, we will update the "Last Updated" date at the top of this page and, where appropriate, we will notify you by email or by displaying a prominent notice on our Website.
We encourage you to review this Privacy Policy periodically to remain informed about how we are protecting your personal data. Your continued use of our Website following any changes to this policy will constitute your acknowledgement of those changes.
15. How to Contact Us
If you have any questions, concerns or requests regarding this Privacy Policy or our data protection practices, please contact us by any of the following means:
- By post: MONODROMY LTD, 19 George Street West, LUTON, LU1 2BJ, United Kingdom
- By email: assist@monodromy.click
- By telephone: +44 7829 254654
We will endeavour to respond to all privacy-related enquiries within one calendar month.
16. Your Right to Complain to the ICO
If you have a concern about the way in which we have handled your personal data and you are not satisfied with our response, you have the right to lodge a complaint with the Information Commissioner's Office (ICO), which is the supervisory authority for data protection matters in the United Kingdom.
You can contact the ICO at:
- Website: ico.org.uk
- Address: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
- Helpline: 0303 123 1113
We do ask that you contact us in the first instance to allow us the opportunity to address your concern directly before you escalate your complaint to the ICO.
17. Data Subjects Outside the United Kingdom
This Privacy Policy is written primarily for individuals located in the United Kingdom. If you are accessing our Website or engaging with our services from a jurisdiction outside the United Kingdom, please be aware that your personal data may be transferred to and processed in the United Kingdom, which may have different data protection laws to those in your own jurisdiction.
Where you are located in the European Economic Area (EEA), we rely on Article 46 UK GDPR transfer mechanisms (such as standard contractual clauses) for any transfer of your personal data from the EEA to the United Kingdom, except where the European Commission has made an adequacy decision in respect of the United Kingdom as a third country under EU GDPR.
If you have questions about how data protection laws in your jurisdiction interact with this Privacy Policy, please contact us using the details provided in Section 15.
18. Legitimate Interests Assessment
Where we rely on our legitimate interests as the lawful basis for processing your personal data, we have undertaken a legitimate interests assessment to ensure that our interests do not override your fundamental rights and freedoms. A summary of the legitimate interests we rely on is as follows:
- Business development and client relationship management: We have a legitimate interest in communicating with prospective and existing clients about our services. This interest is proportionate because we limit communications to professionally relevant subjects, restrict them to persons who have already engaged with us or expressed interest in our services, and provide clear and easy means to opt out at any time.
- Website operation and improvement: We have a legitimate interest in operating, securing and improving our Website. We process only the minimum technical data necessary for these purposes and apply appropriate measures to protect it.
- Security and fraud prevention: We have a legitimate interest in protecting our Website, our systems and our business from security threats and fraudulent activity. This processing is necessary and proportionate to the risk that such threats pose.
- Record keeping and business administration: We have a legitimate interest in maintaining accurate business records, including records of communications and commercial interactions. This is necessary for the proper administration of our business and for the establishment or defence of legal claims.
19. Accuracy of Personal Data
We take reasonable steps to ensure that personal data we hold about you is accurate and up to date. We encourage you to notify us promptly of any changes to the personal data you have provided to us, so that we can keep our records accurate. You can do so by contacting us using the details provided in Section 15 of this policy.
Where personal data we hold about you is inaccurate, you have the right to request correction in accordance with Section 9.2 of this policy. We will make reasonable efforts to correct inaccurate data promptly and, where applicable, to inform any third parties to whom the data has been disclosed.
20. Automated Decision-Making
We do not use automated decision-making processes, including profiling, to make decisions about you that produce legal or similarly significant effects. All decisions we make in connection with your personal data — such as whether to proceed with an engagement, how to respond to an enquiry, or how to manage a business relationship — involve human judgement.
If this changes in the future and we introduce automated decision-making in relation to your personal data, we will update this Privacy Policy accordingly and, where required by applicable law, will provide you with meaningful information about the logic involved and the significance and consequences of such processing.
21. Special Categories of Personal Data
We do not intentionally collect special categories of personal data (which includes information about racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data, health data, or data concerning a person's sex life or sexual orientation). Our services are directed to business professionals and organisations, and the information we process in the course of our business is limited to professional and technical matters.
If you inadvertently include special category data in any communication or submission to us — for example, in the body of a message — we will treat it with the highest level of protection and will not use it for any purpose other than responding to your communication. Please refrain from providing special category personal data unless it is strictly necessary for the purpose of your enquiry.
17. Definitions
For the avoidance of doubt, the following terms used in this Privacy Policy have the following meanings:
- "Personal data" means any information relating to an identified or identifiable living individual, as defined in Article 4(1) of UK GDPR.
- "Processing" means any operation or set of operations performed on personal data, including collection, recording, organisation, storage, use, disclosure, transfer and deletion.
- "Data controller" means the natural or legal person who determines the purposes and means of processing personal data.
- "Data processor" means a natural or legal person who processes personal data on behalf of the data controller.
- "UK GDPR" means the UK General Data Protection Regulation, being the retained EU law version of the General Data Protection Regulation (EU) 2016/679 as it forms part of UK law by virtue of section 3 of the European Union (Withdrawal) Act 2018, as amended from time to time.
This Privacy Policy was last reviewed and updated on 1 May 2026. MONODROMY LTD reserves the right to amend this policy at any time. The current version of this policy will always be available on our Website at monodromy.click/privacy-policy.html.