Privacy Policy

Last updated: September 25, 2025

1. Introduction

ITLOX ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website or use our services. By accessing or using our services, you agree to the terms of this Privacy Policy.

2. Information We Collect

2.1 Information You Provide

We collect information you directly provide to us, including:

  • Contact information (name, email address, phone number, company name)
  • Interest registration and inquiry details
  • Communication preferences
  • Technical requirements and use case information

2.2 Automatically Collected Information

We automatically collect certain information when you visit our website:

  • IP address and device information
  • Browser type and operating system
  • Pages visited and time spent on our website
  • Referring URLs and exit pages

3. How We Use Your Information and Legal Basis

We process your personal information for the following purposes and under the following lawful bases (GDPR Article 6):

Contract Performance (Article 6(1)(b))

  • Processing your interest registrations and inquiries
  • Providing requested product information and demonstrations
  • Fulfilling our pre-contractual obligations

Legitimate Interest (Article 6(1)(f))

  • Improving our website and services based on usage analytics
  • Conducting security monitoring and fraud prevention
  • Sending relevant business updates about ITLOX developments
  • Marketing our services to existing business contacts

Legal Obligation (Article 6(1)(c))

  • Complying with accounting and tax obligations
  • Responding to law enforcement requests
  • Meeting regulatory reporting requirements

Consent (Article 6(1)(a))

  • Email marketing communications (where required)
  • Optional cookies and tracking technologies
  • Special category data processing (if applicable)

4. Information Sharing and Disclosure

We do not sell, trade, or rent your personal information to third parties. We may share your information only in the following circumstances:

  • With your explicit consent
  • To comply with legal obligations
  • To protect our rights and safety
  • With trusted service providers who assist in our operations (under strict confidentiality agreements)

5. Data Security

We implement appropriate technical and organizational security measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction. However, no internet transmission is completely secure, and we cannot guarantee absolute security.

6. Data Retention

We retain your personal information for the following periods:

  • Contact inquiries: 3 years from last contact
  • Interest registrations: 5 years or until withdrawal of consent
  • Marketing communications: Until unsubscribe or 5 years of inactivity
  • Website analytics: 24 months maximum
  • Legal/compliance records: 7 years as required by law
  • Session data: Deleted when browser session ends

Data is securely deleted or anonymized after the retention period expires, unless longer retention is required by law.

7. Your Rights Under GDPR

If you are in the UK or EU, you have the following rights regarding your personal information:

Right of Access (Article 15)

Request a copy of your personal data and information about how it's processed.

Right to Rectification (Article 16)

Request correction of inaccurate or incomplete personal data.

Right to Erasure (Article 17)

Request deletion of your personal data in certain circumstances.

Right to Restrict Processing (Article 18)

Request limitation of processing in certain circumstances.

Right to Data Portability (Article 20)

Receive your personal data in a structured, commonly used format.

Right to Object (Article 21)

Object to processing based on legitimate interests or for direct marketing.

Right to Withdraw Consent (Article 7)

Withdraw consent at any time where processing is based on consent.

How to Exercise Your Rights

To exercise any of these rights, please contact our Data Protection Officer at:

dpo@itlox.com

We will respond to your request within 30 days (or 60 days for complex requests). We may request additional information to verify your identity.

8. Complaints and Supervisory Authority

You have the right to lodge a complaint with a supervisory authority if you believe your personal data has been processed unlawfully. The relevant authorities are:

UK - Information Commissioner's Office (ICO)

Website: https://ico.org.uk

Phone: 0303 123 1113

Address: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF

EU Member States

Contact your local supervisory authority. A full list is available at: https://edpb.europa.eu/about-edpb/about-edpb/members_en

9. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. We ensure appropriate safeguards are in place to protect your personal information in accordance with applicable data protection laws.

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last updated" date. Your continued use of our services after any changes constitutes acceptance of the updated Privacy Policy.

11. Contact Us and Data Protection Officer

If you have any questions about this Privacy Policy or wish to exercise your rights, please contact us at:

ITLOX

Data Protection Officer:

Email: dpo@itlox.com

Response time: 30 days maximum

General Inquiries:

Email: privacy@itlox.com

General Contact: contact@itlox.com

UK Office (Data Controller):

167-169 Great Portland Street
London, England
W1W 5PF
+442045583728

US Office:

11 Main St
Holmdel, NJ
07733-2105 United States
+17322349844