Privacy Policy
This document is enforced as of the 16th of December 2025.
1. Introduction
This Privacy Policy explains how ELLIPSE SOFTWARE GROUP LIMITED, a company incorporated in England and Wales (company number: 16757915), whose registered office is at the bottom of this agreement, trading as ellipse Software (“we”, “us”, “our”), collects, uses, stores, and protects personal data.
This Policy applies to:
- visitors to our websites;
- representatives, employees, and contractors of our business customers;
- users of our software, platforms, and services;
- suppliers and professional contacts.
We do not provide services to consumers directly.
2. Data Controller
For the purposes of the UK General Data Protection Regulation (“UK GDPR”) and the Data Protection Act 2018, ELLIPSE SOFTWARE GROUP LIMITED is the data controller unless otherwise stated.
Contact details:
- [email protected]
- ELLIPSE SOFTWARE GROUP LIMITED, 4th Floor Silverstream House, 45 Fitzroy Street, London, W1T 6EB, United Kingdom
3. Personal Data We Collect
We may collect and process the following categories of personal data:
3.1 Identity & Contact Data
- name, job title, company name;
- business email address;
- business telephone number.
3.2 Account & Usage Data
- login identifiers;
- access logs;
- IP addresses;
- device, browser, and session information.
3.3 Technical & Operational Data
- system logs;
- audit trails;
- error reports;
- security and monitoring data.
3.4 Communications
- emails, tickets, support requests;
- meeting notes and call records (where applicable).
We do not intentionally collect special category data unless explicitly agreed and documented. We do not knowingly collect and/or store data produced by users under the age of 13.
4. How We Use Personal Data
We process personal data for the following purposes:
- to provide and operate our Services;
- to manage customer accounts and access;
- to deliver support and respond to enquiries;
- to monitor performance, availability, and security;
- to comply with legal and regulatory obligations;
- to manage billing, payments, and contracts;
- to improve and develop our Services.
We do not sell personal data and will not in the future.
5. Legal Bases for Processing
Under UK GDPR, we rely on the following lawful bases:
- Contract – where processing is necessary to perform a contract;
- Legitimate interests – for business operations, security, and service improvement;
- Legal obligation – where required by law;
- Consent – where explicitly required (e.g. certain cookies).
Where we rely on legitimate interests, we balance our interests against your rights and expectations.
6. Cookies & Tracking Technologies
6.1 What We Use
Our websites may use:
- essential cookies (required for functionality);
- analytics cookies (to understand usage);
- security and performance cookies.
6.2 Consent
Where required by law, non-essential cookies are used only with consent. You can manage cookie preferences via our website or browser settings.
6.3 Third-Party Cookies
Some cookies may be set by trusted third-party services we use (e.g. analytics, monitoring).
7. Data Sharing
We may share personal data with:
- hosting and infrastructure providers;
- monitoring, analytics, and security vendors;
- professional advisers (legal, accounting);
- regulators or authorities where legally required.
All third parties are required to implement appropriate safeguards.
8. International Transfers
Where personal data is transferred outside the UK:
- we rely on adequacy regulations;
- or appropriate safeguards such as standard contractual clauses.
9. Data Retention
We retain personal data only for as long as necessary for the purposes for which it was collected, including legal, accounting, and regulatory requirements.
Retention periods may vary depending on the nature of the data and contractual obligations.
10. Security Measures
We implement appropriate technical and organisational measures to protect personal data, including:
- access controls and authentication;
- encryption where appropriate;
- monitoring and logging;
- least-privilege principles.
No system is completely secure, and we cannot guarantee absolute security.
11. Data Subject Rights
Under UK GDPR, individuals have rights including:
- right of access;
- right to rectification;
- right to erasure;
- right to restrict processing;
- right to object;
- right to data portability (where applicable).
Requests can be made via [email protected]. We may need to verify identity before responding.
12. Processor Activities
Where we process personal data on behalf of customers:
- we act as a data processor;
- processing is governed by a separate Data Processing Agreement (DPA) or contractual terms.
Customers remain responsible for determining lawful processing purposes.
13. Automated Decision-Making
We do not carry out automated decision-making or profiling that produces legal or similarly significant effects, unless explicitly agreed.
14. Marketing Communications
We may send business-related communications where permitted by law. You may opt out of non-essential communications at any time.
15. Changes to This Policy
We may update this Privacy Policy from time to time. Current and archived versions will be made available, and material changes will be communicated where appropriate.
16. Complaints
If you have concerns, please contact us first.
You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO):
- https://ico.org.uk
17. Contact
For privacy-related enquiries:
- [email protected]
- ELLIPSE SOFTWARE GROUP LIMITED, 4th Floor Silverstream House, 45 Fitzroy Street, London, W1T 6EB, United Kingdom
