Last updated: 22 August 2025
1) Who we are
MaxIron Ltd (“MaxIron”, “we”, “us”, “our”), registered office: 3rd Floor, 86–90 Paul Street, London, England, EC2A 4NE, is the controller for personal data processed via maxiron.com (the “Website”) and the MaxIron Portal for consuming MaxIron products and services (the “Portal”).
Contact: office@maxiron.com
This notice explains what we collect, why, how long we keep it, who we share it with, and your rights under the UK GDPR, the Data Protection Act 2018, and the Privacy and Electronic Communications Regulations (PECR).
2) Scope
This policy covers Website visitors and business users who access the Portal on behalf of their employer/customer. We do not target or knowingly collect data from children.
3) Personal data we collect
A. Website usage data (when you visit)
- Device and network data (IP address, browser/OS, referrer URL, pages viewed, timestamps, approximate geolocation).
- Cookies and similar technologies (see our Cookies Policy for details and choices).
Special category data: we do not intentionally collect it.
Automated decisions: none that produce legal or similarly significant effects.
B. Portal account data (when you or your employer create an account)
- Name, work email, username, password (hashed), role/title, company.
- Usage and audit logs (sign-ins, actions taken), support tickets, messages you exchange via the Portal.
- Communications you send us (e.g., email, forms).
- We may receive your details from your colleagues to invite you to the Portal.
We may aggregate/anonymise data for analytics; anonymised data is not personal data.
4) How we use your data & legal bases
| Purpose | Examples | Legal basis |
|---|---|---|
| Operate and secure Website & Portal | Load pages, provide features, prevent abuse, audit logs, debug and support | Legitimate interests (IT security, service operation); Contract (for Portal users) |
| Create and manage Portal accounts | Registration, authentication, roles/permissions | Contract |
| Provide products/services | Deliver Portal features, customer success | Contract |
| Improve and analyse | Metrics, performance, feature usage (aggregated where possible) | Legitimate interests |
| Communicate with you | Operational emails, support replies | Contract / Legitimate interests |
| Marketing (optional) | Newsletters, updates, profiling to tailor messages | Consent (you can withdraw anytime) |
| Legal/compliance | Respond to lawful requests, enforce Terms, protect rights | Legal obligation / Legitimate interests |
Marketing & cookies: We only set non-essential cookies with your consent (PECR). You can change cookie preferences via our banner/settings and unsubscribe from marketing via links in emails or by emailing office@maxiron.com.
5) Retention
We keep personal data only as long as needed for the stated purposes, then delete or anonymise it. Typical periods:
- Website logs: up to 12 months (security/diagnostics).
- Portal account & contract data: duration of the contract + 6 years (tax, audit, limitation).
- Support tickets: 6 years from closure.
- Marketing contacts: until you opt out + up to 24 months to maintain suppression records.
If consent is withdrawn and no other legal basis applies, we stop that processing. These periods may be extended if required by law or for the establishment, exercise or defence of legal claims.
6) Sharing your data (recipients)
We use vetted processors acting on our instructions, such as: cloud hosting and storage, email delivery, analytics, customer support tools, and security monitoring. We also disclose data where required by law (e.g., courts, regulators, law enforcement) or as part of a corporate transaction (merger, acquisition, asset sale) under confidentiality safeguards.
We do not sell your personal data.
7) International transfers
Your data is primarily stored in the United Kingdom. Where we transfer personal data outside the UK (e.g., to a service provider), we implement appropriate safeguards, such as the UK International Data Transfer Agreement (IDTA) or EU Standard Contractual Clauses with the UK Addendum, plus supplementary measures where needed. Details are available on request at office@maxiron.com.
8) Security
We use appropriate technical and organisational measures, including encryption in transit, access controls, least-privilege, logging and monitoring, malware protection, and staff training. We maintain incident response procedures and will notify you and/or the ICO of personal data breaches where required by law.
9) Your rights
You can: access, rectify, erase, restrict processing, object (including to marketing), port your data (where processing is based on consent or contract and done by automated means), and withdraw consent at any time (this doesn’t affect past lawful processing).
- We may need to verify your identity.
- We aim to respond within one month (extendable in complex cases).
- Contact: office@maxiron.com.
- You have the right to complain to the Information Commissioner’s Office (ICO): https://ico.org.uk.
10) Cookies and third-party links
See our Cookies Policy for full details and choices. The Website/Portal may link to third-party sites. Their privacy policies apply; we are not responsible for their practices.
11) Changes to this policy
We may update this notice from time to time. We will post changes here and update the “Last updated” date. If changes are material, we’ll take additional steps to inform you.