Website Privacy Policy

This privacy notice tells you what to expect us to do with your personal information.

● Contact details
● What information we collect, use, and why
● Lawful bases and data protection rights
● Where we get personal information from
● How long we keep information
● Who we share information with
● How to complain

1. Contact Details

Post: Unit 9 Verda Park, Hithercroft Road, Wallingford OX10 9SJ, UK or 131 Crestline Crossing, Suite 530, Nashville, TN 37209, United States

Email: letstalk@dexory.com

Data Controller:D

US: Dexory, Inc. of 131 Crestline Crossing, Suite 530, Nashville, TN 37209, United States

All other territories: Dexory Limited, Unit 9 Verda Park, Hithercroft Road, Wallingford OX10 9SJ, UK

Person Responsible for Data Protection: Adrian Negoita, CTO, Email: adrian@dexory.com

2. What information we collect, use, and why:

We collect or use the following information

To provide services and goods, including delivery and operating our customer accounts
For service updates or marketing
Name, email address,telephone number, business address
Personal address
Marketing preferences
Location data
IP addresses
Dietary requirements
Date of Birth, National Insurance Number, Copies of passports or other photo ID, Employment history, education history, right to work
Racial or ethnic origin, health information, sex life information, sexual orientation information
Correspondence
For recruitment purposes
For dealing with queries and complaints
Name, email address,telephone number, business address
Personal address
Marketing preferences
Location data
IP addresses
Dietary requirements
Date of Birth, National Insurance Number, Copies of passports or other photo ID, Employment history, education history, right to work
Racial or ethnic origin, health information, sex life information, sexual orientation information
Racial or ethnic origin, health information, sex life information, sexual orientation information

3. Lawful bases and data protection rights

We are committed to processing your personal information lawfully, fairly, and transparently in accordance with applicable data protection laws, including but not limited to the Data Protection Act 2018, UK GDPR, EU GDPR, the Australian Privacy Act 1998 (as amended), the Brazilian LGPD, the Canadian PIPEDA, the Israeli Privacy Protection Law, the Mexican Federal Law on the Protection of Personal Data and applicable US state privacy laws. We only collect personal information that is necessary for the purposes described in this notice (data minimisation), and we take reasonable steps to keep it accurate and up to date. Under applicable law, we must have a lawful basis for collecting and using your personal information.

Which lawful basis we rely on may affect your data protection rights which are in brief set out below.

Our lawful bases for the collection and use of your data:

To provide services and goods, including delivery and operating our customer accounts
For service updates or marketing
Consent - we have permission from you after giving you all the relevant information. All of your data protection rights may apply, except the right to object. You have the right to withdraw your consent at any time; withdrawal does not affect the lawfulness of processing carried out before withdrawal. Where we process special category (sensitive) personal data, we rely on your explicit consent as our condition under Article 9(2)(a) UK/EU GDPR and equivalent conditions under applicable laws (including LGPD Article 11 and Israeli Privacy Law). For recruitment data, we may also rely on the employment law condition under Schedule 1 of the Data Protection Act 2018. Where providing information is a contractual or statutory requirement, or necessary to enter into a contract, we will inform you at the time of collection; failure to provide such information may mean we cannot enter into or perform the relevant contract.
Legitimate interests – we’re collecting or using your information because it benefits you, our organisation or someone else, without causing an undue risk of harm to anyone. All of your data protection rights may apply, except the right to portability. Our legitimate interests are because you have enquired about working with us or taking our goods/services.
Contract – we have to collect or use the information so we can enter into or carry out a contract with you. All of your data protection rights may apply except the right to object.
Legal obligation – we have to collect or use your information so we can comply with the law. All of your data protection rights may apply, except the right to erasure, the right to object and the right to data portability.
For recruitment purposes
For dealing with queries and complaints
Consent - we have permission from you after giving you all the relevant information. All of your data protection rights may apply, except the right to object. You have the right to withdraw your consent at any time; withdrawal does not affect the lawfulness of processing carried out before withdrawal. Where we process special category (sensitive) personal data, we rely on your explicit consent as our condition under Article 9(2)(a) UK/EU GDPR and equivalent conditions under applicable laws (including LGPD Article 11 and Israeli Privacy Law). For recruitment data, we may also rely on the employment law condition under Schedule 1 of the Data Protection Act 2018. Where providing information is a contractual or statutory requirement, or necessary to enter into a contract, we will inform you at the time of collection; failure to provide such information may mean we cannot enter into or perform the relevant contract.
Legitimate interests – we’re collecting or using your information because it benefits you, our organisation or someone else, without causing an undue risk of harm to anyone. All of your data protection rights may apply, except the right to portability. Our legitimate interests are because you have enquired about working with us or taking our goods/services .
Contract – we have to collect or use the information so we can enter into or carry out a contract with you. All of your data protection rights may apply except the right to object.
Legal obligation – we have to collect or use your information so we can comply with the law. All of your data protection rights may apply, except the right to erasure, the right to object and the right to data portability.

You can find out more about your data protection rights and the exemptions which may apply in the UK on the ICO’s website:

●  Your right of access - You have the right to ask us for copies of your personal information. You can request other information such as details about where we get personal information from and who we share personal information with. There are some exemptions which means you may not receive all the information you ask for. You can read more about this right here.

●  Your right to rectification - You have the right to ask us to correct or delete personal information you think is inaccurate or incomplete. You can read more about this right here.

●  Your right to erasure - You have the right to ask us to delete your personal information. You can read more about this right here.

●  Your right to restriction of processing - You have the right to ask us to limit how we can use your personal information. You can read more about this right here.

●  Your right to object to processing - You have the right to object to the processing of your personal data. You can read more about this right here.

●  Your right to data portability - You have the right to ask that we transfer the personal information you gave us to another organisation, or to you. You can read more about this right here.

●  Your right to withdraw consent - When we use consent as our lawful basis you have the right to withdraw your consent at any time.

●  Your right not to be subject to automated decisions - You have the right not to be subject to a decision based solely on automated processing (including profiling) that produces legal or similarly significant effects concerning you. Where we use automated decision-making, we will inform you and you may request human review, express your point of view, or contest the decision (UK/EU GDPR Article 22; UK DPA 2018 Section 14).

For other territories:

●  Your right to confirmation of processing (Brazil) - If you are in Brazil, you have the right to confirmation of the existence of processing of your personal data, in addition to the rights listed above (LGPD Article 18).

●  Your right to anonymisation or blocking (Brazil) - If you are in Brazil, you have the right to anonymisation, blocking, or deletion of unnecessary or non-compliant personal data (LGPD Article 18).

●  Your right to information about denying consent (Brazil) - If you are in Brazil, you have the right to information about the possibility of denying consent and the consequences of doing so (LGPD Article 18).

●  Your right to inspect database information (Israel) - If you are in Israel, you have the right to inspect personal information held about you in our databases and to request correction or deletion of inaccurate, incomplete, or outdated information. You may appeal any refusal to the Magistrate's Court (Israeli Privacy Protection Law).

●  Your right to be removed from direct mailing (Israel) - If you are in Israel, you have the right to demand deletion or non-disclosure of your information for direct-mailing purposes (Israeli Privacy Protection Law, Section 17B).

If you make a rights request, we will respond as follows: within one month under UK/EU GDPR (extendable by two further months for complex requests); within 45 days under US state privacy laws including CCPA/CPRA, Virginia CDPA, and Colorado CPA (extendable by a further 45 days where reasonably necessary); within a reasonable time under Canadian PIPEDA and the Australian Data Privacy Act 1998; within 20-day response period may be extended once by an additional 15 days under the Mexican Federal Law on the Protection of Personal Data; and within 30 days under Brazilian LGPD. We will notify you if an extension is required.

To make a data protection rights request, please contact us using the contact details at the top of this privacy notice.

In the US:

If you are a resident of California, Virginia, Colorado, or another US state with applicable privacy laws, you may have the following additional rights:

Right to opt out of sale or sharing - You have the right to direct us not to sell or share your personal information with third parties for cross-context behavioural advertising. To exercise this right, please contact us at [privacy@dexory.com] or click the "Do Not Sell or Share My Personal Information" link on our website homepage.

Right to limit use of sensitive personal information - You have the right to limit our use of your sensitive personal information to purposes necessary to provide our services (CCPA/CPRA).

Right to opt out of targeted advertising and profiling - You have the right to opt out of the processing of your personal data for targeted advertising or profiling that produces legal or similarly significant effects (Virginia CDPA, Colorado CPA). We also honour universal opt-out signals such as browser-based opt-out mechanisms (Colorado CPA).

Right to correct - You have the right to request that we correct inaccurate personal information we hold about you (CCPA/CPRA, Virginia CDPA, Colorado CPA).

Right to appeal - If we decline to act on your privacy rights request, you may appeal our decision by contacting us at [privacy@dexory.com]. If your appeal is denied, you may contact your state Attorney General (see "How to complain" below).

Non-discrimination - We will not discriminate against you for exercising any of your privacy rights, including by denying services, charging different prices, or providing a different level of service (CCPA/CPRA, Virginia CDPA).

To submit a US privacy rights request, please contact us at [privacy@dexory.com] or call [insert toll-free number]. We will respond within 45 days of receiving your request, extendable by a further 45 days where reasonably necessary.

4. Where we get personal information from

● Directly from you
● CCTV footage or other recordings
● Debt collection agencies
● Health care providers
● Publicly available sources
● Previous employers
● Credit reference agencies
● Providers of marketing lists and other personal information
● Suppliers and service providers
● Third Parties: Demandbase


5. How long we keep information

We retain personal information for as long as necessary to fulfil the purposes for which it was collected, as set out below. Where we are required by law to retain information for a longer period, we will do so. We will delete or anonymise your information when it is no longer needed.

Retention periods by category 

Name, email, telephone, business address: under customer contracts as instructed by the customer or for the duration of the contract with the customer plus 90 days; for all other, for as long as the information is required and in the case of information used for site registration 7 days
Recruitment data (including special category data): 6 years after termination of employment
Correspondence and complaints: 2 years from resolution 
IP addresses and location data: 1 month

Categories of third parties we share personal information with, any why

CRM and marketing platforms (e.g. HubSpot) - managing customer relationships and marketing communications. 

Recruitment platforms (e.g. Greenhouse) - processing job applications. 

Cloud infrastructure providers (e.g. AWS, Google Cloud Platform) - hosting and storing data securely. 

Intent data providers (e.g. Demandbase) - identifying and targeting prospective business customers. 

Insurance companies - managing insurance obligations. 

Professional and legal advisors - legal, financial, and compliance advice. 

External auditors - audit and compliance purposes.

International Transfers of Personal Information

Where we transfer personal information internationally, we ensure appropriate safeguards are in place.

Security of Your Personal Information

We implement appropriate technical and organisational measures to protect your personal information against unauthorised access, loss, destruction, or alteration. These measures include encryption, access controls, and regular security assessments. In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the relevant supervisory authority without undue delay and, where required, within 72 hours (UK/EU GDPR), and will notify affected individuals where the breach is likely to result in a high risk.

We Do Not Sell or Share My Personal Information (California Residents)

We do not sell your personal information for monetary consideration. However, certain sharing of personal information with third parties for cross-context behavioural advertising may constitute "sharing" under the California Consumer Privacy Act (CCPA/CPRA). California residents have the right to opt out of such sharing. To exercise this right, please contact us at privacy@dexory.com or click the "Do Not Sell or Share My Personal Information" link on our website homepage.

Children's Privacy

Our website and services are not directed at children under the age of 16. We do not knowingly collect personal information from children under 16. If you believe we have inadvertently collected such information, please contact us at letstalk@dexory.com and we will promptly delete it.

Email Communications

If you receive commercial email communications from us, each message will include: (i) a clear identification that the message is a commercial communication from Dexory; (ii) a functioning opt-out mechanism allowing you to unsubscribe from future commercial emails; and (iii) our valid physical postal address.

To opt out of marketing emails, click the "unsubscribe" link in any email or contact us at letstalk@dexory.com. We will process your opt-out within 10 business days.


6. How to complain

UK Residents:

If you have any concerns about our use of your personal data, you can make a complaint to us using the contact details at the top of this privacy notice.

If you remain unhappy with how we’ve used your data after raising a complaint with us, you can also complain to the ICO.

The ICO’s address:          

Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF

Helpline number: 0303 123 1113

Website: https://www.ico.org.uk/make-a-complaint

US Residents:

If you are a resident of a US state with applicable privacy laws and are not satisfied with our response to your privacy rights request or appeal, you may contact your state Attorney General:

California: California Privacy Protection Agency 
Website: cppa.ca.gov

Virginia: Office of the Attorney General 
Website: oag.state.va.us

Colorado: Colorado Attorney General
Website: coag.gov

EU Residents:

You may complain to the supervisory authority in your EU member state of habitual residence, place of work, or place of the alleged infringement. A list of EU supervisory authorities is available at: 

edpb.europa.eu/about-edpb/about-edpb/members_en

Brazillian Residents:

National Data Protection Authority (ANPD) 
Website: gov.br/anpd 

Canadian Residents:

Office of the Privacy Commissioner of Canada
Website: priv.gc.ca.

Israeli Residents:

Israeli Privacy Protection Authority 
Website: gov.il/en/departments/the_privacy_protection_authority

Australian Residents:

The Office of the Australian Information Commissioner (OAIC)
Website/Enquiries: oaic.gov.au/contact-us

Mexican Residents:

Secretaría Anticorrupción y Buen Gobierno (formerly INAI):
Website: home.inai.org.mx/

Last updated: 11 May 2026

This policy is reviewed at least annually and updated as required to reflect changes in applicable law or our processing activities.