N-Zyte Privacy Policy

Privacy Policy

Effective date: 4 May 2026

This policy explains how N-Zyte Ltd handles personal data when you visit our website, contact us, or receive business communications from us.

Who we are

N-Zyte Ltd is a private limited company registered in England and Wales.

Field Details
Company number 12128436
Registered office Mirandus Accountants, 5 St Brides St, London, England, EC4A 4AS
Data regulator Information Commissioner's Office (ICO), United Kingdom
ICO registration ZA898463
Contact for data matters governance@n-zyte.co.uk

For the purposes of UK GDPR, N-Zyte Ltd is the data controller for the personal data described below.

What data we collect

Website visitors

- Technical data: IP address, browser type, device type, referral source
- Usage data: pages viewed, session duration, interactions
- Cookie data: see our Cookie Policy

People who contact us or book a call

- Identity: name, job title, employer
- Contact: email address, phone number where provided
- The content of your enquiry

Recipients of our business outreach

- Identity: name, job title
- Contact: business email, business phone where available
- Employer: company name, industry, headcount, country, public business profile such as a LinkedIn URL

We source prospect data from publicly accessible business listings and licensed B2B contact data providers. We do not target sole traders, partnerships, or any contact whose only address is a personal email; UK PECR treats those as individuals and we exclude them from outreach.

Clients

If you engage us for a project, we additionally process the data set out in our engagement contract, which may include client-supplied documents, code, or business records. Those are governed by the engagement contract and a supplementary Data Processing Agreement signed on request.

Why we process your data

Activity Lawful basis under UK GDPR
Responding to your enquiries Contract or legitimate interest, Article 6(1)(b) or 6(1)(f)
Delivering services we have been engaged to deliver Contract, Article 6(1)(b)
Sending B2B business outreach to corporate addresses at UK businesses Legitimate interest, Article 6(1)(f), assessed against ICO direct marketing guidance and PECR Regulation 22 (corporate subscriber rules)
Sending newsletters or marketing to people who have opted in Consent, Article 6(1)(a)
Operating and securing our website Legitimate interest, Article 6(1)(f)
Meeting our tax, accounting, and corporate obligations Legal obligation, Article 6(1)(c)

How to stop business outreach from us

If you receive an email from us and would rather not be contacted again, any of the following will end the sequence and remove your address from active outreach within one working day:

- Reply with "no", "stop", "unsubscribe", or similar — a one-word reply is enough
- Use the Unsubscribe button your email client renders at the top of the message. Every campaign we send carries a List-Unsubscribe header (RFC 8058), which Gmail, Outlook, and similar clients expose as a one-click unsubscribe automatically
- Email governance@n-zyte.co.uk

Once opted out, your address is added to our global suppression list so future campaigns cannot re-target it.

Who we share data with

We use the following categories of service provider to operate the business. Each is bound by a Data Processing Agreement and processes data only on our written instructions.

Provider Used for Region
Microsoft 365 Email, calendar, file storage, Teams UK / EU
Instantly (Foo Monk LLC) Email outreach platform USA
Cloudflare Edge security, DNS, performance USA / global
GoDaddy Domain registration, DNS hosting UK / USA
Asana Project and task management USA
Calendly Meeting scheduling USA
Our accountants and auditors Statutory tax and accounting UK

We do not sell personal data. We do not use your data for automated decision-making that produces legal or similarly significant effects on you.

For the current sub-processor list, including sub-processors used by our cold email platform, contact governance@n-zyte.co.uk.

International transfers

Some of our providers are based in the United States. Where personal data is transferred outside the United Kingdom, we rely on the following safeguards under UK GDPR Articles 44 to 49:

- UK Standard Contractual Clauses (the UK Addendum to the EU SCCs) for processor relationships, or
- The UK International Data Transfer Agreement (IDTA), or
- The UK extension to the EU-US Data Privacy Framework, where the recipient has self-certified

Our cold email platform relies on EU Standard Contractual Clauses Module 2 (Controller to Processor) combined with the UK Addendum.

How long we keep your data

Category Retention
Website analytics 14 months from collection
Enquiry correspondence Up to 24 months from last contact
Prospect data on outreach lists 12 months from last engagement, then deleted
Client records (active engagement) Duration of the engagement plus 7 years on related accounting records (HMRC requirement)
Marketing consents Until withdrawn

Where a provider has its own technical retention period (for example, our cold email platform deletes data within 30 days of contract termination), that runs in addition to the above.

Your rights

Under UK GDPR you have the right to:

- Access the personal data we hold about you
- Correct inaccurate or incomplete data
- Erase your data where one of the grounds in Article 17 applies
- Restrict processing in certain circumstances
- Object to processing carried out under legitimate interest, including objection to direct marketing, which we will always honour
- Port your data to another controller in a structured, machine-readable format
- Withdraw consent at any time, where processing is based on consent
- Lodge a complaint with the Information Commissioner's Office at https://ico.org.uk/make-a-complaint/

To exercise any of the above, email governance@n-zyte.co.uk. We respond within one calendar month, in line with UK GDPR.

Cookies

Our use of cookies is described in our Cookie Policy.

Security

We use industry-standard measures to protect personal data, including:

- Multi-factor authentication on every account that holds personal data
- Encrypted disk on devices used to access personal data
- DKIM, SPF, and DMARC on every sending domain to prevent impersonation
- Vendor due diligence before any new tool that touches personal data is adopted

In the event of a personal data breach likely to result in a risk to your rights and freedoms, we notify the ICO within 72 hours of becoming aware, and we notify affected individuals where the breach is likely to result in a high risk.

Changes to this policy

We may update this policy from time to time. The Effective date at the top of the page reflects the latest version. Material changes are communicated to active clients by email; for prospects and website visitors, the updated policy is posted on this page.

How to contact us

For any data protection question, request, or complaint:

N-Zyte Ltd
Attn: Data Protection
Mirandus Accountants, 5 St Brides St, London, England, EC4A 4AS
governance@n-zyte.co.uk

Access 20+ of the world’s leading data specialists who have one mission and one mission only – to find profit you can’t see, and turn it into cash, fast.

Book a Call