Privacy Policy

 

Last updated: 24th January 2026

1. Who We Are

C3 Techwave (“we”, “us”, “our”) provides independent readiness assessments and regulatory analysis.

We act as a data controller for personal data processed in connection with our website and services.

Contact details
Email: privacy@c3techwave.com
Registered address: [insert]

2. Scope of This Policy

This Privacy Policy explains how we collect, use, store, and protect personal data in accordance with UK GDPR.

It applies to:

  • visitors to our website
  • individuals who contact us
  • representatives of organisations that engage our services
  • It does not apply to third-party websites or services linked from our site.

Although our services are provided on a business-to-business basis, we inevitably process limited personal data, primarily relating to client contacts and personal data contained within documents provided for assessment. Such processing is incidental to the delivery of our services and is strictly limited to the agreed scope of work.

3. Personal Data We Collect

We collect only data that is necessary and proportionate for the purposes described below.

3.1 Data you provide directly

This may include:

  • name
  • job title
  • organisation name
  • email address
  • telephone number
  • correspondence and enquiries

3.2 Data provided during services

Where organisations engage us, this may include:

  • documents, records, or evidence provided for review
  • personal data contained within those materials
  • We do not require personal data unless it is relevant to the agreed scope of work.

3.3 Website and technical data

We may collect limited technical information such as:

  • IP address
  • browser type
  • pages visited

This data is used only for security, performance, and basic analytics.

4. What We Do Not Do

To avoid any ambiguity, we explicitly state that:

  • we do not conduct surveillance or monitoring
  • we do not perform automated decision-making or profiling
  • we do not infer, enrich, or scrape personal data
  • we do not sell personal data
  • we do not process personal data beyond the agreed scope of work

5. How We Use Personal Data

We use personal data only where there is a clear and lawful purpose, including:

  • responding to enquiries
  • providing agreed services
  • producing readiness or regulatory analysis reports
  • managing contractual and professional relationships
  • complying with legal or regulatory obligations
  • We do not use personal data for marketing unless explicitly requested.

6. Lawful Bases for Processing

We process personal data under one or more of the following lawful bases:

  1. Contractual necessity – to deliver requested services
  2. Legitimate interests – to operate our business responsibly and securely
  3. Legal obligation – where processing is required by law

Where consent is relied upon, it may be withdrawn at any time.

7. Client Responsibilities

Where organisations provide documents or evidence containing personal data, they confirm that:

  • they have the right to share that data with us
  • appropriate notices have been provided to individuals
  • the data is relevant to the agreed scope of work

We rely on these representations when carrying out readiness assessments.

8. Snapshot-in-Time Principle

Personal data processed as part of our services is handled in line with our snapshot-in-time model.

Reports and findings:

  1. reflect information available at the time of review
  2. do not account for future changes
  3. do not imply ongoing monitoring or responsibility
  4. Any further processing requires a new engagement.

9. Data Sharing

We do not share personal data with third parties except:

  1. where required by law
  2. where necessary to deliver agreed services (e.g. secure IT providers)
  3. where explicitly agreed in writing
  4. All third parties are required to apply appropriate safeguards.

10. International Transfers

  • Personal data is not routinely transferred outside the UK.
  • Where international transfers are necessary, appropriate safeguards are applied in accordance with UK GDPR.

11. Data Retention

Personal data is retained only for as long as necessary to:

  • fulfil contractual obligations
  • meet legal, regulatory, or professional requirements
  • establish, exercise, or defend legal claims
  • After this period, data is securely deleted or anonymised.

12. Security Measures

We implement reasonable technical and organisational measures to protect personal data, including:

  • access controls
  • secure storage
  • encryption where appropriate

No system can be guaranteed completely secure, but we take data protection seriously.

13. Your Rights

Under UK GDPR, you have the right to:

  1. access your personal data
  2. request correction of inaccurate or incomplete data
  3. request deletion of your personal data (“right to be forgotten”)
  4. object to processing
  5. request restriction of processing
  6. request data portability, where applicable
  7. lodge a complaint with the Information Commissioner’s Office (ICO)

14. Right to Erasure (Right to be Forgotten)

You have the right to request erasure of your personal data in certain circumstances, including where:

  • the data is no longer necessary for the purpose it was collected
  • you withdraw consent (where consent is the lawful basis)
  • you object to processing and there are no overriding legitimate grounds
  • the data has been processed unlawfully
  • erasure is required to comply with a legal obligation

This right is not absolute. We may retain data where necessary to:

  • comply with legal or regulatory obligations
  • fulfil contractual requirements
  • establish, exercise, or defend legal claims

15. How to Request Erasure or Exercise Your Rights

To exercise your rights, including requesting erasure, please contact:

Email: privacy@c3techwave.com
Subject line: Data Protection Request

We may request verification of your identity before processing the request.
We will respond within one month, in line with UK GDPR requirements.

16. Changes to This Policy

This Privacy Policy may be updated from time to time.

The most current version will always be available on our website.

17. Contact

If you have any questions about this Privacy Policy or how your data is handled, please contact:

privacy@c3techwave.com
C3 Techwave

 

Address

2148 Street Name, City Name, County, 92103

 

Contact

Telephone: +1 555 123 456 789
E-mail: email@example.com

Office hours

Monday Friday
9am 5pm

We need your consent to load the translations

We use a third-party service to translate the website content that may collect data about your activity. Please review the details in the privacy policy and accept the service to view the translations.