Privacy Notice

Introduction

DEVTOWER LTD (“DEVTOWER”, “we”, or “us”) is committed to protecting your privacy and personal data. This Privacy Notice explains how we collect, use, share, and safeguard your personal information when you use our global consulting services for technical implementation and business idea development or improvement. It also outlines your rights regarding your personal data and how you can exercise them, in compliance with the UK General Data Protection Regulation (UK GDPR) and applicable data protection laws.

Who We Are (Data Controller)

DEVTOWER LTD is a company based in the United Kingdom that provides consulting services worldwide. For the purposes of data protection law, DEVTOWER LTD is the “data controller” of your personal data. This means we determine how and why your personal data is processed. If you have any questions about this notice or our data practices, you can find our contact information in the “Contact Us” section below.

Personal Data We Collect

We only collect personal data that is relevant for the purposes described in this notice. This typically includes:

• Name: Your full name (first and last name).
• Email Address: Your email address for communication purposes.
• LinkedIn Profile URL: A link to your LinkedIn profile or similar professional online profile (if you choose to provide it).
• Country of Residence/Location: The country you reside in or are located, which helps us tailor our services and understand our customer base.

We may also collect any other information you voluntarily provide to us. For example, this could include details you share when contacting us (such as your company name, job title, or the content of your inquiries) or information related to your project needs.

Purposes and Legal Bases for Using Personal Data

We use your personal data only for specified, explicit, and legitimate purposes. For each purpose, we rely on a lawful basis under the UK GDPR. These purposes and their legal bases include:

• Providing Consulting Services: We use your name and contact details (and any relevant information about your business needs) to deliver our consulting services, develop or improve your business ideas, and perform the tasks you have engaged us for. Legal basis: Contract – processing is necessary to perform our contract with you or to take steps at your request before entering into a contract.
• Customer Communication: We process your email and other contact information to communicate with you about our services. This includes responding to your inquiries, scheduling consultations, providing updates or reports, and addressing any support issues or questions. Legal basis: Contract – for communications related to an ongoing service engagement; and Legitimate Interests – for general inquiries or follow-up with prospective customers, as we have a business interest in effectively communicating with you (balanced with your rights). In some cases, if required by law (for example, for sending certain marketing or newsletter communications), we will rely on your Consent and you will have the option to opt-in or opt-out.
• CRM and Client Management: We use personal data in our customer relationship management (CRM) systems to keep track of our interactions with you, manage our client accounts, and maintain accurate records of our engagements. Legal basis: Legitimate Interests – it is in our legitimate business interest to efficiently manage customer relationships and records in order to provide high-quality consulting services and follow up appropriately.
• Internal Analytics and Improvement: We may analyze personal data (often in aggregated or de-identified form) to gain statistical insights into our operations. For example, we might review the distribution of clients by country or analyze feedback to improve our services and business strategies. Legal basis: Legitimate Interests – we have a legitimate interest in analyzing and improving our services, operations, and user experience. We ensure that any analytics use of data is proportionate and does not unduly impact your privacy (for instance, by using aggregated data wherever possible).
• Legal Obligations: On occasion, we may need to process personal data to comply with legal or regulatory requirements. For example, we might retain invoicing information for tax law compliance or disclose information if required by a court order. Legal basis: Legal Obligation – processing is necessary for compliance with laws to which we are subject.
• Other Purposes With Your Consent: If we ever need to process your personal data for a purpose outside the ones listed above, we will inform you and, if required, obtain your consent. For instance, if we wanted to feature your success story on our website or send you a newsletter, we would only do so with your explicit consent. In such cases, you have the right to withdraw your consent at any time (withdrawing consent will not affect the lawfulness of any processing that occurred before your withdrawal).

We will not use your personal data for any purpose that is incompatible with the purposes outlined above without first obtaining your consent or unless required/permitted by law.

Data Sharing with Third Parties

We do not sell or trade your personal information. However, we may share your personal data with selected third parties in order to run our business and provide our services, as described below. In all cases, we only share the minimum information necessary and ensure appropriate confidentiality and contractual safeguards are in place:

• Service Providers: We use trusted third-party service providers to support our operations. This includes providers of customer relationship management (CRM) software to organize client information, email and communications platforms to send messages, cloud storage or hosting services to store data securely, and analytics platforms to help us understand and improve our services. These service providers process personal data only on our behalf and under our instructions. They are not permitted to use your data for their own purposes, and they must protect your information in line with our agreements and applicable data protection laws.
• Analytics Services: If we utilize web analytics or similar tools (e.g., to understand website traffic or service usage), those tools may process certain data (such as your device or browser information, which might be considered personal data in some cases). Any analytics providers will be obligated to handle data in compliance with privacy laws and only for our specified purposes. (Note: We currently limit personal data collection to the items listed above and any analytics would generally use anonymized or aggregated information.)
• Legal or Regulatory Requirements: We may disclose personal data to third parties if we are under a duty to do so to comply with any legal obligation. For example, we might have to share information in response to lawful requests by public authorities (such as law enforcement or tax authorities). We may also share data to enforce our contractual agreements or protect the rights, property, or safety of DEVTOWER, our clients, or others (for instance, sharing information with our professional advisors or pursuing remedies in the event of a dispute).
• Business Transfers: In the unlikely event that DEVTOWER LTD undergoes a business transition such as a merger, acquisition, or sale of all or part of our assets, personal data we hold may be transferred to the new owner or partner as part of that transaction. If this happens, we will ensure your data remains subject to equivalent privacy protections and notify you of any significant changes to how your personal data is handled.

Any third parties with whom we share your data are required to use it only for the purposes we’ve specified and to protect it in accordance with data protection law. We do not allow our third-party processors to use your personal data for their own marketing or other purposes.

Data Storage and International Transfers

Storage Locations: Your personal data is stored on secure systems. We primarily use cloud-based services and IT systems to run our business, which means your data may be stored in data centers within the UK or in other countries, depending on where our service providers’ servers are located. We strive to choose reputable providers with robust security standards.

International Data Transfers: Because we serve customers globally and use cloud services, your personal data may be transferred to or accessed in countries outside of the United Kingdom. In particular, some of our third-party service providers (for example, CRM or analytics platforms) might be located outside the UK or the European Economic Area (EEA) – for instance, in the United States or other jurisdictions.

Whenever we transfer your personal data internationally, we take steps to ensure an adequate level of protection for your information in line with UK GDPR requirements. These safeguards may include:

• Relying on countries that the UK (or EU) has determined have acceptable data protection laws (adequacy regulations/decisions).
• Implementing standard contractual clauses (SCCs) or equivalent legal agreements with the receiving party, which legally oblige them to protect your data to UK/EU privacy standards.
• In limited cases, transferring data with your consent or as otherwise permitted by law after informing you of any risks.

You can contact us if you have questions about our international data transfer safeguards. We will ensure that your personal data, no matter where it is processed, remains protected and handled in accordance with this Privacy Notice.

Data Security

We take the security of your personal data seriously. DEVTOWER LTD has implemented appropriate technical and organizational measures to protect your information from unauthorized access, loss, misuse, or alteration. These measures include, for example, using secure servers and encryption technologies, maintaining up-to-date security software, restricting access to personal data to authorized personnel, and providing training to our staff on data protection. While we strive to protect your information, please note that no method of transmission over the internet or electronic storage is 100% secure; however, we continuously review and enhance our security practices to mitigate any risks.

Data Retention

We will retain your personal data only for as long as necessary to fulfill the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.

In practice, this means: if you become a client, we will keep your personal data for the duration of our consulting engagement and for an appropriate period afterwards. This post-engagement retention period allows us to effectively manage our business records, handle any follow-up issues or legal obligations, and maintain records for tax and financial compliance. If you contact us for an inquiry but do not become a client, we will retain your information for only as long as needed to address your inquiry and a short period thereafter in case you have additional questions or to follow up on potential services.

The exact length of time we keep data may vary depending on the context and our legal obligations. For example, financial records (which may include personal data such as your name on an invoice) might be kept for [e.g., six years] to comply with UK tax law and accounting requirements. After our retention periods end, we will either securely delete your personal data or anonymize it (so that it can no longer be associated with you).

If you would like more information about our data retention practices (for example, the specific retention period for a certain type of record), you can contact us using the details below.

Your Rights Under Data Protection Law

Under the UK GDPR (and similar data protection laws), you have several rights regarding your personal data. We respect your rights and have processes in place to help you exercise them. Your rights include:

• Right to Access: You have the right to request confirmation of whether we are processing your personal data, and if so, to ask for a copy of the personal data we hold about you. This allows you to know and review the information we have about you.
• Right to Rectification: If any of your personal data is inaccurate or incomplete, you have the right to request that we correct or update it. We encourage you to let us know if your contact details or other information change.
• Right to Erasure: You have the right to request that we delete your personal data in certain circumstances. This is sometimes called the “right to be forgotten.” For example, you can ask us to erase data if it’s no longer necessary for the purposes for which it was collected, or if you withdraw consent where consent was the lawful basis and we have no other legal ground for processing. Please note that we may not be able to delete data in all situations – for instance, if we are required by law to keep it, or if it’s necessary for legal claims – but we will inform you if that is the case.
• Right to Restrict Processing: You have the right to request that we limit the processing of your personal data in certain situations. This means we would store your data but temporarily stop any other processing. You might exercise this right if you contest the accuracy of your data (while we are verifying it), or if you object to our processing and we are considering that objection.
• Right to Object: You have the right to object to our processing of your personal data when we process it under a lawful basis of legitimate interests. If you object, and your rights outweigh our legitimate interests, we will stop using your data for that purpose. You also have an absolute right to object at any time if your personal data is used for direct marketing purposes; if we ever were to send you marketing emails, you can opt out and we will honor that choice.
• Right to Data Portability: For personal data you have provided to us and which we process by automated means under the legal basis of consent or contract, you have the right to obtain a copy in a structured, commonly used, machine-readable format and to have that data transmitted to another service provider (if technically feasible). In simpler terms, this right allows you to take your data from us and reuse it elsewhere.
• Right to Withdraw Consent: Where we rely on your consent to process personal data (for example, if you agreed to receive a newsletter), you have the right to withdraw that consent at any time. Withdrawing consent will not affect the lawfulness of any processing we conducted before your withdrawal, and it won’t affect processing under other lawful bases. If you withdraw consent, we will cease the processing for which consent was obtained.

Exercising Your Rights: You can exercise any of your rights at any time by contacting us (see the “Contact Us” section below). We will respond to your requests as soon as possible, and in any event within the timeframes required by law (generally within one month). We may need to ask you for certain information to verify your identity before we can fulfill your request, to ensure we don’t disclose data to the wrong person. Exercising your rights is free of charge in most cases. If your request is unusually complex or repetitive, we will let you know if extra time is needed or if a fee might apply (but we will always explain the reason and your options in such cases).

Contact Us

If you have any questions, concerns, or requests regarding this Privacy Notice or how DEVTOWER LTD handles your personal data, please contact us. The best way to reach us is via email:

Email: ivan@devtower.io

This email is monitored by our team (you can address it to Ivan, who handles privacy inquiries). We take privacy questions seriously and will do our best to provide prompt and helpful responses. Whether you want to access or correct your data, withdraw consent, or simply ask a question about our privacy practices, please feel free to contact us at any time.

Complaints and Further Guidance

We hope to resolve any privacy-related issues directly and promptly. However, if you are unhappy with how we have handled your personal data or addressed your concerns, you have the right to lodge a complaint with the relevant supervisory authority.

As DEVTOWER LTD is based in the United Kingdom, our lead supervisory authority is the UK Information Commissioner’s Office (ICO). You can contact the ICO or find more information on their website. The ICO can be reached as follows:

• Website: www.ico.org.uk (provides guidance and an online complaint form)
• Telephone: +44 303 123 1113
• Address: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF, UK.

Filing a complaint with the ICO will not affect any other legal rights or remedies you have. If you reside outside the UK, you may also have the right to lodge a complaint with the data protection authority in your country of residence.

We encourage you to contact us first to see if we can address your concerns directly, but you are free to approach the ICO at any time.

Updates to this Privacy Notice

We may update this Privacy Notice from time to time to reflect changes in our practices or for other operational, legal, or regulatory reasons. If we make significant changes, we will notify you either by email or by placing a prominent notice on our website. The “last updated” date below indicates when this notice was most recently revised. We encourage you to review this Privacy Notice periodically to stay informed about how we are protecting your information.

Last updated: May 15, 2025.