Privacy Policy

Wolnik Systems. Effective date: 06.03.2026. Last updated: 06.03.2026.

1. Who We Are

Wolnik Systems ('we', 'us', 'our') is the data controller responsible for the personal data we collect and process. We are an engineering-led consultancy and software provider operating under the laws of England & Wales.

For data protection enquiries, please use the contact form on this website and specify 'Data protection' in your message.

2. Information We Collect

We may collect and process the following categories of personal data:

2.1 Information You Provide

  • Contact & enquiry data: Name, company, email address, phone number, enquiry type, budget range, timeline, project description and any file uploads submitted via our contact form.
  • Account data: Where you register for an account to access a Product or Service, we may collect your name, email address, username and password (stored in hashed form).
  • Transaction & billing data: Purchase history, payment amounts, billing address and payment method details. Full payment card details are processed by our third-party payment processors and are not stored by us.
  • Communications: Records of correspondence between you and us (emails, messages, support tickets).
  • Feedback & reviews: Comments, reviews, ratings, or feedback you provide about our Products or Services.

2.2 Information Collected Automatically

  • Technical data: IP address, browser type and version, operating system, device type, screen resolution, language preference and time zone setting.
  • Usage data: Pages visited, time spent on pages, navigation paths, referral source, click events and search queries.
  • Analytics data: Aggregated and anonymised usage statistics collected via analytics tools (with your consent where required). See our Cookie Policy for details.
  • Log data: Server logs containing IP addresses, timestamps, request URLs and response codes for security and diagnostic purposes.

2.3 Information from Third Parties

  • App Store data: Where you purchase or download a Product via the Apple App Store, Google Play, or other distribution platforms, we may receive limited transaction, device and usage data from those platforms in accordance with their privacy policies.
  • Business partners: Information received from referral partners, resellers, or integrators in connection with Services.

3. How We Use Your Information

We process your personal data for the following purposes:

  • Responding to enquiries and providing quotes.
  • Delivering Services and Deliverables under a SOW or contract.
  • Providing, maintaining and improving Products (including mobile applications and SaaS platforms).
  • Processing transactions and managing billing.
  • Creating and managing user accounts.
  • Providing customer support and resolving issues.
  • Sending service-related communications (e.g. confirmations, updates, security alerts).
  • Analysing usage to improve the Website, Products and Services.
  • Ensuring security, preventing fraud and enforcing our Terms & Conditions.
  • Complying with legal, regulatory and tax obligations.
  • Sending marketing communications (only where you have opted in or where we have a legitimate interest; you can unsubscribe at any time).

4. Lawful Basis for Processing

We rely on the following lawful bases under UK GDPR:

  • Consent: Where you have given clear consent (e.g. submitting the contact form, accepting analytics cookies, opting in to marketing). You may withdraw consent at any time.
  • Contract: Where processing is necessary for the performance of a contract with you or to take steps at your request before entering into a contract (e.g. delivering Services, fulfilling software purchases).
  • Legitimate interest: Where processing is necessary for our legitimate business interests (e.g. improving our services, managing client relationships, security, fraud prevention) provided these are not overridden by your rights and interests.
  • Legal obligation: Where processing is necessary to comply with a legal obligation (e.g. tax reporting, regulatory compliance, responding to lawful requests from authorities).

5. Data Sharing & Third Parties

We do not sell your personal data. We may share your data with the following categories of recipients where necessary:

  • Service providers & processors: Trusted third parties who assist us in operating the Website, delivering Services, or providing Products (e.g. email delivery services, hosting providers, payment processors, cloud infrastructure, analytics tools). These providers process data on our behalf and are contractually required to protect your data.
  • App Store providers: Apple, Google and other platform operators in connection with distribution, billing and support for mobile applications.
  • Professional advisors: Accountants, lawyers and auditors where necessary for professional advice or compliance.
  • Subcontractors: Where subcontractors are engaged to deliver Services, they may access data necessary for their role and are bound by appropriate confidentiality and data protection obligations.
  • Law enforcement & regulators: Where required by law, regulation, legal process, or governmental request.
  • Business transfers: In connection with a merger, acquisition, reorganisation, or sale of assets, your data may be transferred to the successor entity, subject to appropriate protections.

6. International Data Transfers

Some of our third-party providers may process data outside the United Kingdom. Where personal data is transferred outside the UK, we ensure appropriate safeguards are in place, such as:

  • transfers to countries with an adequacy decision from the UK Secretary of State;
  • Standard Contractual Clauses (SCCs) approved by the Information Commissioner's Office (ICO); or
  • other lawful transfer mechanisms under UK GDPR.

7. Data Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. These measures include encryption in transit (TLS/SSL), access controls, regular security assessments and secure development practices. However, no method of transmission over the internet or electronic storage is 100% secure and we cannot guarantee absolute security.

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the ICO within 72 hours and inform affected individuals without undue delay where required by law.

8. Data Retention

We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, including:

  • Enquiry data: Retained for a reasonable period to respond and follow up and then deleted or anonymised unless a contract is formed.
  • Contract & engagement data: Retained for the duration of the contract plus six (6) years thereafter to comply with legal, tax and regulatory obligations.
  • Account data: Retained for the duration of the account and for a reasonable period after closure.
  • Transaction data: Retained for six (6) years for tax and accounting compliance.
  • Analytics data: Aggregated and anonymised data may be retained indefinitely. Identifiable analytics data is retained for up to twenty-six (26) months.
  • Marketing data: Retained until you unsubscribe or withdraw consent, plus a suppression record to honour your preferences.

You may request earlier erasure where we have no overriding legal basis to retain your data.

9. Your Rights (UK GDPR)

Under UK GDPR, you have the following rights in relation to your personal data:

  • Right of access: Request a copy of the personal data we hold about you.
  • Right to rectification: Request correction of inaccurate or incomplete data.
  • Right to erasure ("right to be forgotten"): Request deletion of your data where there is no compelling reason for continued processing.
  • Right to restrict processing: Request that we limit the processing of your data in certain circumstances.
  • Right to data portability: Request your data in a structured, commonly used, machine-readable format where processing is based on consent or contract and carried out by automated means.
  • Right to object: Object to processing based on legitimate interests, including profiling. Object to processing for direct marketing at any time.
  • Right to withdraw consent: Where processing is based on consent, withdraw your consent at any time without affecting the lawfulness of processing before withdrawal.
  • Rights related to automated decision-making: Not be subject to a decision based solely on automated processing (including profiling) that produces legal effects or similarly significant effects.

To exercise any of these rights, please use the contact form and specify 'Data protection' in your message. We will respond within one (1) month, which may be extended by two (2) further months for complex requests. We may request verification of your identity before processing your request.

We will not charge a fee for exercising your rights unless the request is manifestly unfounded or excessive, in which case we may charge a reasonable fee or refuse the request.

10. Children's Privacy

Our Website, Services and Products are not directed at children under the age of sixteen (16). We do not knowingly collect personal data from children. If we become aware that we have collected personal data from a child without appropriate parental consent, we will take steps to delete that data promptly. If you believe a child has provided us with personal data, please contact us immediately.

11. Automated Decision-Making & Profiling

We do not currently make decisions based solely on automated processing (including profiling) that produce legal effects or similarly significant effects concerning you. If this changes, we will inform you and provide the right to obtain human intervention, express your point of view and contest the decision.

12. Third-Party Links & Services

Our Website and Products may contain links to third-party websites, services, or applications (including App Stores, payment processors and integration partners). We are not responsible for the privacy practices, content, or security of those third parties. We encourage you to read their privacy policies before providing any personal data.

13. Marketing Communications

We will not send you marketing communications unless you have opted in. If you are a Consumer (an individual acting outside a trade, business or profession), electronic marketing always requires your prior opt-in consent — we will not rely on legitimate interest as a basis for marketing to you. Where you are an existing business client, we may contact you about similar products or services under the 'soft opt-in' rule, provided you were given an opportunity to opt out at the time your contact details were collected and on each subsequent communication. You can opt out of marketing at any time by:

  • clicking the unsubscribe link in any marketing email;
  • contacting us via the contact form.

Opting out of marketing does not affect service-related communications (e.g. invoices, security notices, contract updates).

14. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or business operations. Material changes will be posted on the Website with an updated effective date. Where changes are significant, we will make reasonable efforts to notify you (e.g. via email or a prominent notice on the Website). We encourage you to review this policy periodically.

15. Complaints

If you are unhappy with how we have handled your personal data, we encourage you to contact us first so we can try to resolve your concern. You also have the right to lodge a complaint with the Information Commissioner's Office (ICO):

16. EEA and International Visitors

This Privacy Policy is written under UK GDPR and the Data Protection Act 2018, which govern our processing of personal data.

European Economic Area (EEA): If you are located in the EEA, EU Regulation 2016/679 (EU GDPR) may apply to our processing of your personal data in addition to UK GDPR. Our data protection practices are designed to be consistent with both frameworks. You may also have the right to lodge a complaint with the supervisory authority in your EU member state. Where our processing of EEA residents' data involves a transfer to the UK, such transfers are permitted under an adequacy decision by the European Commission.

Other jurisdictions: If you are located outside the UK and EEA, local data protection laws may apply to the extent that they are mandatory. We make no representation that the Website, Products or Services are appropriate or available for use in all jurisdictions. Access from jurisdictions where content is illegal is prohibited.

Regardless of where you are located, we are committed to handling your personal data in accordance with the principles set out in this Privacy Policy.

17. Contact

For data protection enquiries, to exercise your rights, or for any questions about this Privacy Policy, please use the contact form on this website and specify 'Data protection' in your message.