Last updated: 1 June 2026 · ZORVAYA LTD · zorvaya.wiki
This Privacy Policy sets out how ZORVAYA LTD ("we", "us", "our", "the Company") collects, uses, stores, discloses and otherwise processes personal data in connection with your use of our website at zorvaya.wiki and our engagement with you as a client, prospective client, supplier, business contact or visitor.
ZORVAYA LTD is a company registered in England and Wales. Our registered office and principal place of business is at 205a Dunstable Road, Luton, United Kingdom, LU1 1DD. We are the data controller for all personal data collected and processed through this website and in the course of our business operations, unless otherwise stated in a specific engagement agreement.
We are committed to processing personal data in compliance with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and any other applicable data protection legislation in force in the United Kingdom from time to time.
Our data protection contact can be reached by email at ShahzadHussain@zorvaya.wiki or by post at the registered address above. We will respond to data protection enquiries within the statutory timeframes.
This Privacy Policy applies to all personal data collected and processed by ZORVAYA LTD through the following channels and activities:
This Policy does not cover third-party websites, services or applications that may be accessible via links from our website. We are not responsible for the privacy practices of such third parties, and we encourage you to review their privacy policies independently.
Where we act as a data processor on behalf of a client organisation in the course of delivering AI or machine learning services, the client organisation is the data controller and their privacy policy governs the processing of the personal data we handle on their behalf. Our data processing obligations in those circumstances are governed by a separate Data Processing Agreement concluded with the client.
We collect personal data through a variety of mechanisms and sources. The categories of personal data we may collect and hold include the following:
When you complete our website contact form or submit a work order request, we collect the personal data you provide in that submission. This typically includes your full name, your email address, and the content of your message or project description. Where you voluntarily provide additional information — such as your job title, company name, telephone number or details of your organisation's data environment — we will also collect and process that information.
When you correspond with us by email or by telephone, we collect the information exchanged in that correspondence, including your contact details and the content of communications relating to your enquiry or engagement.
When you visit zorvaya.wiki, our web server and any analytics tools we use may automatically collect certain technical information about your visit. This may include your IP address (which may be capable of identifying you or your organisation in some circumstances), your browser type and version, your operating system, the referring URL from which you reached our site, the pages of our site that you visit and the duration of your visit, the time and date of your visit, and other standard web analytics data.
This data is collected primarily for the purposes of website security, performance monitoring and understanding how our website is used so that we can improve it. We process this data on the basis of our legitimate interests in operating a secure and functional website.
Please refer to our Cookie Policy for detailed information about the use of cookies and similar tracking technologies on our website.
In the course of providing our services, we may receive personal data about you from third parties, including from our clients where you are an employee or contact of a client organisation, from publicly available sources such as company websites or professional networking platforms where you have made your information publicly available, or from referral partners who introduce prospective clients to us. Where we receive your personal data from a third party, we will inform you of this at the earliest reasonable opportunity and in accordance with our obligations under the UK GDPR.
In the course of our business operations, we may generate records relating to enquiries, proposals, contract negotiations and project delivery. These records may contain personal data about you or your colleagues where you are a business contact. We may also derive preference or interest data from your interactions with our website or communications where this is necessary for our legitimate business purposes.
We will only process your personal data where we have a valid legal basis under the UK GDPR to do so. The legal bases we rely upon are as follows:
Where you have entered into a contract with us, or where you have taken steps preparatory to entering into a contract with us (such as by submitting an enquiry or work order), we process the personal data necessary to perform that contract or to respond to your pre-contractual enquiry. This includes processing contact details, project requirements and any information you provide in connection with a scoping proposal or service engagement.
We process certain personal data on the basis of our legitimate interests, where those interests are not overridden by your rights and interests. Our legitimate interests include: operating and maintaining a functional and secure website; managing and developing our business relationships with prospective and existing clients; maintaining records of business communications and engagements; sending business communications to professional contacts about our services where we have a reasonable expectation that those contacts may be interested; and enforcing our contractual and legal rights.
When we rely on legitimate interests as a legal basis, we carry out a balancing assessment to ensure that our interests do not override the fundamental rights and freedoms of the data subject. You have the right to object to processing carried out on this basis (see Section 8 below).
We may process personal data where this is necessary to comply with a legal obligation applicable to us under UK law, including obligations under company law, tax legislation, anti-money laundering legislation, and applicable employment law where relevant.
In limited circumstances, we may process personal data on the basis of your freely given, specific, informed and unambiguous consent. Where we rely on consent, we will make this clear at the point of collection and provide you with a straightforward mechanism to withdraw your consent at any time. Withdrawal of consent will not affect the lawfulness of processing carried out before the withdrawal.
We use the personal data we collect for the following specific purposes:
We will not use your personal data for purposes that are incompatible with the purposes described above without informing you and, where required, obtaining your consent.
We do not sell your personal data to third parties. We do not share your personal data with third parties except in the circumstances described below.
We engage a limited number of carefully selected third-party service providers to assist us in operating our business and providing our services. These include cloud hosting and infrastructure providers, email communication services, project management and collaboration tools, and accounting and financial software. Where these service providers process personal data on our behalf, they act as data processors and we ensure that appropriate contractual safeguards are in place, including data processing agreements that require them to process data only on our instructions and in accordance with applicable data protection law.
We may disclose personal data to our legal advisers, accountants, auditors and other professional advisers where necessary for the purpose of obtaining professional advice or in connection with legal proceedings or anticipated legal proceedings. Such advisers are bound by duties of confidentiality and applicable professional standards.
We may disclose personal data to law enforcement authorities, regulatory bodies, courts or other public authorities where required to do so by law, by order of a court of competent jurisdiction, or where disclosure is necessary to protect the rights, property or safety of ZORVAYA LTD, our clients, our staff or others.
In the event of a merger, acquisition, sale of business assets, financing or similar corporate transaction involving ZORVAYA LTD, personal data held by us may be transferred to the relevant third party as part of that transaction, subject to the transferee maintaining appropriate data protection safeguards.
We may share personal data with third parties in other circumstances not described above where you have given your explicit consent to such sharing.
We are based in the United Kingdom and our primary data processing activities take place within the UK. Some of the third-party service providers we use may be located or may process data outside the United Kingdom. Where personal data is transferred outside the UK to countries that have not been assessed as providing an adequate level of data protection under UK law, we will ensure that appropriate safeguards are in place in accordance with the UK GDPR. These safeguards may include the use of UK International Data Transfer Agreements (IDTAs), standard contractual clauses approved by the UK Information Commissioner, binding corporate rules, or reliance on any applicable derogations under Article 49 of the UK GDPR.
You may request further information about the safeguards in place for international transfers by contacting us at ShahzadHussain@zorvaya.wiki.
You have the following rights in relation to the personal data we hold about you. These rights may be subject to certain limitations and exceptions under applicable law, but we will respond to all requests in accordance with our statutory obligations.
To exercise any of these rights, please contact us in writing at ShahzadHussain@zorvaya.wiki or by post at ZORVAYA LTD, 205a Dunstable Road, Luton, LU1 1DD, United Kingdom. We may need to verify your identity before processing your request. We will not charge a fee for processing your request unless it is manifestly unfounded or excessive.
If you are not satisfied with our handling of your personal data or our response to a rights request, you have the right to lodge a complaint with the Information Commissioner's Office (ICO), the UK supervisory authority for data protection. The ICO can be contacted at www.ico.org.uk or by post at Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF. We encourage you to contact us first so that we have the opportunity to address your concerns directly.
We retain personal data only for as long as is necessary for the purposes for which it was collected and processed, and to comply with our legal and regulatory obligations. The specific retention periods we apply depend on the nature of the data and the purpose for which it was collected.
Personal data collected through website enquiries or work order submissions that do not result in a client engagement is generally retained for a period of twelve months from the date of initial contact, after which it is securely deleted or anonymised unless you have given us consent to retain it for longer or there is another legal basis for continued retention.
Personal data relating to client engagements — including contact details, project correspondence, contracts and delivery records — is retained for a minimum of six years from the end of the relevant engagement in accordance with our legal obligations under company and tax law. Following this period, data is reviewed and deleted or anonymised unless there is a specific reason to retain it further, such as an ongoing dispute or regulatory investigation.
Website analytics data and server log data is retained for a period of twelve months for security and performance monitoring purposes, after which it is aggregated or deleted.
We review our data retention practices on a regular basis and will update this Policy if those practices change materially.
We implement appropriate technical and organisational measures to protect personal data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure or access. These measures are designed to be proportionate to the nature of the personal data and the risks involved in its processing.
Our security measures include, where appropriate: encryption of data in transit using TLS/SSL protocols; encryption of data at rest; access controls and authentication requirements limiting access to personal data to authorised personnel who have a legitimate need to access it; regular security reviews and assessments; and staff awareness of data protection and information security obligations.
No method of electronic transmission or storage is entirely secure, and we cannot guarantee absolute security. In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the Information Commissioner's Office and, where required, notify you directly, in accordance with our statutory obligations under the UK GDPR.
Our website and services are directed at business users and are not intended for use by children under the age of 16. We do not knowingly collect personal data from children under 16 years of age. If we become aware that we have inadvertently collected personal data from a child under 16, we will take immediate steps to delete that data from our systems. If you believe we have collected personal data from a child, please contact us at ShahzadHussain@zorvaya.wiki.
Our website may use cookies and similar tracking technologies to improve your experience and to collect information about how the website is used. Detailed information about the cookies we use, the purposes for which they are used, and how you can manage your cookie preferences is set out in our Cookie Policy, which is available at zorvaya.wiki/cookie-policy.html.
We may update this Privacy Policy from time to time to reflect changes in our data processing practices, applicable law, or for other operational, legal or regulatory reasons. Where we make material changes to this Policy, we will take appropriate steps to notify you, which may include posting a notice on our website or, where we hold your contact details, sending you a direct notification.
The most current version of this Policy will always be available at zorvaya.wiki/privacy-policy.html. The date at the top of this document indicates when the Policy was last updated. Your continued use of our website or services following any update constitutes your acknowledgement of the updated Policy. We encourage you to review this Policy periodically.
If you have any questions, concerns or requests relating to this Privacy Policy or to the processing of your personal data by ZORVAYA LTD, please contact us using the following details:
We aim to respond to all data protection enquiries within 30 days of receipt. For complex requests or where we require additional information to process your request, we may extend this period by up to a further two months, in which case we will notify you of the extension and the reasons for it within the initial 30-day period.
You also have the right to contact the Information Commissioner's Office (ICO) directly if you are not satisfied with our response or believe we are processing your personal data in contravention of the UK GDPR. The ICO is the UK supervisory authority for data protection matters and their contact information is available at www.ico.org.uk.