Privacy Policy

1. Who We Are

Paidia Consulting Ltd ("we", "us", "our") is a company registered in England and Wales.

We are committed to protecting your privacy and handling your personal data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

2. What Data We Collect

2.1 Website Visitors

Our main website (paidiaconsulting.com) does not use cookies, analytics, or tracking technologies. We do not collect any personal data from casual website visitors.

2.2 Business Enquiries

When you contact us via email, we collect:

• Your name and email address
• Your organisation (if provided)
• The content of your message

This information is used solely to respond to your enquiry and, where appropriate, to discuss potential work together.

2.3 Clients and Suppliers

When we work with you as a client or supplier, we collect:

• Contact details (name, email, phone number)
• Company information (name, address, VAT number)
• Payment and invoicing details
• Project-related communications and documents

2.4 Research Projects and Games

Paidia Consulting develops interactive games and digital platforms, sometimes as part of research projects conducted in collaboration with academic institutions or research organisations.

When acting as a data processor on behalf of research institutions (the data controllers), we may process data collected through these platforms. The specific data collected, its purposes, and retention periods are defined by the research institution's ethics approval and participant information sheets.

Typical data collected in research contexts may include:

• Demographic information (e.g., age, sex at birth, partial postcode, ethnicity)
• Game performance data and scores
• Research-specific measurements
• Timestamps and session identifiers

For any research project you participate in, please refer to the participant information sheet provided by the lead research institution for full details about data handling specific to that study.

3. Legal Basis for Processing

We process personal data under the following legal bases:

• Contract: To fulfil our contractual obligations with clients and suppliers
• Legitimate interests: To respond to business enquiries and manage our business operations
• Consent: Where you have given explicit consent (e.g., for research participation)
• Legal obligation: To comply with legal and regulatory requirements (e.g., tax records)

4. How We Use Your Data

We use your personal data to:

• Respond to your enquiries and provide information about our services
• Deliver contracted services and manage our client relationships
• Process payments and maintain financial records
• Comply with legal and regulatory obligations
• Process research data on behalf of research institutions (as a data processor)

We do not sell your personal data to third parties, nor do we use it for automated decision-making or profiling.

5. Data Sharing

We may share your personal data with:

• Service providers: Cloud hosting providers, email services, and accounting software (all UK/EU based or with appropriate safeguards)
• Research partners: When acting as a data processor, data is shared with the lead research institution as specified in the research agreement
• Professional advisers: Accountants and legal advisers as required
• Regulatory authorities: Where required by law (e.g., HMRC)

We require all third parties to respect the security of your personal data and treat it in accordance with the law.

6. Data Security

We implement appropriate technical and organisational measures to protect your personal data, including:

• Encryption of data in transit and at rest
• Access controls and authentication
• Regular security reviews
• Use of reputable, secure cloud service providers

7. Data Retention

We retain personal data only for as long as necessary for the purposes for which it was collected:

• Business enquiries: 2 years from last contact (unless a business relationship develops)
• Client and supplier records: 7 years after the end of the business relationship (for legal and tax purposes)
• Research data: As specified by the research institution's ethics approval and data management plan

8. Your Rights

Under UK GDPR, you have the following rights:

• Right of access: Request a copy of the personal data we hold about you
• Right to rectification: Request correction of inaccurate or incomplete data
• Right to erasure: Request deletion of your personal data (subject to legal obligations)
• Right to restrict processing: Request that we limit how we use your data
• Right to data portability: Request a copy of your data in a machine-readable format
• Right to object: Object to processing based on legitimate interests
• Right to withdraw consent: Where processing is based on consent, withdraw it at any time

To exercise any of these rights, please contact us at david@paidiaconsulting.com.

For research projects where we act as a data processor, please contact the lead research institution (the data controller) to exercise your rights.

9. International Transfers

We primarily store and process data within the UK and European Economic Area. Where data is transferred outside the UK/EEA (e.g., to cloud service providers), we ensure appropriate safeguards are in place, such as Standard Contractual Clauses or adequacy decisions.

10. Complaints

If you have concerns about how we handle your personal data, please contact us first at david@paidiaconsulting.com.

You also have the right to lodge a complaint with the Information Commissioner's Office (ICO):

11. Changes to This Policy

We may update this privacy policy from time to time. Any changes will be posted on this page with an updated revision date.

12. Contact Us

For any questions about this privacy policy or our data practices, please contact: