Embedism Logo
Let's Talk

Privacy Policy & GDPR Statement

Last Updated: February 20, 2026

1. Introduction

Embedism Ltd ("we", "our", or "us") is committed to protecting and respecting your privacy. This policy provides detailed information on how we comply with the General Data Protection Regulation (GDPR) and the UK Data Protection Act 2018.

2. Data Controller

For the purpose of GDPR, the data controller is Embedism Ltd, Arch 534 Orphans Yard, Brixton Station Road, London, SW9 8QB. Our Data Protection Officer can be reached at hello@embedism.com.

3. Legal Basis for Processing

We process personal data under the following legal bases:

  • Contractual Necessity: To fulfill our obligations under contracts for services or products.
  • Legitimate Interests: For business operations, improving our services, and maintaining security, provided these do not override your fundamental rights.
  • Consent: Where you have provided clear, affirmative consent for a specific purpose (e.g., newsletter subscriptions).
  • Legal Obligation: To comply with statutory requirements (e.g., tax and accounting).

4. Information We Collect

We collect only the minimum amount of personal data necessary to provide our services:

  • Identity Data: Name, job title.
  • Contact Data: Email address, phone number, business address.
  • Technical Data: IP address, browser type, and usage data via essential cookies.
  • Communication Data: Records of correspondence when you contact us.

5. Data Retention

We apply a "conservative-yet-compliant" retention policy. Personal data is kept only for as long as necessary to fulfill the purposes it was collected for, including satisfying any legal, accounting, or reporting requirements. Typically, project-related data is retained for 7 years following the end of the contract.

6. Your Rights

Under GDPR, you have the following rights regarding your personal data:

  • Right of Access: Obtain a copy of your personal data.
  • Right to Rectification: Request correction of inaccurate data.
  • Right to Erasure ("Right to be Forgotten"): Request deletion of your data where no overriding legal basis for processing exists.
  • Right to Restrict Processing: Request a temporary halt to data processing.
  • Right to Data Portability: Receive your data in a structured, commonly used format.
  • Right to Object: Object to processing based on legitimate interests or direct marketing.

7. International Transfers

We primarily store and process data within the UK and European Economic Area (EEA). If data is transferred outside these regions, we ensure appropriate safeguards (such as Standard Contractual Clauses) are in place to maintain a level of protection equivalent to GDPR.

8. Data Security

We implement robust technical and organisational measures to prevent unauthorised access, disclosure, or loss of your data. This includes encrypted communications, access controls, and regular security reviews.

9. Complaints

You have the right to lodge a complaint with the Information Commissioner's Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO.

10. Contact

For any privacy-related inquiries or to exercise your rights, please contact us at:

hello@embedism.com