We collect different types of information depending on how you interact with us.

2.1 Information You Provide Directly

When you fill out a contact form, request a quote, or download one of our resources, we collect:

• Your name
• Your email address
• Your phone number (if provided)
• Your company or organisation name
• Details about your project or enquiry (e.g. project type, service required)
• Any additional information you choose to provide

2.2 Information Collected Automatically

When you visit our website, we automatically collect certain technical and usage information, including:

• IP address
• Browser type and version
• Operating system
• Pages visited and time spent on each page
• Referring URL (how you arrived at our website)
• Date and time of your visit

2.3 Cookies and Tracking Technologies

Our website uses cookies and similar technologies to improve functionality and understand how visitors use our site. Please refer to Section 7 (Cookies) for full details.

We use the personal information we collect for the following purposes:

• To respond to your enquiries and project requests
• To provide you with information about our services
• To send you downloadable resources you have requested (guides, checklists, playbooks)
• To follow up on your enquiry or requested resource with relevant information related to your request
• To improve and optimise our website and content
• To analyse website traffic and usage patterns
• To comply with legal obligations
• To protect the security and integrity of our systems

Where you request a resource or submit an enquiry, we may follow up with relevant information related to your request. We will only send broader marketing communications where you have explicitly opted in.
We will never sell your personal data to third parties. We do not use your data for automated decision-making or profiling that would produce legal or similarly significant effects.

For individuals in the European Economic Area (EEA) and the United Kingdom, we process your personal data under the following legal bases. Where we rely on legitimate interests, we have conducted a Legitimate Interests Assessment (LIA) to ensure that our interests are not overridden by your rights.

Legitimate Interests (GDPR Art. 6(1)(f)): Responding to enquiries, providing requested information, improving our website, and protecting our systems. We rely on this basis only where there is a reasonable expectation of contact based on your interaction with our website.

Consent (GDPR Art. 6(1)(a)): Sending marketing communications; placing non-essential cookies (analytics, functional). You may withdraw consent at any time without affecting the lawfulness of processing before withdrawal.

Contract Performance (GDPR Art. 6(1)(b)): Processing data necessary to fulfil or manage a contract or pre-contractual steps taken at your request (e.g. preparing a proposal).

Legal Obligation (GDPR Art. 6(1)(c)): Processing required by law, such as accounting records, tax compliance, or responding to lawful authority requests.

We only collect and process personal data that is necessary for the purposes described in this policy.

We do not sell, rent, or trade your personal data. We may share information with trusted third-party service providers who support our operations, including:

• Email and communication platforms (for responding to enquiries and sending resources)
• Website hosting and infrastructure providers
• Analytics tools (e.g. Google Analytics) to understand website usage
• Form handling and CRM systems used to manage enquiries and communication
• Security services (e.g. Cloudflare Turnstile to prevent spam submissions)

These tools may collect identifiers such as IP address and device information in accordance with their own privacy policies.
All third-party processors are bound by Data Processing Agreements (DPAs) and are contractually required to handle your data securely, use it only for the specified purpose, and comply with applicable data protection laws including GDPR.

We may also disclose your data where required by law, court order, or regulatory authority, or where we believe disclosure is necessary to protect the rights, property, or safety of Mavden, our clients, or the public.

We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected:

• Enquiry and contact data: retained for up to 3 years from your last interaction with us
• Client project data: retained for the duration of the engagement and for a period of 7 years thereafter for legal and accounting purposes
• Analytics and technical data: retained in anonymised or aggregated form for up to 26 months

Retention periods are determined based on business needs, legal obligations, and applicable limitation periods.
When data is no longer required, it is securely deleted or anonymised in accordance with our data retention procedures.

Our website uses cookies, small text files stored on your device, to improve your experience and help us understand how visitors use the site.

For more detailed information about the specific cookies we use, including their purpose and duration, please refer to our Cookie Policy.

7.1 Types of Cookies We Use

• Strictly Necessary Cookies: Required for the website to function. These cannot be disabled.
• Analytics Cookies: Used to understand how visitors use our website. We use tools such as Google Analytics for this purpose.
• Functional Cookies: Enable personalised features and remember your preferences.

7.2 Cookie Consent

When you first visit our website, a cookie consent banner will be displayed. Non-essential cookies (such as analytics cookies) are only placed after you provide your consent, in accordance with applicable data protection and ePrivacy laws. You may withdraw or adjust your consent at any time via the cookie settings available on the website.

The use of non-essential cookies is based on your consent (Article 6(1)(a) GDPR).

7.3 Managing Cookies

You can manage or disable cookies through your browser settings and from Cookie Policy page at any time. Please note that disabling certain cookies may affect the functionality of parts of our website. 

Some of the third-party tools we use may process data outside the European Economic Area (EEA) or the United Kingdom. Where this occurs, we ensure appropriate safeguards are in place, such as:

• Standard Contractual Clauses (SCCs) approved by the European Commission (June 2021 version)
• The UK International Data Transfer Agreement (IDTA) or UK Addendum to EU SCCs, where applicable
• Adequacy decisions issued by the European Commission or UK Secretary of State

Where required, we conduct Transfer Impact Assessments (TIAs) to evaluate the level of protection in the destination country and apply supplementary measures where necessary.

Depending on your location, you may have the following rights under applicable data protection laws (including GDPR and UK GDPR):

• Right of access: Request a copy of the personal data we hold about you
• Right to rectification: Request correction of inaccurate or incomplete data
• Right to erasure: Request deletion of your personal data (subject to legal obligations)
• Right to restriction: Request that we limit processing of your data in certain circumstances
• Right to data portability: Receive your data in a structured, machine-readable format
• Right to object: Object to processing based on legitimate interests or for direct marketing
• Right to withdraw consent: Where processing is based on consent, you may withdraw it at any time without affecting prior lawful processing

To exercise any of these rights, please contact us at legal@mavden.com. We will respond within 30 days (extendable by a further 60 days for complex requests, with notice).
To help us process your request securely, we may need to verify your identity before taking action.

You also have the right to lodge a complaint with a data protection supervisory authority. You may do so with:

• The supervisory authority in your country of residence, workplace, or where an alleged infringement occurred (EU/EEA individuals)
• The Information Commissioner’s Office (ICO) at ico.org.uk (UK individuals)
• The National Supervisory Authority for Personal Data Processing in Romania (ANSPDCP) at dataprotection.ro

You are encouraged to contact us first so we can address your concerns directly at legal@mavden.com.

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, accidental loss, destruction, or alteration. These measures include:

• Secure HTTPS encryption across our website
• Access controls and authentication for internal systems
• Principle of least privilege for data access
• Regular security updates and monitoring
• Data minimisation and controlled data storage

While we take all reasonable steps to protect your data, no method of transmission over the internet is completely secure. In the event of a personal data breach that is likely to result in a high risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours and affected individuals without undue delay, as required by GDPR Article 33 and 34. Where required, affected individuals will be informed with clear guidance on any steps they should take.

Our website may contain links to third-party websites. We are not responsible for the privacy practices or content of those websites. We encourage you to read the privacy policies of any external sites you visit.

Our website and services are not directed at individuals under the age of 16, and we do not knowingly collect personal data from children without appropriate consent where required. If you believe we have inadvertently collected information from a minor, please contact us and we will delete it promptly.

We may update this Privacy Policy from time to time to reflect changes in our practices, services, or legal obligations. When we make changes, we will update the ‘Last Updated’ date found on top of the page.
For material changes that affect how we process your personal data, particularly changes that require your consent or that significantly alter your rights, we will provide active notice (for example, by email or a prominent notice on the website) before the changes take effect. We will not treat your continued use of the website as consent to material changes that require it.

If you have any questions, concerns, or requests related to this Privacy Policy or how we handle your data, please contact us:

Website: mavden.com
Email: legal@mavden.com

We are committed to working with you to resolve any concerns about your privacy fairly and promptly.