External Policy Notice
Privacy Notice
This privacy notice will help you understand how Piolax Limited, which is part of Piolax Inc. uses and protects your personal data. Your privacy is protected by law, and it is also protected by our data security and protection policies. This page gives you an idea of how we use your data and the safeguards we put in place to protect it. You can contact our voluntarily appointed Data Protection Officer at simon@fifthsquare.co.uk or by phone on 01509 438404, if you have any concerns or wish to exercise your rights. If you are an EU Data Subject you can contact our EU Representative, Rune Peterson, at eurep@fifthsquare.eu . Our EU Representative complies with our obligations under GDPR Article 27 and is established in the Republic of Ireland. Please note that our EU Representative is a Third Party. They will process your personal data in accordance with this Privacy Policy.
Our Promises
To help you on your journey with us we need data about you. We make the following promises about how we will treat this data.
We will only collect data about you that is relevant and necessary.
Your data will only be held on systems that meet high compliance standards.
Your data will only be accessed by those who need it, and we will minimise the amount of data that is processed, wherever possible.
We won’t share or sell your data to any third party, except, if permitted, for the marketing of our own services to you, unless either you have agreed, we are required to share it by law, or we need to fulfil our service commitments.
We will always remember that it is your personal data, not ours. As such we will ensure complete transparency and openness with you wherever possible.
We respect your rights as outlined in the next section and will respond to all requests promptly.
Your Rights
You have certain rights over any data we hold about you:
o Your right of access - You have the right to ask us for copies of your personal information.
o Your right to rectification - You have the right to ask us to rectify personal information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.
o Your right to erasure - You have the right to ask us to erase your personal information in certain circumstances.
o Your right to restriction of processing - You have the right to ask us to restrict the processing of your personal information in certain circumstances.
o Your right to object to processing - You have the right to object to the processing of your personal information in certain circumstances.
o Your right to data portability - You have the right to ask that we transfer the personal information you gave us to another organisation, or to you, in certain circumstances.
Where we use or store your personal data, because you have given your consent, you have the right to withdraw your consent at any time. For example, if you have subscribed to our mailing list you have an opportunity to unsubscribe at any time. You can read more about your rights here.
If you would like to uphold your rights, then please contact our Data Protection Officer at simon@fifthsquare.co.uk
If you are dissatisfied with our response, you also have the right to lodge a complaint with the Data Protection Authority. This can be done at https://ico.org.uk/concerns/.
How we Collect your Data
Typically, the data we process comes from the following sources:
o Either you or your employer provides your personal data as part of a contract we hold with your employer. We handle this data based on Contractual Obligation.
o On behalf of an organisation, you have enquired about our service or signed up to our mailing lists. We handle this data based on our Legitimate Interests.
o Other engagement with us through social media, email, phone or at events or undertaken surveys including recruitment.
o If you belong to an organisation, we may source your information from public databases and other sources for our Legitimate Interests. If you ask for us to send information about our services to someone else, you warrant you have the consent from them to share their data with us.
What Data we Collect
We try and minimise the data held and the exact data elements we hold will be dependent on your journey with us.
· Name
· Telephone Contact Details
· Email Address
· Employer Company Details including your job title
· Social Media Identifiers such as LinkedIn
· Information you give us – for example when you request information, enter a contract with us, apply for a job with us or communicate with us.
When you visit our website, we may also capture details of your visits such as pages viewed and the resources that you access. Such information includes traffic data, location data and other communication data. We may use targeted advertising based on your job role, location or other metrics that are available in the public domain.
Where permitted calls from or to us may be recorded for information, quality and training purposes.
What we use your Data for
We use your data to deliver our services to you or to market to you.
Every marketing communication allows you to opt out of receiving emails & phone calls for that campaign, except for the purposes of fulfilling any contractual obligation. You can also contact us at the email address above and request to uphold your rights. If you request for your data to be deleted, your name and email address will be added to an exceptions list and all other data removed.
How we Process your Data
Data is processed/stored locally and on encrypted third party hosted cloud services such as Microsoft 365 and Azure.
In addition, we may use Large Language Models (LLM) to help us fulfil some of our services. A full list of these systems can be provided on request. These services all have strong data security at the heart of their systems including ISO27001 and SOC2 certification.
If we connect on Social Media platforms, we may transfer this information to our platforms to track our interactions.
Data is processed in either the UK, EEA/EU data centres or on US based servers that have demonstrated strong Data Security. Due to our global reach we may also process your data in countries outside the UK or European Union from time to time in other aspects of our business. Further to Section 119A of the Data Protection Act 2018 and noting Case C-311/18 in the European Court of Justice, if your data is transferred or processed outside of the UK or EEA we ensure the safeguards of International Data Transfer Agreements (IDTAs) or Addendums are enforced. Where this is not possible, we ensure that European Standard Contractual Clauses are entered. We regularly review suppliers for data security compliance to ensure your data is safe and track where your data is held. If Piolax is involved in a merger, acquisition or asset sale, personal data may be transferred between parties.
Retaining your Data
Dependant on the data you provide us and for what purpose it is provided we may need to retain your data for up to 7 years following the end of engagement with you or our client. If you wish to find out more about your specific data retention, please contact us.
Legal Compliance
We seek to uphold our legal obligations as covered by the Data Protection Act 2018, Data Use and Access Act 2025 and the General Data Protection Regulation 2016. Our Data Protection Authority is designated as the Information Commission (IC) formally the Information Commissioners Office (ICO). This Privacy Policy is reviewed on a regular basis and was last reviewed in March 2026. We retain the right to update this notice at any time, and the latest version will always be displayed on our website. If we make material changes to this Privacy Notice, we will notify affected users before the changes take effect.
California Privacy Rights (CCPA/CPRA)
If you are a California resident, you have specific rights regarding your personal information under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA). These rights include the right to know what personal information we collect, use, and disclose; the right to request deletion or correction of your personal information; the right to opt out of the sale or sharing of personal information; and the right to limit the use of sensitive personal information. We will not discriminate against you for exercising these rights. You may submit a request using the contact details provided in this Privacy Notice.