Xlaxyronvorg — urban walking notes
Montfichet Rd, London E20 1EJ
+44 20 8221 7300

Legal · Data protection

Privacy policy

How we collect, use, store, and protect personal data when you visit xlaxyronvorg.world or contact Xlaxyronvorg in the United Kingdom.

UK GDPR DPA 2018 Transparency

Scope and commitment

This policy applies to visitors, clients, and anyone who communicates with us through the website, email, or telephone. We act as a data controller for personal data we decide how and why to process. We design our processes to be proportionate: we collect what we need to respond, operate the site, and meet legal duties—no more.

We align with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. Where services touch the European Economic Area, we also respect overlapping EU GDPR principles and provide appropriate safeguards for any restricted transfers.

The date shown at the top of this page is generated when you load it and reflects today’s calendar date in your browser. The substantive policy text may still be updated separately; check the version notes in the “Changes” section.

Who we are

Trading name: Xlaxyronvorg

Address: Montfichet Rd, London E20 1EJ, United Kingdom

Email: assist@xlaxyronvorg.world

Phone: +44 20 8221 7300

Website: xlaxyronvorg.world

For general data protection questions, email is often the fastest route; we may ask you to verify your identity before disclosing information about an account or enquiry.

Advertising and measurement partners

If we use online advertising platforms (for example Google Ads) or related measurement and conversion tools, we aim to align destination pages with our ads, avoid misleading claims, and respect your cookie choices. Data processed through those services may include identifiers, campaign data, and conversion events as described in each provider’s privacy notice. Where UK law requires consent for non-essential technologies, we rely on your cookie preferences and the controls we describe in our cookies policy.

We do not sell your personal data. For a concise overview of who operates this site in the UK, see business information.

Categories of personal data

Depending on how you interact with us, we may process:

  • Identity and contact data: name, email address, postal address if you supply it, and telephone number if you call us.
  • Communication content: the text of messages you send via the contact form or email, including attachments if any.
  • Consent records: whether you agreed to processing where consent is the legal basis, and cookie preferences stored in your browser.
  • Technical data: IP address, browser type and version, time zone, device type, and similar metadata collected by hosting or analytics tools when you enable optional cookies.
  • Usage data: pages viewed, approximate navigation paths, and interaction events where analytics cookies are accepted.

We do not ask you to provide special categories of personal data (such as data revealing racial or ethnic origin, political opinions, or health) through the website. If you voluntarily include such information in a free-text message, we will treat it with additional care and only retain it where there is a lawful basis.

Purposes and lawful bases

Responding to enquiries

We use identity, contact, and message content to reply to questions about routes, collaborations, or studio information. The lawful bases are: performance of steps at your request prior to entering a contract (Article 6(1)(b) UK GDPR) where relevant, and legitimate interests in operating a small creative practice and maintaining professional correspondence (Article 6(1)(f)), balanced against your rights.

Website operation and security

We process technical data to deliver pages, protect against abuse, and maintain logs for short periods where proportionate. This supports legitimate interests in security and service continuity (Article 6(1)(f)).

Marketing and optional analytics

Where we use non-essential cookies or send optional updates, we rely on consent (Article 6(1)(a)), which you may withdraw at any time via the cookie banner or by contacting us.

Legal compliance

We may process data where necessary to comply with legal obligations, such as responding to lawful requests from regulators or courts (Article 6(1)(c)).

Retention periods

We keep personal data only as long as necessary for the purposes described:

  • Contact and client messages: typically up to twenty-four months after the last substantive exchange, unless a longer period is needed for unresolved disputes, complaints, or statutory requirements.
  • Contract and invoicing records: up to seven years where required for tax and accounting law.
  • Cookie and consent logs: for the lifetime of the storage mechanism (for example localStorage until cleared) or as required to demonstrate consent.
  • Server logs: short rolling periods as configured with our host, often between thirty and ninety days unless extended for security investigations.

When retention ends, we delete or anonymise data so it can no longer be linked to you, unless a narrow legal exception applies.

Recipients and processors

We do not sell your personal data. We may share it with:

  • Hosting and infrastructure providers that store site files and transmit pages.
  • Email and productivity providers that deliver or archive messages.
  • Analytics or marketing platforms only if you have enabled the relevant cookies or consented separately.
  • Professional advisers (for example accountants or lawyers) under confidentiality duties.
  • Public authorities when required by law.

Where we appoint processors, we require them to follow our instructions and apply appropriate security measures under Article 28 UK GDPR where applicable.

International transfers

Our primary operations are in the United Kingdom. If personal data is transferred outside the UK and EEA, we implement appropriate safeguards such as the UK International Data Transfer Agreement, standard contractual clauses, or reliance on adequacy regulations, unless a specific derogation applies. You may request further information about transfers by email.

Security measures

We use HTTPS where provided by hosting, access controls for accounts that handle messages, and staff training on confidentiality. No online transmission is completely risk-free; we assess risks in light of the nature of the data and the cost of implementation.

Your rights

Subject to conditions in the UK GDPR, you have the right to access, rectify, erase, restrict processing, object to processing, and data portability in certain cases. You also have the right to withdraw consent where processing is consent-based, without affecting the lawfulness of processing before withdrawal.

You may complain to the Information Commissioner’s Office (ICO), the UK supervisory authority. We encourage you to contact us first so we can try to resolve your concern.

Children

The website is not directed at children. If you believe we have collected data from a child without appropriate authority, please contact us and we will take steps to delete it where appropriate.

Changes to this policy

We may update this policy to reflect legal, technical, or organisational changes. The substantive “last updated” narrative will be revised in this section when material edits occur. Continued use of the site after notice, where required, constitutes acknowledgement of reasonable updates.