Privacy
notice.
This notice explains what personal data the bureau collects on orchestrix.co.uk, why, for how long, and what you can do about it. It’s written in plain English because legalese is a failure of nerve. If anything here isn’t clear, email the bureau and it’ll get clearer.
One controller.
The data controller for this site is Alex Sais trading as Orchestrix, a sole-proprietor consultancy based in Nottingham, United Kingdom. Orchestrix is registered with the Information Commissioner’s Office under registration number [ICO_REG_NO].
For anything to do with privacy, data requests, or cookie choices, email [PRIVACY_EMAIL]. A human reads it, usually the same day, always within one UK business day. No ticket system.
- →Alex Sais t/a Orchestrix
- →Sole proprietor · Nottingham, UK
- →ICO registration [ICO_REG_NO]
- →Contact: [PRIVACY_EMAIL]
Four things.
The bureau tries to collect as little as possible. Here’s what actually lands in a database or a log file, and exactly when it does.
01 · Contact enquiries.
When you send a message through the form on /contact, the bureau collects your name, email, company (optional), and the message you typed. The form is submitted to a server-side route that runs bot detection, then forwards a clean payload to Formspree, which delivers the email to the bureau’s inbox. You can skip the form entirely by emailing the bureau directly.
02 · Bookings.
The 15-minute triage calendar is an embedded Google Calendar appointment schedule. When you click ‘load booking calendar’ and fill it in, Google handles the entire booking flow. The bureau only sees the resulting invite, the same as any other calendar event. Until you click load, the widget is not fetched and no Google cookies are set.
03 · Analytics.
If (and only if) you accept analytics cookies, the bureau collects pageviews, approximate location, device type, and referrer through Google Analytics 4. Microsoft Clarity also records the structure of your session, including mouse movement, scrolls, and clicks, with input fields masked by default. The full list and controls are in the cookie policy.
04 · Server logs.
The site runs on a self-hosted server in the United Kingdom and writes standard HTTP access logs: IP address, user agent string, requested path, status code, and timestamp. These are security and debugging logs, not analytics, and they run regardless of your cookie choice.
Every row has a
reason to exist.
UK GDPR says the bureau has to pick a lawful basis for each purpose it uses your data for, and tell you how long it’ll hold the data. Here’s the table.
The bureau reviews retention periods at least once a year. If a period changes, this notice changes with it.
Four suppliers.
The bureau uses a small set of well-known platforms to run this site. Each one is a data processor with a signed agreement. Nothing is sold, nothing is passed to advertisers, nothing goes to data brokers.
Takes the contact form submission and delivers it to the bureau’s inbox.
Google Analytics 4 measures pageviews if you accept analytics. Google Calendar hosts the booking widget if you click to load it.
Records session structure, heatmaps, and click paths if you accept analytics. Input fields are masked.
Provides the United Kingdom virtual private server the site runs on. Writes standard HTTP access logs (IP, user agent, path, status, timestamp) for security and debugging.
All four processors operate in the United States. Transfers of personal data from the UK to the US rely on the UK Extension to the EU-US Data Privacy Framework where the processor is self-certified, and on the UK International Data Transfer Agreement or Standard Contractual Clauses with UK addendum otherwise. Copies of the relevant safeguards are available on request to [PRIVACY_EMAIL].
Eight rights,
all free.
UK GDPR gives you specific rights over the personal data the bureau holds about you. None of them cost anything. None of them require a solicitor. The bureau will respond within one calendar month of receiving your request.
Access.
Ask for a copy of the personal data the bureau holds about you.
Rectification.
Ask for anything inaccurate or out of date to be corrected.
Erasure.
Ask for your data to be deleted, where there’s no overriding reason to keep it.
Restriction.
Ask the bureau to stop using your data while a question about it is being sorted out.
Objection.
Object to processing that relies on legitimate interests, including the way server logs are used.
Portability.
Ask for a copy of what you’ve given the bureau in a machine-readable format.
Withdraw consent.
Change your mind on analytics any time from the footer link. It won’t affect anything the bureau already did lawfully before you changed it.
No automated decisions.
The bureau doesn’t make any decisions about you by algorithm. A human reads every enquiry.
Email [PRIVACY_EMAIL] with what you want and enough detail for the bureau to find your data. No specific form is required. The bureau may need to verify you are who you say you are before releasing any personal data, which usually means a short exchange of emails.
If you’re not happy with how the bureau has handled your data, you have the right to complain to the Information Commissioner’s Office. Their website is ico.org.uk, their helpline is 0303 123 1113, and their registered address is Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF.
Separate policy.
Because the detail matters, the full list of cookies and similar technologies lives on its own page. It has the cookie names, who sets them, how long they live, and what happens when you decline.
Read the cookie policyNot for under-18s.
This site is aimed at UK businesses. It isn’t directed at children, and the bureau doesn’t knowingly collect personal data from anyone under 18. If you believe a child has submitted data through the contact form, email [PRIVACY_EMAIL]and it’ll be deleted.
How updates work.
The bureau will update this notice when anything material changes. The ‘last updated’ date at the top of the page moves when it does. If a change affects what the bureau collects or who it shares data with, the cookie banner will reappear so you can review your choice.
Still got a
question?
Legal notices are meant to be read, not hidden. If something on this page isn’t clear, or you want to exercise one of the rights above, email [PRIVACY_EMAIL]. One inbox, one reply, one UK business day.