Privacy Policy

Last updated: 2025-12-31 · Effective: 2025-01-30

Your privacy is important to us. This Privacy Policy explains how DGTL.TECH collects, uses, discloses, and protects your personal data when you use our website and services. We are committed to transparency and to processing your data lawfully, fairly, and in accordance with applicable data protection laws.

1. Introduction

1.1 About This Policy

This Privacy Policy applies to all personal data processed by DGTL.TECH in connection with our website (dgtl.tech and its subdomains), services, applications, and business operations. It describes our practices regarding the collection, use, storage, sharing, and protection of personal data.

1.2 Scope

This Policy applies to:

• Visitors to our website
• Customers and users of our services
• Business contacts and prospective customers
• Job applicants
• Suppliers, vendors, and contractors
• Any other individuals whose personal data we process

1.3 Applicable Laws

We process personal data in compliance with applicable data protection laws, including:

• The EU General Data Protection Regulation 2016/679 (EU GDPR)
• The UK General Data Protection Regulation (UK GDPR) and Data Protection Act 2018
• The California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA)
• Other applicable US state privacy laws (Virginia CDPA, Colorado CPA, Connecticut CTDPA)
• The Privacy and Electronic Communications Regulations (PECR)

1.4 Agreement

By accessing our website or using our services, you acknowledge that you have read and understood this Privacy Policy. Where we rely on consent as a lawful basis for processing, we will obtain your explicit consent. For other processing activities, your continued use of our services constitutes acknowledgment of this Policy.

2. Definitions

In this Privacy Policy, unless the context otherwise requires:

"Controller" means the natural or legal person which determines the purposes and means of the processing of personal data.

"Data Protection Laws" means all applicable laws relating to the processing of personal data, including the EU GDPR, UK GDPR, CCPA/CPRA, and other applicable privacy legislation.

"Data Subject" means an identified or identifiable natural person whose personal data is processed.

"DGTL.TECH", "we", "us", or "our" means DGTL TECH UK LLP (registered in England and Wales, company number OC434843) and/or DGTL TECH LLC (organized in Wyoming, USA), as applicable based on the context of the processing activity.

"Personal Data" means any information relating to an identified or identifiable natural person. An identifiable person is one who can be identified, directly or indirectly, by reference to an identifier such as a name, identification number, location data, online identifier, or factors specific to their identity.

"Processing" means any operation performed on personal data, including collection, recording, organization, storage, adaptation, retrieval, consultation, use, disclosure, dissemination, alignment, combination, restriction, erasure, or destruction.

"Processor" means a natural or legal person which processes personal data on behalf of the controller.

"Services" means all products, services, and functionalities provided by DGTL.TECH, including hosting services, cloud infrastructure, domain registration, and related services.

"Site" means the DGTL.TECH website at dgtl.tech and all associated subdomains.

"Special Category Data" means personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data, health data, or data concerning sex life or sexual orientation.

"Sub-processor" means any processor engaged by DGTL.TECH to process personal data on behalf of a customer.

3. Data Controller

3.1 Controller Identity

The data controller for personal data processed under this Privacy Policy is the DGTL.TECH entity with which you have contracted, as identified on your invoice, Service Order, or in your Account settings:

If you are unsure which entity is your data controller, please refer to your most recent invoice or contact us.

3.2 Data Protection Contact

For all privacy-related inquiries, requests, and complaints, please contact our Data Protection Officer at:

Email:

3.3 Controller vs. Processor Roles

DGTL.TECH acts in different capacities depending on the context:

As a Controller: We act as a data controller when we collect and process personal data for our own purposes, such as managing customer accounts, billing, marketing, and website analytics.

As a Processor: We act as a data processor when our customers use our services to process personal data of their own users or customers. In this case, our customers are the controllers, and we process data according to their instructions. Our processing activities as a processor are governed by our Terms of Service and any applicable data processing agreements.

4. Personal Data We Collect

4.1 Categories of Personal Data

We collect and process the following categories of personal data:

(a) Identity Data: Name, username, title, date of birth, government-issued identification numbers (where required for verification).

(b) Contact Data: Email address, postal address, telephone number, social media handles.

(c) Account Data: Account credentials, account settings, preferences, and authentication information.

(d) Financial Data: Payment card details, bank account information, billing address, transaction history, invoices.

(e) Technical Data: IP address, browser type and version, operating system, device identifiers, time zone settings, location data (derived from IP address), and other technical information collected through cookies and similar technologies.

(f) Usage Data: Information about how you use our website and services, including pages visited, features used, clickstream data, session duration, and interaction patterns.

(g) Communication Data: Records of communications with us, including support tickets, emails, chat transcripts, and call recordings (where notified).

(h) Marketing Data: Preferences regarding receiving marketing communications, communication history, and response data.

(i) Professional Data: Job title, employer name, professional qualifications, work history (for job applicants).

(j) Verification Data: Identity documents, proof of address, selfie verification images (for compliance and fraud prevention purposes).

4.2 Special Category Data

We do not intentionally collect Special Category Data. If you provide such data to us (for example, in support communications), we will process it only where necessary and with appropriate safeguards. We do not use Special Category Data for automated decision-making or profiling.

4.3 Data About Others

If you provide us with personal data about other individuals (such as employees or contacts), you represent that you have the authority to do so and have informed them about how their data will be processed in accordance with this Policy.

5. How We Collect Personal Data

5.1 Data You Provide

We collect personal data that you provide directly to us when you:

• Create an account or register for our services
• Place an order or make a purchase
• Complete forms on our website
• Contact our support team
• Subscribe to newsletters or marketing communications
• Participate in surveys or promotions
• Apply for employment
• Correspond with us by email, phone, or chat

5.2 Data Collected Automatically

When you visit our website or use our services, we automatically collect certain data through cookies, server logs, and similar technologies:

• Device and browser information
• IP address and approximate location
• Pages visited and navigation patterns
• Time and date of access
• Referring website or source
• Service usage patterns and metrics

5.3 Data from Third Parties

We may receive personal data from third-party sources, including:

• Payment processors: Transaction and payment verification data
• Identity verification services: Verification results and fraud indicators
• Business partners: Referral information
• Public sources: Publicly available business information, company registries
• Social media platforms: If you connect your account or interact with us via social media

When we receive data from third parties, we require that they have collected and shared it lawfully and in compliance with applicable Data Protection Laws.

6. Purposes of Processing

6.1 Service Delivery

• Creating and managing your account
• Processing orders and providing services
• Billing, invoicing, and payment processing
• Providing technical support and customer service
• Communicating about your account and services
• Maintaining and improving service quality

6.2 Security and Fraud Prevention

• Verifying your identity
• Detecting and preventing fraud, abuse, and unauthorized access
• Protecting the security of our systems and services
• Investigating and responding to security incidents
• Enforcing our terms of service

6.3 Legal and Compliance

• Complying with legal and regulatory obligations
• Responding to lawful requests from authorities
• Establishing, exercising, or defending legal claims
• Meeting anti-money laundering (AML) and know-your-customer (KYC) requirements
• Maintaining records as required by law

6.4 Business Operations

• Managing business relationships
• Internal administration and recordkeeping
• Financial reporting and auditing
• Business planning and strategy

6.5 Marketing and Communications

• Sending marketing communications (with your consent where required)
• Personalizing content and recommendations
• Conducting market research and analysis
• Managing marketing preferences

6.6 Website and Service Improvement

• Analyzing usage patterns and trends
• Developing new features and services
• Testing and quality assurance
• Optimizing user experience

7. Lawful Bases for Processing

7.1 Overview

Under the GDPR and UK GDPR, we must have a lawful basis for processing your personal data. The lawful bases we rely on are:

7.2 Contract Performance

Article 6(1)(b) GDPR: Processing is necessary for the performance of a contract with you or to take steps at your request before entering into a contract.

We rely on this basis for:

• Account creation and management
• Service provisioning and delivery
• Billing and payment processing
• Customer support
• Service-related communications

7.3 Legal Obligation

Article 6(1)(c) GDPR: Processing is necessary for compliance with a legal obligation to which we are subject.

We rely on this basis for:

• Tax and accounting requirements
• Anti-money laundering (AML) compliance
• Know-your-customer (KYC) verification
• Responding to lawful data requests from authorities
• Record retention as required by law

7.4 Legitimate Interests

Article 6(1)(f) GDPR: Processing is necessary for our legitimate interests or those of a third party, except where such interests are overridden by your interests or fundamental rights.

We rely on this basis for:

• Fraud detection and prevention
• Network and information security
• Business analytics and service improvement
• Direct marketing to existing customers (B2B)
• Debt recovery
• Business transfers (mergers, acquisitions)

We have conducted legitimate interest assessments for each of these activities. You may request information about these assessments by contacting us.

7.5 Consent

Article 6(1)(a) GDPR: You have given consent to the processing of your personal data for one or more specific purposes.

We rely on this basis for:

• Marketing communications (where consent is required)
• Non-essential cookies and tracking technologies
• Processing of Special Category Data (if applicable)
• Any other processing where we have specifically requested your consent

Where we rely on consent, you have the right to withdraw consent at any time. Withdrawal of consent does not affect the lawfulness of processing before withdrawal.

7.6 Vital Interests

Article 6(1)(d) GDPR: Processing is necessary to protect the vital interests of you or another person. We may rely on this basis in exceptional emergency situations.

7.7 Summary Table

8. Data Retention

8.1 Retention Principles

We retain personal data only for as long as necessary to fulfill the purposes for which it was collected, including to satisfy legal, regulatory, accounting, or reporting requirements. To determine the appropriate retention period, we consider:

• The nature and sensitivity of the data
• The purposes for which we process it
• Applicable legal and regulatory requirements
• Potential risk of harm from unauthorized use or disclosure
• Whether the purposes can be achieved through anonymization

8.2 Retention Periods

8.3 Anonymization and Deletion

When personal data is no longer required, we will securely delete or anonymize it. Anonymized data (from which you cannot be identified) may be retained indefinitely for statistical and analytical purposes.

9. Sharing of Personal Data

9.1 Categories of Recipients

We may share your personal data with the following categories of recipients:

(a) Service Providers: Third-party companies that provide services on our behalf, including:

• Cloud infrastructure and hosting providers
• Payment processors and financial institutions
• Customer support platforms
• Email and communication services
• Analytics providers
• Identity verification services

(b) Professional Advisors: Lawyers, accountants, auditors, and insurers who provide professional services to us.

(c) Regulatory and Legal Authorities: Government bodies, regulators, law enforcement agencies, and courts where required by law or to protect our legal rights.

(d) Business Transferees: Potential or actual buyers, investors, or successors in connection with a merger, acquisition, reorganization, or sale of assets.

(e) Affiliated Entities: Other DGTL.TECH entities for internal administrative purposes and service delivery.

9.2 Safeguards

When we share personal data with third parties, we:

• Share only the data necessary for the specific purpose
• Require recipients to protect data in accordance with this Policy
• Enter into data processing agreements where required
• Ensure appropriate international transfer mechanisms are in place

9.3 No Sale of Personal Data

We do not sell your personal data to third parties. We do not share personal data with third parties for their own direct marketing purposes without your explicit consent.

10. International Data Transfers

10.1 Transfer Locations

Your personal data may be transferred to and processed in countries outside your country of residence, including:

• United Kingdom
• United States
• European Economic Area (EEA) countries
• Other countries where our service providers operate

10.2 Transfer Mechanisms

When we transfer personal data outside the EEA or UK to countries not recognized as providing an adequate level of protection, we ensure appropriate safeguards are in place:

(a) Standard Contractual Clauses (SCCs): We use the European Commission's Standard Contractual Clauses for transfers from the EEA and the UK International Data Transfer Addendum for transfers from the UK.

(b) Adequacy Decisions: We may transfer data to countries that have received an adequacy decision from the European Commission or UK government.

(c) Binding Corporate Rules: Where applicable, transfers within our corporate group are governed by binding corporate rules.

(d) Derogations: In limited circumstances, we may rely on derogations under Article 49 GDPR, such as your explicit consent or the necessity of the transfer for contract performance.

10.3 Transfer Impact Assessments

For transfers relying on SCCs, we conduct transfer impact assessments to evaluate the legal framework in the destination country and implement supplementary measures where necessary to ensure an essentially equivalent level of protection.

10.4 Your Rights

You may request a copy of the safeguards we use for international transfers by contacting us at .

11. Data Security

11.1 Security Measures

We implement appropriate technical and organizational measures to protect personal data against unauthorized access, alteration, disclosure, or destruction. These measures include:

Technical Measures:

• Encryption of data in transit (TLS/SSL) and at rest
• Firewalls and intrusion detection systems
• Access controls and authentication mechanisms
• Regular security testing and vulnerability assessments
• Secure software development practices
• Backup and disaster recovery procedures

Organizational Measures:

• Security policies and procedures
• Staff training on data protection and security
• Access limited to authorized personnel on a need-to-know basis
• Confidentiality obligations for all staff
• Regular security audits and reviews
• Incident response procedures

11.2 Your Responsibilities

While we take extensive measures to protect your data, security is a shared responsibility. You should:

• Use strong, unique passwords for your account
• Enable multi-factor authentication where available
• Keep your credentials confidential
• Notify us immediately of any suspected unauthorized access
• Keep your devices and software up to date

11.3 Limitations

No method of transmission over the Internet or electronic storage is completely secure. While we strive to protect your personal data, we cannot guarantee absolute security. Transmission of personal data to our Site is at your own risk.

12. Your Rights

12.1 Rights Under GDPR and UK GDPR

If you are located in the EEA or UK, you have the following rights regarding your personal data:

(a) Right of Access (Article 15): You have the right to obtain confirmation of whether we process your personal data and to request a copy of that data, along with information about how we process it.

(b) Right to Rectification (Article 16): You have the right to request correction of inaccurate personal data and completion of incomplete data.

(c) Right to Erasure (Article 17): You have the right to request deletion of your personal data in certain circumstances, including when the data is no longer necessary, you withdraw consent, or you object to processing.

(d) Right to Restriction (Article 18): You have the right to request restriction of processing in certain circumstances, such as when you contest accuracy or object to processing.

(e) Right to Data Portability (Article 20): You have the right to receive your personal data in a structured, commonly used, machine-readable format and to transmit it to another controller, where processing is based on consent or contract and carried out by automated means.

(f) Right to Object (Article 21): You have the right to object to processing based on legitimate interests, including profiling, and to processing for direct marketing purposes.

(g) Rights Related to Automated Decision-Making (Article 22): You have the right not to be subject to a decision based solely on automated processing, including profiling, that produces legal or similarly significant effects, except in limited circumstances.

(h) Right to Withdraw Consent: Where processing is based on consent, you have the right to withdraw consent at any time without affecting the lawfulness of processing before withdrawal.

12.2 Exercising Your Rights

To exercise any of these rights, please contact us at . We will respond to your request within one (1) month, extendable by two (2) additional months for complex requests. We will inform you of any extension within the first month.

12.3 Identity Verification

To protect your privacy, we may need to verify your identity before responding to requests. We may request additional information to confirm your identity. If we cannot verify your identity, we may be unable to fulfill your request.

12.4 Fees and Refusals

We provide responses to rights requests free of charge. However, we may charge a reasonable fee or refuse to act on manifestly unfounded or excessive requests, particularly if repetitive. Where we refuse a request, we will explain the reasons and inform you of your right to complain to a supervisory authority.

12.5 Third-Party Data

When fulfilling access requests, we will not disclose information that would adversely affect the rights and freedoms of others without their consent or another lawful basis.

13. Automated Decision-Making

13.1 Use of Automated Processing

We may use automated processing in the following contexts:

(a) Fraud Detection: We use automated systems to detect potentially fraudulent transactions and account activity. These systems analyze patterns and risk indicators to flag suspicious activity for review.

(b) Service Provisioning: Certain services are provisioned automatically based on your order and account information.

(c) Credit Assessment: For certain services, we may use automated tools to assess creditworthiness.

13.2 Human Oversight

Where automated processing may result in decisions with significant effects on you (such as account suspension or service denial), we ensure human review is available. You have the right to:

• Request human review of automated decisions
• Express your point of view
• Contest the decision

13.3 Profiling

We may use profiling (automated analysis of personal data to evaluate certain aspects) for fraud prevention and service optimization. We do not use profiling for decisions that produce legal or similarly significant effects without human involvement, unless permitted by law or with your explicit consent.

14. Cookies and Tracking Technologies

14.1 What Are Cookies

Cookies are small text files placed on your device when you visit our website. We also use similar technologies such as pixels, web beacons, and local storage.

14.2 Types of Cookies We Use

(a) Strictly Necessary Cookies: Essential for the website to function. These cannot be disabled.

(b) Functional Cookies: Remember your preferences and settings (e.g., theme, language).

(c) Analytics Cookies: Help us understand how visitors use our website.

(d) Live Chat Cookies: Enable our live chat support functionality.

14.3 Your Choices

When you first visit our website, you will be presented with a cookie consent banner allowing you to accept or reject non-essential cookies. You can change your preferences at any time through our cookie settings.

14.4 More Information

For detailed information about the cookies we use and how to manage them, please see our Cookies Policy.

14.5 Do Not Track

Some browsers include a "Do Not Track" (DNT) feature. There is no universally accepted standard for how to respond to DNT signals. Currently, our website does not respond to DNT signals. However, you can manage tracking through our cookie consent mechanism and browser settings.

15. Children's Privacy

15.1 Age Restrictions

Our services are not directed to children under the age of eighteen (18). We do not knowingly collect personal data from children under 18. If you are under 18, please do not use our services or provide any personal data to us.

15.2 Parental Rights

If you are a parent or guardian and believe that your child has provided personal data to us, please contact us immediately at . We will take steps to delete such information from our systems.

15.3 Discovery of Child Data

If we become aware that we have collected personal data from a child under 18 without appropriate parental consent, we will take steps to delete that data as soon as possible.

16. California Privacy Rights (CCPA/CPRA)

16.1 Scope

This section applies to California residents and supplements the rest of this Privacy Policy. It describes our practices regarding personal information as defined by the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA).

16.2 Categories of Personal Information

In the preceding twelve (12) months, we have collected the following categories of personal information:

16.3 Sources of Personal Information

We collect personal information from: (a) directly from you; (b) automatically through your use of our services; (c) third-party service providers; and (d) publicly available sources.

16.4 Purposes for Collection and Use

We use personal information for the business and commercial purposes described in Section 6 of this Policy, including: service delivery, security, legal compliance, business operations, and marketing.

16.5 Disclosure of Personal Information

We may disclose personal information to the categories of recipients described in Section 9 for business purposes. We do not sell personal information as defined by the CCPA.

16.6 Your California Rights

As a California resident, you have the following rights:

(a) Right to Know: You have the right to request that we disclose:

• The categories of personal information we collected about you
• The categories of sources from which we collected information
• Our business or commercial purpose for collecting or selling information
• The categories of third parties with whom we share information
• The specific pieces of personal information we collected about you

(b) Right to Delete: You have the right to request deletion of personal information we collected from you, subject to certain exceptions.

(c) Right to Correct: You have the right to request correction of inaccurate personal information.

(d) Right to Opt-Out of Sale/Sharing: You have the right to opt out of the sale or sharing of your personal information. We do not sell personal information. If this changes, we will provide a "Do Not Sell or Share My Personal Information" link.

(e) Right to Limit Use of Sensitive Personal Information: You have the right to limit the use and disclosure of sensitive personal information to purposes necessary to perform our services.

(f) Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights.

16.7 Exercising Your Rights

To exercise your California privacy rights, please submit a request to . You may also designate an authorized agent to make a request on your behalf. We will verify your identity before processing your request.

16.8 Response Timing

We will respond to verifiable consumer requests within forty-five (45) days, extendable by an additional forty-five (45) days when reasonably necessary, with notice.

16.9 Shine the Light

Under California Civil Code Section 1798.83 ("Shine the Light"), California residents may request information about the disclosure of personal information to third parties for direct marketing purposes. We do not disclose personal information to third parties for their direct marketing purposes.

17. Other US State Privacy Rights

17.1 Virginia (VCDPA)

Virginia residents have rights similar to California residents, including the rights to access, correct, delete, and obtain a copy of their personal data, and to opt out of targeted advertising, sale, and profiling. To exercise these rights, contact us at .

17.2 Colorado (CPA)

Colorado residents have rights to access, correct, delete, and obtain a portable copy of their personal data, and to opt out of targeted advertising, sale, and profiling. To exercise these rights, contact us at .

17.3 Connecticut (CTDPA)

Connecticut residents have similar rights including access, correction, deletion, portability, and opt-out rights. To exercise these rights, contact us at .

17.4 Appeals

If we decline your privacy request, you may appeal by contacting us within a reasonable time. We will respond to appeals within the timeframes required by applicable law.

18. Data Breach Notification

18.1 Breach Response

We maintain incident response procedures to address personal data breaches. In the event of a breach, we will:

• Assess the nature and scope of the breach
• Contain the breach and mitigate harm
• Evaluate the risk to affected individuals
• Notify relevant parties as required
• Document the breach and our response

18.2 Regulatory Notification

Where required by applicable Data Protection Laws, we will notify the relevant supervisory authority of a personal data breach without undue delay and, where feasible, within seventy-two (72) hours of becoming aware of it, unless the breach is unlikely to result in a risk to your rights and freedoms.

18.3 Individual Notification

Where a breach is likely to result in a high risk to your rights and freedoms, we will notify you without undue delay. Notification will describe the nature of the breach, the likely consequences, and the measures taken or proposed to address it.

18.4 Exceptions

We may not be required to notify you directly if: (a) we have implemented appropriate protective measures (such as encryption) that render the data unintelligible; (b) subsequent measures have eliminated the high risk; or (c) direct notification would involve disproportionate effort, in which case we will make a public communication.

19. Sub-processors

19.1 Use of Sub-processors

We use a limited number of third-party sub-processors to assist in providing our services. All sub-processors are bound by contractual obligations to process personal data only as instructed and to implement appropriate security measures.

19.2 Sub-processor Categories

We engage third-party sub-processors in the following categories:

19.3 Self-Hosted Services

The following services are operated on our own infrastructure and do not involve third-party sub-processors:

• Live chat — Self-hosted on our infrastructure
• Email services — Self-hosted mail servers for transactional communications
• Cryptocurrency payments — Self-hosted payment processing without third-party intermediaries

19.4 No Analytics

We do not use any third-party analytics, tracking, or advertising services on our website or within our services.

19.5 Sub-processor Changes

We may update our sub-processors from time to time. Where we engage new sub-processors, we ensure they meet our security and data protection requirements. Material changes to sub-processors will be reflected in updates to this Privacy Policy.

20. Complaints

20.1 Contact Us First

If you have concerns or complaints about our handling of your personal data, please contact us first at . We take all complaints seriously and will investigate and respond promptly.

20.2 Supervisory Authorities

You have the right to lodge a complaint with a data protection supervisory authority. The relevant authority depends on your location:

20.3 Response Time

We will acknowledge complaints within five (5) business days and provide a substantive response within thirty (30) days. If we need more time, we will inform you and explain the reasons for the delay.

21. Changes to This Policy

21.1 Updates

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or for other operational reasons. The "Last updated" date at the top of this Policy indicates when it was last revised.

21.2 Notification of Changes

For material changes that significantly affect how we process your personal data, we will provide notice through one or more of the following methods:

• Posting a prominent notice on our website
• Sending an email to the address associated with your account
• Displaying a notification in your account dashboard

21.3 Review

We encourage you to review this Policy periodically to stay informed about our data practices. Your continued use of our services after changes become effective constitutes acknowledgment of the revised Policy.

22. Contact Information

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

We aim to respond to all inquiries within a reasonable timeframe and in accordance with applicable Data Protection Laws.