Privacy Policy.
Last updated: April 2026 · Version 1.0
Note: This policy has been prepared in good faith to reflect ARX's data practices under UK GDPR and PECR. It is not a substitute for legal advice. ARX recommends all parties seek independent legal counsel on data protection matters. This document will be reviewed and updated as the practice develops.
Who we are
ARX is a trading name operated as a joint venture between two independent limited companies. When this policy refers to "ARX", "we", "us" or "our", it refers to this joint venture operating under the ARX brand at wearearx.com.
Anchor & Dash Ltd
Company no. 10806622
ICO registration [ADD REGISTRATION NO.]
Contact laura@wearearx.com
Director Dr Laura Cartwright MCIM
Toyn Consultancy Ltd
Company no. 16137024
ICO registration [ADD REGISTRATION NO.]
Contact christopher@toynconsultancy.co.uk
Director Chris Toyn
Both companies act as joint data controllers in respect of personal data collected through wearearx.com and ARX client engagements. Each company also acts as an independent data controller in respect of data collected through their individual practices (anchoranddash.com and toynconsultancy.com respectively).
Our primary contact for data protection matters is: laura@wearearx.com
What personal data we collect
We collect personal data in the following ways:
Contact form submissions
When you complete the contact form on wearearx.com, we collect your name, business email address, company name, job title and any information you include in your message. This data is processed via HubSpot and stored in our CRM.
Email correspondence
When you email us directly, we retain that correspondence and any personal data contained within it for the purposes of responding to your enquiry and managing our business relationship.
HubSpot CRM
ARX uses HubSpot as its CRM platform. Contact details and engagement data for prospective and current clients are stored in HubSpot. HubSpot may set cookies on your device when you visit our website. See the Cookies section below for more detail.
Website analytics
Squarespace, the platform on which this website is built, collects anonymised analytics data about visitor behaviour. This data does not identify individuals. See Squarespace's privacy policy at squarespace.com/privacy for full details.
How we use your personal data
| Purpose | Legal basis | Retention |
|---|---|---|
| Responding to enquiries | Legitimate interests — responding to a direct request from you | 3 years from last contact |
| Managing client engagements | Contract performance — necessary to deliver services you have engaged us for | 7 years post-engagement (UK accounting requirements) |
| Business development follow-up | Legitimate interests — following up on expressed interest in our services | 3 years from last contact, or until you opt out |
| Legal and compliance obligations | Legal obligation — UK GDPR, Companies Act, HMRC requirements | As required by applicable law |
We do not use your personal data for automated decision-making or profiling. We do not sell your data to third parties. We do not use your data for purposes incompatible with those listed above.
Who we share your data with
We share personal data only where necessary and with appropriate safeguards in place. The third parties we use are:
- HubSpot Inc. — our CRM and marketing platform. HubSpot processes data on our behalf under a Data Processing Agreement. HubSpot is certified under the EU-US Data Privacy Framework. See HubSpot's privacy policy at legal.hubspot.com/privacy-policy.
- Squarespace Inc. — our website platform. Squarespace processes limited data in connection with website hosting and analytics. See squarespace.com/privacy.
- Google LLC — we use Google Search Console for website performance monitoring. Google's privacy policy is at policies.google.com/privacy.
- Elfsight — we use Elfsight widgets on our website. See elfsight.com/privacy-policy.
We do not transfer your personal data outside the UK or EEA except where the recipient has appropriate safeguards in place (such as Standard Contractual Clauses or participation in the UK-US Data Bridge). HubSpot and Squarespace both maintain appropriate transfer mechanisms.
Cookies
This website uses cookies. A cookie is a small text file placed on your device when you visit a website. We use the following types of cookies:
| Cookie type | Purpose | Set by |
|---|---|---|
| Essential | Required for the website to function — session management, security | Squarespace |
| Analytics | Anonymised visitor behaviour data to help us understand how the site is used | Squarespace |
| Marketing / tracking | Tracking of form submissions, contact behaviour and CRM activity | HubSpot |
| Third-party widgets | Functionality cookies for embedded widgets on the site | Elfsight |
You can control cookies through your browser settings. Disabling cookies may affect your experience of this website. For more information about managing cookies, visit aboutcookies.org.
Your rights under UK GDPR
Under UK GDPR you have the following rights in relation to your personal data:
- Right of access — you can request a copy of the personal data we hold about you.
- Right to rectification — you can ask us to correct inaccurate or incomplete data.
- Right to erasure — you can ask us to delete your personal data where we have no legitimate reason to continue holding it.
- Right to restrict processing — you can ask us to limit how we use your data in certain circumstances.
- Right to data portability — you can ask us to provide your data in a structured, machine-readable format.
- Right to object — you can object to processing based on legitimate interests, including direct marketing.
- Right to withdraw consent — where processing is based on consent, you can withdraw it at any time.
To exercise any of these rights, contact us at laura@wearearx.com. We will respond within one calendar month.
If you are not satisfied with our response, you have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk/make-a-complaint or by calling 0303 123 1113.
Data security
We take reasonable technical and organisational measures to protect your personal data against unauthorised access, loss or destruction. These include access controls on our CRM, secure email, and use of reputable third-party platforms with their own security certifications.
No method of transmission over the internet is completely secure. If you have concerns about the security of data you have shared with us, contact us at laura@wearearx.com.
Data breaches
In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the ICO within 72 hours of becoming aware of the breach, as required by UK GDPR. Where the breach is likely to result in a high risk to you, we will also notify you directly without undue delay.
Changes to this policy
We will update this policy as our practices evolve or as required by changes in law. The current version will always be available at wearearx.com/privacy. Material changes will be notified by updating the date at the top of this document.
Contact us
For any questions about this policy or how we handle your personal data:
- Email: laura@wearearx.com
- Phone: 0114 494 0178
- Website: wearearx.com
ARX is a trading name of Anchor & Dash Ltd (company no. 10806622) and Toyn Consultancy Ltd (company no. 16137024), operating as a joint venture.