RUNIX DATA LTD ("we", "us", "our", "the Company") is committed to protecting and respecting the privacy of all individuals who interact with our website, our services and our business operations. This Privacy Policy explains how we collect, use, disclose and safeguard personal information about you when you visit our website at runixdata.guru, when you contact us, and when you engage us to provide any of our services.
This policy has been prepared in accordance with the United Kingdom General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, the Privacy and Electronic Communications Regulations 2003 (PECR) and all other applicable data protection legislation in force in England and Wales. By using our website or engaging with our services, you acknowledge that you have read, understood and agree to be bound by the terms of this Privacy Policy.
We encourage you to read this Privacy Policy carefully and to contact us if you have any questions about how we handle your personal data. Your privacy is important to us, and we take our obligations as a data controller seriously. We will always process your personal data lawfully, fairly and transparently, and we will only collect data that is adequate, relevant and limited to what is necessary for the purposes for which it is processed.
This Privacy Policy applies to all personal data processed by RUNIX DATA LTD in the context of our business activities, including data collected through our website, data provided to us directly by prospective and current clients, data processed in the course of delivering our VR application development services, and data processed in connection with our contractual and administrative obligations.
RUNIX DATA LTD is a company registered in England and Wales. Our registered office address is 63 Ladys Gift Road, Tunbridge Wells, Kent, TN4 0JT, United Kingdom. For the purposes of applicable data protection legislation, RUNIX DATA LTD is the data controller in respect of personal data collected and processed through this website and in connection with our services.
We are registered with the Information Commissioner's Office (ICO) as a data controller, in accordance with the requirements of the Data Protection Act 2018. Our ICO registration covers all processing activities described in this Privacy Policy.
Our website address is runixdata.guru. For all data protection enquiries, you may contact us by email at PavanKumar@runixdata.guru or by post at the registered office address stated above. We will acknowledge your enquiry within five working days and provide a substantive response within one calendar month in accordance with our obligations under Article 12 of UK GDPR.
Where a data protection officer (DPO) is required by applicable law, we will appoint and notify you of their contact details. At the date of this policy, we do not meet the threshold conditions requiring mandatory DPO appointment under Article 37 of UK GDPR. However, all data protection responsibilities are managed at director level within the Company and we take our obligations with the utmost seriousness.
When you submit a project brief, enquiry or contact form on our website, we collect the personal data you provide, which typically includes your full name, your email address, and the content of your message or brief. We may also collect your telephone number if you provide it, and the name of your institution or organisation where relevant to the context of your enquiry.
When we enter into a client engagement with you, we collect additional personal data necessary to administer the contractual relationship. This may include your job title and role within your organisation, your postal address and billing address, bank account or payment details (processed through secure third-party payment processors), correspondence exchanged during the project, and any other information you provide to us in the course of the engagement that may contain personal data.
If you apply for employment with RUNIX DATA LTD or submit a speculative application, we collect the personal data contained in your application, curriculum vitae and supporting documentation. This data is processed separately from our client data and is subject to additional processing controls described in our internal recruitment privacy procedures.
When you visit our website at runixdata.guru, our hosting infrastructure and analytics systems automatically collect certain technical information about your visit. This includes your Internet Protocol (IP) address, the type and version of your web browser, the operating system and device type you are using, the pages of our website you visit, the time and date of each visit, the referring website (if you arrived from an external link), and certain technical performance metrics about how our pages are rendered on your device.
This automatically collected data is used primarily for the purpose of maintaining the security and integrity of our website, understanding how visitors interact with our content, diagnosing technical faults and improving the user experience. Where this data constitutes personal data under UK GDPR (for example, where an IP address is capable of identifying an individual), it is processed on the lawful basis described in Section 5 below.
We use cookies and similar tracking technologies on our website. Full details of the cookies we use, the purposes for which they are used, and your options for controlling them are set out in our Cookie Policy, which is available at cookie-policy.html and forms part of this Privacy Policy framework.
In certain circumstances, we may receive personal data about you from third parties. For example, a colleague or another individual at your institution may provide your contact details to us when making an initial enquiry on behalf of your organisation. We may also receive data about prospective clients from industry databases, public professional registers, conference attendance records or referrals from existing clients. Where we receive your data from a third party, we will inform you within a reasonable period and in any event within one calendar month of receiving it, unless notification is impossible or would involve disproportionate effort.
We will also receive personal data from our suppliers, contractors and subprocessors in the ordinary course of business operations, including invoices containing contact details, correspondence from service providers, and data provided by software-as-a-service platforms we use in our operations. This data is treated with the same standards of care as data we collect directly.
We use personal data collected through our website and in connection with our business for the following purposes:
We will not use your personal data for purposes that are incompatible with the original purpose for which it was collected, unless we have obtained your consent to do so or are required or permitted by applicable law.
In accordance with the requirements of UK GDPR, we process personal data only where we have a valid lawful basis for doing so. The lawful bases upon which we rely for the various processing activities described in this Privacy Policy are as follows:
Where you have entered into a contract with us for the provision of services, or where you have requested that we take steps to enter into a contract with you, we process the personal data necessary to perform our obligations under that contract and to enable you to exercise your rights under it. This includes all data processing activities associated with project delivery, invoicing, communication and post-delivery support.
We process certain personal data on the basis of our legitimate interests as a business, where those interests are not overridden by your interests, rights or freedoms. Our legitimate interests include the operation of our website, responding to pre-contractual enquiries, maintaining client relationships, protecting the security of our systems, sending certain business-to-business marketing communications to existing clients, and analysing and improving our services and website. We have conducted a legitimate interests assessment for each category of processing undertaken on this basis and are satisfied that our interests are proportionate and balanced against the relevant privacy interests.
We process certain personal data where we are required to do so by applicable law, including tax and accounting requirements, anti-money laundering obligations, and any other mandatory reporting or record-keeping obligations imposed by statute or regulation in England and Wales.
Where we rely on your consent as the lawful basis for processing, we will obtain that consent clearly and separately before processing commences. Where consent is the lawful basis, you have the right to withdraw it at any time without detriment. Withdrawal of consent will not affect the lawfulness of any processing carried out prior to its withdrawal. You can withdraw your consent by contacting us at PavanKumar@runixdata.guru.
We do not retain personal data for longer than is necessary for the purpose for which it was collected and processed. Our data retention periods are determined by reference to our contractual obligations, legal requirements and legitimate business interests.
Project enquiries and pre-contractual correspondence that did not result in an engagement are retained for a period of twelve months from the date of the last communication, after which they are securely deleted or anonymised. This retention period reflects our legitimate interest in being able to refer to past enquiries in the event of a subsequent approach.
Personal data processed in connection with a client engagement is retained for a period of six years from the date of the final invoice or the end of the contractual relationship, whichever is later. This retention period reflects our obligations under UK tax law, the Limitation Act 1980 (which imposes a six-year limitation period on most contractual claims), and our legitimate interest in maintaining adequate records of our completed work.
Financial and accounting records, including invoices, payment records and bank statements, are retained for a minimum of six years from the end of the relevant tax year, in accordance with HMRC requirements.
Website analytics data is retained in aggregated and anonymised form for up to twenty-four months from the date of collection. Data that can identify individual visitors is retained for no longer than thirteen months.
Where we are required by law to retain data for a longer period, we will do so. Where retention is no longer necessary and no legal obligation requires continued storage, we will securely delete or anonymise the data without undue delay.
We do not sell, rent or trade personal data to third parties for their own marketing purposes. We share personal data with third parties only in the following circumstances:
We do not share personal data with other businesses for joint marketing purposes or with data brokers or list providers.
The United Kingdom, following its departure from the European Union, maintains its own data protection regime under the Data Protection Act 2018 and UK GDPR. Where we transfer personal data to countries or territories outside the United Kingdom, we ensure that appropriate safeguards are in place in accordance with Chapter V of UK GDPR and the applicable decisions of the UK Information Commissioner's Office.
Where we transfer data to processors located in countries that benefit from an adequacy decision from the UK Secretary of State, no additional safeguards are required beyond the standard contractual obligations we impose on all processors. Where no adequacy decision is in force, we rely on approved standard contractual clauses, binding corporate rules, or other approved transfer mechanisms as appropriate.
Some of the software-as-a-service platforms we use for our business operations may process data on servers located in the United States or other jurisdictions. In each case, we verify that adequate safeguards are in place before using such services and include appropriate data transfer provisions in our contracts with those providers.
You may request information about our specific international transfer mechanisms by contacting us at PavanKumar@runixdata.guru.
Under UK GDPR, you have a number of important rights in relation to your personal data. These rights are summarised below. You can exercise any of these rights by contacting us at PavanKumar@runixdata.guru or by post at 63 Ladys Gift Road, Tunbridge Wells, Kent, TN4 0JT. We will respond to your request without undue delay and in any event within one calendar month, unless the complexity or volume of requests warrants an extension of up to a further two months, in which case we will notify you accordingly.
You have the right to obtain confirmation of whether we process personal data about you, and if so, to receive a copy of that data along with certain information about how it is processed. This is known as a Subject Access Request (SAR). We will provide this information free of charge in most circumstances. We may charge a reasonable fee or refuse to respond where requests are manifestly unfounded or excessive.
You have the right to require us to correct any personal data about you that is inaccurate, and to complete any personal data about you that is incomplete, taking into account the purposes of the processing.
You have the right to request the deletion of personal data about you in certain circumstances, including where the data is no longer necessary for the purpose for which it was collected, where you withdraw consent (where consent is the lawful basis), where you object to processing based on legitimate interests and there are no overriding legitimate grounds, or where the processing is unlawful. This right is subject to limitations where retention is required by law or for the establishment, exercise or defence of legal claims.
You have the right to request that we restrict the processing of your personal data in certain circumstances, for example, where you contest the accuracy of the data, where the processing is unlawful but you prefer restriction to erasure, or where we no longer need the data but you require it for legal claims.
Where processing is based on consent or on contract performance and is carried out by automated means, you have the right to receive your personal data in a structured, commonly used and machine-readable format, and to have it transmitted to another data controller where technically feasible.
You have the right to object to the processing of your personal data where that processing is based on our legitimate interests or on the performance of a task in the public interest. Where you exercise this right, we will cease processing unless we can demonstrate compelling legitimate grounds that override your interests, rights and freedoms, or where processing is necessary for the establishment, exercise or defence of legal claims. You have an absolute right to object to the processing of your personal data for direct marketing purposes at any time.
Where we rely on consent as the lawful basis for processing, you have the right to withdraw that consent at any time without detriment. Withdrawal does not affect the lawfulness of processing prior to withdrawal.
If you believe that our processing of your personal data infringes applicable data protection law, you have the right to lodge a complaint with the Information Commissioner's Office (ICO), which is the supervisory authority in the United Kingdom. The ICO can be contacted at ico.org.uk or by telephone on 0303 123 1113. We would, however, appreciate the opportunity to address your concerns directly before you approach the ICO, and we encourage you to contact us in the first instance.
We have implemented and maintain appropriate technical and organisational measures to protect personal data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure or access. These measures are designed to ensure a level of security appropriate to the risk presented by the processing activities involved.
Our technical security measures include the use of encrypted communications (HTTPS/TLS) for all website interactions and data transmissions, access controls and authentication requirements for all internal systems containing personal data, regular security reviews and vulnerability assessments of our technical infrastructure, and encrypted storage for sensitive data including contractual and financial records.
Our organisational measures include policies governing data access and handling by staff and contractors, non-disclosure obligations for all personnel with access to personal data, regular staff training on data protection obligations and security awareness, and procedures for detecting, assessing and reporting personal data breaches in accordance with Article 33 of UK GDPR.
In the event of a personal data breach that is likely to result in a risk to the rights and freedoms of individuals, we will notify the ICO within 72 hours of becoming aware of the breach. Where the breach is likely to result in a high risk to individuals, we will also notify affected individuals without undue delay. Our breach notification procedures are documented and reviewed regularly.
Our website uses cookies and similar tracking technologies to improve functionality, analyse performance and remember your preferences. Detailed information about the cookies we use, the specific purposes for which each cookie is used, the duration for which each cookie is stored, and your options for controlling or disabling cookies is provided in our Cookie Policy, which is available at cookie-policy.html.
By continuing to use our website following the display of our cookie notice, and where relevant by providing your active consent through our cookie preference centre, you agree to our use of cookies in accordance with the terms set out in our Cookie Policy.
Our website may contain links to third-party websites, services and resources that are not operated by RUNIX DATA LTD. We have no control over, and are not responsible for, the content, privacy policies or practices of any third-party websites. This Privacy Policy does not govern the processing of your personal data by third parties. We encourage you to review the privacy policies of any third-party websites you visit through links on our site before providing any personal data to them.
Where our website incorporates embedded content from third parties, such as maps, those third parties may set their own cookies or collect data about your interaction with that embedded content, subject to their own privacy policies.
Our website and services are directed at businesses and professional individuals operating in the cultural heritage, museum and visitor attraction sectors. We do not knowingly collect personal data from children under the age of thirteen. If you are a parent or guardian and believe that we may have inadvertently collected personal data relating to a child under thirteen, please contact us immediately at PavanKumar@runixdata.guru so that we can take appropriate action.
Where our services are used by client institutions that interact with children as part of their own educational or visitor programmes (for example, museum schools outreach programmes), the processing of children's data in that context is the responsibility of the client institution as data controller for those activities, not RUNIX DATA LTD.
We review this Privacy Policy periodically to ensure it remains accurate and reflects changes in our business practices, applicable law and the advice of relevant regulatory authorities. We reserve the right to update or modify this Privacy Policy at any time. Material changes will be communicated to existing clients by email where we hold contact details, and will be indicated by a change to the "Last Updated" date at the top of this document.
Where changes are required by law or regulatory guidance, they will take effect immediately. For other changes, we will endeavour to provide reasonable notice before the revised policy takes effect. Continued use of our website or services after the effective date of any revision constitutes acceptance of the revised policy.
Previous versions of this Privacy Policy are available on request by contacting us at PavanKumar@runixdata.guru.
If you have any questions, concerns or requests in relation to this Privacy Policy or our handling of your personal data, please contact us using the details below. We are committed to addressing all data protection enquiries promptly, professionally and in compliance with our obligations under applicable law.
RUNIX DATA LTD
63 Ladys Gift Road
Tunbridge Wells, Kent
TN4 0JT
United Kingdom
Email: PavanKumar@runixdata.guru
Telephone: +44 8760 6597
Website: runixdata.guru
For urgent data protection matters or personal data breach notifications, please mark your email clearly with the subject line "DATA PROTECTION — URGENT" to ensure it is routed to the appropriate member of our team without delay.
This Privacy Policy was last reviewed and updated on 1 June 2026. It supersedes all previous versions of our privacy notice.