Onteigo's Privacy Notice
Last updated: November 2025
​
At Onteigo we strive to seamlessly integrate into your business to ensure full data protection compliance and adapt to your evolving needs. With our commitment to providing continual, uncapped support and transparent, no-hidden-fee services, we prioritise safeguarding your data and supporting your growth every step of the way.
​
We are big on trust, so we aim to be fully transparent about how we collect and use your personal data. This notice applies whenever we determine the purposes and methods of processing personal data, (where we act as a Data Controller under data protection law). This Privacy Notice is designed to help you understand the information we collect, the reasons behind our data collection, and how you can update, manage, export, or delete your information.
​
The different ways we process personal data
​
1) When you request more information or book a call via our website
​
What personal data do we collect, why do we collect it, and what legal basis do we rely on?
​
When you reach out for more info or book a call through our website, we'll grab some basic details to follow up with you. We'll ask for your first name, last name, email address, phone number, company name, and a bit about how we can help. We collect this info because it’s important for our business to grow and connect with you. The legal basis we rely on is Article 6(1)(f) of the GDPR (Legitimate Interest) and Article 6(1)(b) of the GDPR (Contract).
​
Where do we store it?
​
We use customer analytics platforms to collect data and transfer it to our Customer Relationship Management (CRM) system. Our go-to tools include standard apps like email, word processing, and other cloud-based office software. Most of our data hangs out in the UK and EEA, including our CRM and office apps.
If we ever need to move data to a third country like the US, we make sure it's secure by using Standard Contractual Clauses and the UK Addendum.
​
How long do you keep my data for?
​
We hold onto your personal data according to our retention schedule and business needs. If you decide to unsubscribe, we’ll remove your data from our systems but keep your email on a restricted unsubscribe list to make sure you don’t get any more emails from us.
2) When you refer someone via the referral webform or on our website
​
What personal data do we collect, why do we collect it, and what legal basis do we rely on?
​
When you fill out our referral form, we'll gather some basic info about you and your company (if applicable), along with the contact details of the person or company you’re referring to us. We'll ask for your full name, email address, phone number, and company name. For the person you’re referring, we’ll collect their company name, individual’s name, phone number, email address, and a brief description of their business.
We collect this info because it’s important for us to grow our business. The legal basis we rely on is Article 6(1)(f) of the GDPR (Legitimate Interest).
​
Where do we store it?
​
We use Google Sheets to collect and store information for our referral schemes, and sometimes this data makes its way to our Customer Relationship Management (CRM) platform. We also use standard cloud-based apps like email, word processing, and other office software to process data.
Most of our data is stored in the UK and the European Economic Area (EEA), including our CRM and office apps.
If any data needs to be transferred to a third country, like the United States, we make sure it’s secure by using Standard Contractual Clauses and the UK Addendum.
​
How long do you keep my data for?
​
We hold onto personal data based on our legitimate interests, following our retention schedule and business needs. Data collected for our referral schemes is kept only as long as needed to achieve the purposes for which it was collected.
3) When you become a client
​
What personal data do we collect, why do we collect it, and what legal basis do we rely on?
​
When you become a client, we'll gather the names, contact details, and emails of key people, along with your company and financial info. This helps us provide the best service to you and your organisation.
We process this data based on Article 6(1)(f) of the GDPR (Legitimate Interests) and Article 6(1)(b) of the GDPR (Contract).
​
Where do we store it?
​
To keep things running smoothly, we use cloud-based tools for communication and collaboration. This includes standard apps like email, word processing, and other office software. We also use a Customer Relationship Management (CRM) platform. We’ll also ask you to sign contracts via a cloud app and handle payments through a secure finance platform.
Sometimes, we might record calls or take notes during meetings to help with product development and training.
Most of our data is stored in the UK and EEA, including our CRM, financial, and office software. If any data needs to be transferred to a third country, like the US, we use Standard Contractual Clauses and the UK Addendum (when needed) to keep your data secure.
​
How long do you keep my data for?
​
We will retain your personal data for the duration of your time as a customer and for 12 months after you leave, based on our business requirements.
Financial data will be kept for a minimum of 6 years, in compliance with UK law.
4) When you subscribe to our newsletter
​
What personal data do we collect, why do we collect it, and what legal basis do we rely on?
​
When you join our newsletter, we collect your name and email so we can stay connected. We do this with your consent, following Article 6(1)(a) of the GDPR.
If you ever want to take a break, just click the unsubscribe link at the bottom of our emails, or reach out to us directly—no hard feelings!
​
Where do we store it?
​
We use Wix to store this information - here’s a *link* to their privacy policy. Their data is kept in the Republic of Ireland (EEA).
​
How long do you keep my data for?
​
We hang on to your personal data for 2 years, then we'll check in to see if you still want to hear from us. If not, we'll remove your info from our email list. And of course, you can hit unsubscribe anytime to opt out.
​
5) When you sign up to our webinars or events
​
What personal data do we collect, why do we collect it, and what legal basis do we rely on?
​
We'll ask you for some some basic information about yourself, such as your name, contact details, company details, telephone number and any enquiry details so that we can process and manage your registration, send you event access details, reminders and follow-up information, respond to any questions or feedback you submit, analyse interest in our services and improve future events. The data collected is necessary for our legitimate business interest to raise awareness of and grow our business.
The legal basis we rely on are Article 6(1)(f) of the GDPR - Legitimate Interests and Article 6(1)(b) of the GDPR - Contract.
​
Where do we store it?
​
We use customer analytics tools to gather information and pass it into our Customer Relationship Management (CRM) system. We also rely on standard software applications to handle data, including email, word processing, and other cloud-based office tools. Live events are run through an event platform application. During these, we may use call recording and note-taking tools, and we sometimes use these recordings and notes for training purposes.
The majority of the data we handle is stored in the UK and EEA, including the data held in our CRM system and office applications.
Where any data is transferred to a third country such as the US – for example, via the form functionality on our website or through our event platform application – we use Standard Contractual Clauses together with the UK Addendum to protect the data during transfer.
​
How long do you keep my data for?
​
We retain the personal data described above in accordance with our retention schedule and our business requirements. If you unsubscribe, we will delete your data from our systems, but we will keep your email address on a restricted-access unsubscribe list to ensure you do not receive any further emails from us.
​
6) When we raise awareness of Onteigo
​
What personal data do we collect, why do we collect it, and what legal basis do we rely on?
​
We may collect certain details such as your name, company name, phone number, and work email address.
Prospective clients are often introduced to us by referral, or they discover us through our hosted events or our website. If you have attended one of our events, we may occasionally send you updates, news, and information about Onteigo and our services to keep you informed, for as long as you wish to receive these communications.
From time to time, we also use marketing lists to make people aware of our business. To focus on organisations we believe could benefit from what we offer, we use marketing databases to source names, company names, phone numbers, and company email addresses. Before using this data, we screen it against the Telephone Preference Service and our own internal ‘do not contact’ list.
We may use call recording and note-taking tools during our meetings, and we sometimes use these recordings and notes for preparation and training purposes, as well as to generate insights that inform our marketing messaging.
We may collect your home or office address so that we can send you a gift as a token of our appreciation. We will only use your address for this specific purpose.
The legal basis we rely on for this processing is Article 6(1)(f) of the GDPR – Legitimate Interests.
​
Where do we store it?
​
We use customer analytics tools to gather information and feed it into our Customer Relationship Management (CRM) system. We rely on standard software applications to process data, including email, word processing, and other cloud-based office tools. We also run live events through an event platform application.
The majority of the data we handle is stored in the UK and EEA, including the data within our CRM system and office applications.
Where any data is transferred to a third country such as the US – for example, in relation to mailing lists or our event platform application – we use Standard Contractual Clauses together with the UK Addendum to protect the data during transfer.
​
How long do you keep my data for?
​
We will keep your name, company name, phone number, and email address on a marketing list, in line with our retention schedule, unless you choose to unsubscribe. Anyone else who does not wish to be contacted will be moved to our ‘do not contact’ list. On this list, we retain your name, company, email address, and phone number so that we know not to contact you, and any additional information will be deleted.
​
​
Your Rights
​
The right to be informed
​
You have the right to be informed about the collection and use of your personal data, the purposes for processing, retention periods for that personal data and who it will be shared with.
​
The right of access
​
You have the right to ask us for copies of the data we hold about you.
​
The right to object
​
You have the right to ask us to stop processing your personal information in some circumstances, such as when we are relying on our own (or someone else’s) legitimate interests to process your personal information, when we are processing your personal information for direct marketing or when we are processing your personal information for research.
​
The right to rectification
​
You have the right to ask us to rectify the personal information you think is inaccurate or to complete information you think is incomplete.
​
The right to erasure
​
You have the right to ask us to erase your personal information, in some circumstances.
​
The right to restrict processing
​
You have the right to ask us to restrict the processing of your personal information for a duration of time, in some circumstances.
The right to data portability
​
You have the right to ask that we transfer the personal information you gave us to another organisation, or to someone else, in some circumstances.
​
Making a request
​
You don't have to pay anything in order to exercise your rights.
​
Please contact us at privacy@onteigo.com, 71-75 Shelton Street, Covent Garden, London, United Kingdom, WC2H 9JQ, if you wish to make a request under your rights. We have a calendar month to get back to you with a response. Please ensure to check your junk/spam folders as our responses can sometimes end up there.
​
How you can complain
If you have any concerns about how your data is being handled, or if you believe we have not met our obligations under data protection law, you have the right to raise a complaint with us.
​
You can contact us directly by emailing privacy@onteigo.com. Please provide as much detail as possible so we can investigate your concern thoroughly and fairly. Once we receive your complaint, we will aim to respond within 30 calendar days. We will then assess the matter and aim to provide a clear and timely response without undue delay. Where appropriate, we will explain the steps we have taken or plan to take to address your concern.
If you're not satisfied with how we respond, you also have the right to raise your concerns with the UK’s data protection regulator:
Information Commissioner’s Office (ICO). Please find their details below:
​
Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
0303 123 1113 | https://www.ico.org.uk