Privacy Notification

Global Data Privacy Notification

Effective Date: 02 June 2025

This Privacy Notification explains how C2X LTD and its affiliated companies (“C2X”, “we”, “us”, “our”) collect, use, share, and protect your Personal Data when you interact with our website, mobile applications, and other platforms displaying this Privacy Notification, which also applies to information you provide when you visit our facilities.

 

Supplementary Policies

Depending on how you engage with us, additional policies may apply:

- Our Cookie Policy supplements this Privacy Notification when you use our website.

 

Protecting Your Personal Data

With offices and operations throughout the world, your Personal Data may be transferred or accessible internationally within our corporate group. We take steps to ensure that such transfers comply with all applicable local data privacy laws and regulations, including the General Data Protection Regulation (GDPR).

 

Personal Data We Use, Purposes, and Legal Basis

Our Customers, Business Partners, and Others

We collect and process the Personal Data of our customers, business partners, and others to fulfill our contractual obligations, including, amongst others:

- Managing agreements

- Processing payments

- Delivering or receiving goods and services

 

Types of data used:

- Business contact details (e.g. name, address, email, phone number)

- Job title

 

In certain cases, we are legally obligated to process your Personal Data in connection with financial transactions e.g. when paying or receiving payment for the delivery of goods and services etc.

 

Business Administration

We may process your Personal Data when you contact us or interact with our services in order to:

- Document compliance and quality

- Fulfil legal obligations (e.g. statutory requirements, regulatory investigations, security, and litigation amongst others)

 

Legal basis for processing your Personal Data:

- Our legitimate interest in maintaining compliance and protecting our legal position

- Contractual necessity for the performance of any contractual obligations

 

Types of data used:

- Contact details (e.g. name, address, email, phone number)

- Supporting documentation relevant to your inquiry or interaction

- Other applicable information

 

Cookie Policy

We use Cookies on our website to enhance your user experience. For details, please refer to our Cookie Policy.

 

Sharing Your Personal Data

We may share your Personal Data with:

- Other C2X group companies

- Third parties such as business partners, suppliers, vendors, consultants, agencies, customers, consumers, public authorities, and IT hosting, supply and service providers we use for our group’s IT environment (Third Parties).

 

We only share Personal Data where relevant and necessary for us to perform the activities described in this Privacy Notification.

 

Reasons for sharing Personal Data may include:

- Fulfilling your order

- Processing your payment details

- Providing support services

 

Transfer and protection of your Personal Data

As a global brand, we may transfer the Personal Data we collect—whether aggregated or individual—to various divisions, subsidiaries, joint ventures, and affiliated companies of C2X worldwide. These transfers are made for the purposes outlined above and in compliance with applicable laws and regulations. We may also share your Personal Data with contractors and sub-contractors (data processors and sub-processors) for storage or service-related purposes. We will not disclose your Personal Data to any Third Party outside of C2X unless permitted or required by law and where necessary. Such disclosures will be subject to appropriate written agreements that require third parties to guarantee the protection of the data with security measures providing an adequate level of protection.

 

Unless otherwise notified, any international transfers of your Personal Data will be based on applicable local data privacy laws, including appropriate international data transfer mechanisms and safeguards, such as adequacy decisions or Standard Contractual Clauses, amongst others. You may request a copy of the applicable data transfer mechanisms, including the transfer of Personal Data, by contacting us using the contact details provided below.

 

Security Measures

We are committed to protecting your Personal Data and only engage suppliers who implement security measures in line with industry best practices for IT security. Our approach to safeguarding Personal Data includes the following key controls:

- Encrypted communications: sensitive and confidential Personal Data is transferred using encryption to ensure secure data transmission.

- Comprehensive safeguards: we implement organizational, technical, and physical security measures to prevent unauthorised access, loss, or misuse of data.

- Governance framework: our protocols, controls, policies, procedures, and guidance are designed to ensure the ongoing security of Personal Data, taking into account the nature of the data, the risks involved, and the specific purposes for which it is processed.

- Secure data storage: Personal Data is stored on secure servers protected by firewalls, antivirus software, and other security technologies. Access is restricted to authorized personnel only.

 

Personal Data Retention

C2X retains your Personal Data only for as long as necessary to fulfil the purposes for which it was collected, unless a longer retention period is required or permitted by applicable laws and regulations. Specifically:

- We retain your Personal Data for the duration of our relationship with you, particularly if you have an active account with us or have not withdrawn your consent to received marketing communications.

- Your Personal Data is kept only as long as your account remains active or as needed to provide our services to you.

- We retain your Personal Data as required to meet legal, regulatory, and contractual obligations on a global basis.

- We may also retain your Personal Data beyond the termination of our relationship if doing so is necessary to protect or improve our legal position – for example, in connection with statutes of limitation, security concerns, ongoing or potential litigation, or regulatory investigations.

 

Retention periods are reviewed periodically to ensure data is not held longer than necessary.

 

Your Data Protection Rights

Subject to applicable data privacy laws and certain limitations or exceptions, you have the following rights regarding your Personal Data:

- Right of access: you have the right to request information about, and access to, your Personal Data. Please note that certain exemptions may apply, meaning you may not always receive all the data we use.

- Right to rectification: you have the right to request the correction of inaccurate or incomplete Personal Data concerning you.

- Right to object: you have the right to request that we no longer use your Personal Data in certain circumstances. However, we may continue processing if we can provide legitimate reasons for continuing to use your Personal Data.

- Right to erasure ("Right to be forgotten"): you may request the deletion of your Personal Data under specific conditions, such as when the data is no longer necessary for the purposes for which it was collected.

- Right to restriction of processing: you may request that we restrict the use of your Personal Data to limited circumstances - such as with your consent or for legal claims - if certain criteria are met.

- Right to data portability: you have the right to receive your Personal Data in a structured, commonly used, and machine-readable format, or to request us to transmit that data to another data controller where technically feasible and legally permissible.

- Right to withdraw consent: where we rely on your consent to process your Personal Data, you have the right to withdraw that consent at any time by opting out in the email or by contacting us. This will not affect our right to use Personal Data obtained prior to the withdrawal of your consent, or our right to continue parts of the use based on other legal grounds than your consent.

- Right to lodge a complaint: you have the right to file a complaint with a data protection authority, such as the Information Commissioner’s Office (ICO), if you believe your rights have been violated.

 

Please note that the above rights may be subject to limitations or exceptions under applicable data privacy laws, or other laws and regulations.

 

Contact Us

If you have a general question about how C2X uses and/or protects your Personal Data, wish to exercise your rights, or need to raise a concern, please contact:

 

Attn: Data Privacy Officer

 

Email: dataprivacy@c2x.com


Mailing address:

Scott House, Suite 1,

The Concourse,

Waterloo Station, London, SE1 7LY,

United Kingdom