Privacy Policy

Your privacy is important to us. This policy explains how BPS Designs Ltd. collects, uses, and protects your personal information.

Last updated: 22nd September 2025

1. Who We Are

BPS Designs Ltd. ("we", "us", "our") is a company registered in England and Wales. We are the data controller for the personal information we collect and process through our FeedbackNexus platform and website.

Data Controller:
BPS Designs Ltd.
Registered in England and Wales
Contact: Contact our privacy team

This privacy policy applies to all users of our website and FeedbackNexus platform, including visitors, customers, and end-users of customer feedback portals.

2. Information We Collect

2.1 Information You Provide Directly

  • Account Information: Name, email address, company name, job title, and password when you create an account
  • Profile Information: Additional details you choose to add to your profile
  • Payment Information: Billing address and payment details (processed securely by our payment providers)
  • Communications: Messages you send us through contact forms, support requests, or email
  • Feedback Content: Feedback, comments, and other content you submit through our platform

2.2 Information We Collect Automatically

  • Usage Data: How you interact with our platform, features used, and time spent
  • Device Information: IP address, browser type, operating system, and device identifiers
  • Log Data: Server logs including access times, pages viewed, and system activity
  • Cookies: Information stored through cookies and similar technologies (see our Cookie Policy)

2.3 Information from Third Parties

  • Integration Data: Information from connected services (Slack, Jira, etc.) when you authorise integrations
  • Analytics: Aggregated usage statistics from analytics providers

3. How We Use Your Information

We process your personal data for the following purposes, based on the legal grounds indicated:

3.1 Service Provision (Contract Performance)

  • Providing and maintaining the FeedbackNexus platform
  • Processing feedback and managing your feedback portals
  • Enabling integrations with third-party services
  • Processing payments and managing subscriptions

3.2 Communication (Contract Performance & Legitimate Interest)

  • Responding to your enquiries and support requests
  • Sending service-related notifications and updates
  • Providing customer support and technical assistance

3.3 Improvement and Analytics (Legitimate Interest)

  • Analysing platform usage to improve our services
  • Developing new features and functionality
  • Monitoring system performance and security

3.4 Marketing (Consent)

  • Sending marketing communications (only with your consent)
  • Personalising content and recommendations
  • Conducting market research and surveys

3.5 Legal Compliance (Legal Obligation)

  • Complying with applicable laws and regulations
  • Responding to legal requests and court orders
  • Protecting our rights and preventing fraud

4. Data Sharing and Disclosure

We do not sell your personal data. We may share your information in the following circumstances:

4.1 Service Providers

We work with trusted third-party service providers who help us operate our platform:

  • Cloud Hosting: Google Cloud Platform (data processing agreement in place)
  • Payment Processing: Stripe and other payment processors
  • Email Services: For transactional and marketing emails
  • Analytics: For usage analytics and performance monitoring

4.2 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred as part of the business transaction.

4.3 Legal Requirements

We may disclose your information if required by law, court order, or to protect our rights and safety.

4.4 With Your Consent

We may share your information for other purposes with your explicit consent.

5. Data Security

We implement appropriate technical and organisational measures to protect your personal data:

  • Encryption: Data is encrypted in transit using TLS and at rest using AES-256
  • Access Controls: Strict access controls and authentication requirements
  • Regular Audits: Security assessments and penetration testing
  • Staff Training: Regular security training for all employees
  • Incident Response: Procedures for detecting and responding to security incidents
  • Compliance: SOC 2 Type II certification and ISO 27001 standards

While we implement strong security measures, no system is completely secure. We cannot guarantee absolute security of your data.

6. Data Retention

We retain your personal data for as long as necessary to provide our services and comply with legal obligations:

  • Account Data: Retained while your account is active and for 12 months after closure
  • Feedback Data: Retained according to your account settings and data retention preferences
  • Payment Data: Retained for 7 years for tax and accounting purposes
  • Marketing Data: Retained until you withdraw consent or for 3 years of inactivity
  • Log Data: Typically retained for 12 months for security and troubleshooting

You can request deletion of your data at any time, subject to legal retention requirements.

7. Your Rights Under UK GDPR

As a data subject, you have the following rights regarding your personal data:

7.1 Right of Access

You can request a copy of the personal data we hold about you.

7.2 Right to Rectification

You can request correction of inaccurate or incomplete personal data.

7.3 Right to Erasure

You can request deletion of your personal data in certain circumstances.

7.4 Right to Restrict Processing

You can request that we limit how we process your personal data.

7.5 Right to Data Portability

You can request a copy of your data in a structured, machine-readable format.

7.6 Right to Object

You can object to processing based on legitimate interests or for marketing purposes.

7.7 Rights Related to Automated Decision Making

You have rights regarding automated decision-making and profiling.

7.8 Right to Withdraw Consent

Where processing is based on consent, you can withdraw it at any time.

Exercising Your Rights:
To exercise any of these rights, contact our privacy team. We will respond within one month.

8. International Data Transfers

Your data may be processed outside the UK/EEA by our service providers. When this occurs:

  • We ensure adequate protection through appropriate safeguards
  • We use Standard Contractual Clauses approved by the UK ICO
  • We work only with providers that demonstrate adequate data protection
  • Primary data processing occurs within the UK/EEA where possible

9. Cookies and Tracking

We use cookies and similar technologies to improve your experience:

9.1 Essential Cookies

Required for the platform to function properly (authentication, security, preferences).

9.2 Analytics Cookies

Help us understand how you use our platform to improve our services.

9.3 Marketing Cookies

Used to personalise content and measure marketing effectiveness (with your consent).

You can manage cookie preferences through your browser settings or our cookie consent tool.

10. Children's Privacy

FeedbackNexus is not intended for children under 16. We do not knowingly collect personal data from children under 16. If we become aware that we have collected such data, we will delete it promptly.

11. Changes to This Policy

We may update this privacy policy from time to time. When we make significant changes:

  • We will notify you by email or through our platform
  • We will update the "Last updated" date at the top of this policy
  • We will provide a summary of key changes
  • Continued use of our services constitutes acceptance of the updated policy

12. Contact Us

If you have questions about this privacy policy or our data practices, please contact us:

Privacy Enquiries: Contact our privacy team
Subject: Privacy Policy Enquiry

Data Protection Officer:
BPS Designs Ltd.
United Kingdom