Privacy Policy

1. Introduction

Beyond HNGT Ltd ("we", "us", "our", or "the Company") is committed to protecting your privacy and personal data. This Privacy Policy explains how we collect, use, store, and protect your personal information when you access this website and the CAMS Blueprint document (the "Document").

This Privacy Policy is provided in compliance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

2. Information We Collect

2.1 Information You Provide

When you access this website, you are required to provide:

• Email Address: Collected via the email gate upon first access to identify you as a visitor and track your engagement with the Document.

2.2 Information Collected Automatically

When you access and navigate this website, we automatically collect:

• IP Address: Your Internet Protocol address, which may indicate your approximate geographic location.
• Browser Information: Including browser type, version, and user agent string.
• Device Information: Operating system and device type.
• Access Timestamps: The date and time of each visit and page view.
• Pages Viewed: A record of which pages within the Document you have accessed.
• Time Spent: The duration of time spent on each page.
• Referral Source: How you arrived at the website, if applicable.

2.3 Cloudflare Access Data

This website is protected by Cloudflare Access, which collects additional authentication data including:

• Authentication email address (used for access verification)
• Authentication timestamps
• Session identifiers
• Geographic location data derived from IP address

Cloudflare processes this data as a data processor on our behalf. For more information about Cloudflare's data practices, please refer to Cloudflare's Privacy Policy.

3. How We Use Your Information

3.1 Purposes of Processing

We use the information we collect for the following purposes:

3.2 Legitimate Interest Assessment

We have conducted a legitimate interest assessment and determined that our interests in protecting confidential business information and intellectual property, understanding engagement with our proposals, and maintaining records of access do not override your rights and freedoms, particularly given:

• The limited scope of data collected (primarily business contact information)
• The professional/business context of the relationship
• The transparency of this policy
• The reasonable expectations of individuals accessing confidential business documents

4. Data Storage and Retention

4.1 Where We Store Your Data

Your personal data is stored in:

• Cloudflare D1 Database: A serverless SQL database hosted on Cloudflare's global network. Data is encrypted at rest and in transit.
• Cloudflare Access Logs: Authentication and access logs maintained by Cloudflare.

4.2 Data Retention Period

We retain your personal data for as long as necessary to fulfil the purposes outlined in this policy. Specifically:

• Visitor Records (email, access logs): Retained for 3 years from the date of last access, or until the conclusion of any business relationship or dispute, whichever is longer.
• Page View Analytics: Retained for 3 years.
• Cloudflare Access Logs: Retained in accordance with Cloudflare's data retention policies.

We retain data for this period to maintain evidence of access and agreement to our Terms, to support any potential intellectual property claims, and to comply with limitation periods for legal claims under English law.

5. Data Sharing and Third Parties

5.1 Third-Party Processors

We share your personal data with the following third-party service providers who process data on our behalf:

5.2 Other Disclosures

We may also disclose your personal data:

• To comply with any court order, legal process, or regulatory requirement
• To enforce our Terms and Conditions
• To protect the rights, property, or safety of Beyond HNGT Ltd
• In connection with any legal proceedings or prospective legal proceedings
• To professional advisers (lawyers, accountants) who are bound by confidentiality obligations

5.3 No Sale of Data

We do not sell, rent, or trade your personal data to any third parties for marketing or commercial purposes.

6. International Transfers

Your personal data may be transferred to and processed in countries outside the United Kingdom. Where we transfer data internationally, we ensure appropriate safeguards are in place:

• Cloudflare participates in the EU-US Data Privacy Framework and has implemented Standard Contractual Clauses for international transfers
• Data is encrypted in transit and at rest

7. Cookies and Similar Technologies

7.1 Cookies We Use

This website uses the following cookies:

7.2 Essential Cookies

The cookies used on this website are essential for its operation and for enforcing access controls. Without these cookies, the website cannot function as intended. By accessing this website, you consent to the use of these essential cookies.

8. Your Rights

Under the UK GDPR, you have the following rights regarding your personal data:

8.1 Right of Access

You have the right to request a copy of the personal data we hold about you. We will respond to your request within one month.

8.2 Right to Rectification

You have the right to request that we correct any inaccurate personal data we hold about you.

8.3 Right to Erasure

You have the right to request that we delete your personal data in certain circumstances. However, we may retain data where we have a legitimate reason to do so, such as for the establishment, exercise, or defence of legal claims, or to protect our intellectual property rights.

8.4 Right to Restriction of Processing

You have the right to request that we restrict the processing of your personal data in certain circumstances.

8.5 Right to Data Portability

You have the right to receive your personal data in a structured, commonly used, and machine-readable format.

8.6 Right to Object

You have the right to object to processing based on legitimate interests. We will cease processing unless we can demonstrate compelling legitimate grounds that override your interests.

8.7 How to Exercise Your Rights

To exercise any of these rights, please contact us at:

We will respond to your request within one month. We may ask you to verify your identity before processing your request.

8.8 Right to Complain

If you are unhappy with how we have handled your personal data, you have the right to lodge a complaint with the Information Commissioner's Office (ICO):

9. Security Measures

We implement appropriate technical and organisational measures to protect your personal data, including:

• Encryption of data in transit (TLS/SSL) and at rest
• Access controls via Cloudflare Access requiring email authentication
• Secure database infrastructure provided by Cloudflare
• Regular review of security practices
• Limited access to personal data on a need-to-know basis

10. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or for other operational, legal, or regulatory reasons. We will notify you of any material changes by updating the "Last Updated" date at the top of this policy.

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your personal data.

11. Contact Us

If you have any questions about this Privacy Policy, our data practices, or wish to exercise your rights, please contact us: