Privacy Notice

Privacy Notice

Cufflink is all about helping restore the trust between Individuals and Organisations. 

We’re also very serious when it comes to Personal Information (PI) and how its storage and use can adversely impact the rights, interests and freedoms of Individuals. 

You may, or may not, be aware that the new data privacy regulation (called the General Data Protection regulation – or GDPR for short) has now been in force since May 2018. We don’t want to bore you with all the details just yet but, if you’d like to find out more now, you can take a look here. 

GDPR’s basic purpose is to stop companies from using your PI in ways which could be harmful, subversive or without your knowledge. We’re not one of those companies (nor will we ever be) and hope that by being as honest, open and up-front about the way in which we process and store your PI we can ease any worries you may have to the contrary. 

We hope this privacy notice can help (if only a little) by providing you with enough information, in an open and transparent way, about how and what we do with your PI here at Cufflink. We’ve also tried to make this document as easy to follow by writing it in plain English and by leaving the more technical jargon and legalese” to the end. 

To summarise, Cufflink only collects what we need, when we need it, for as long as we need, and we delete it when finished. The application has been designed from the bottom up with your privacy in mind and we’re registered with the regulators in all the countries in which we operate. You can find your local regulator in Europe here or globally here. We don’t sell or pass your PI to any third parties without your explicit consent, we don’t use adverts or let people advertise to you and in terms of cookies, we only use those which we need for technical reasons as outlined in our cookie policy. 

However, were also very aware that we’re evolving as a business and therefore this notice will also need to evolve with us. We’ll try and keep you updated on any changes; however, we’d also recommend that you pop back every now and again to check you’re still happy with what we’re doing. We’ll highlight the changes so you don’t have to trawl through a massive tranche of text (again) and if you’re no longer happy, or have questions on the updates, then please do contact us here. 

We hope this basic overview has eased any worries you may have had but should you need or want to dive any deeper… then please scroll down for further information or contact our Data Protection officer directly here 


The Legal bit………. get comfortable Ltd. Is a software development company registered at 59 Dukes Wood Avenue, Gerrards Cross, United Kingdom, SL9 7JY. Our Company Number is 11618179.

Cufflink is a Website, Application (App) and Service provider which is located at and provides a safe and easy to use set of services for you to store, manage and control your personal information.

We are registered with the Information Commissioners Office (ICO) and our registration number is ZA488300.

The following more detailed privacy policy explains how we collect, hold, use and disclose your personal information.

We will:

  • Always keep your information safe and private;
  • Never sell your information; and
  • Allow you to manage and review what PI you share, with whom and for what reason at any time
  • Our website at;
  • The Cufflink App; or
  • Any of the services you can get access to through the Cufflink app or Website (Our services)
We collect different types of information and the table below explains what PI we collect, from where and for what reason:
Type of Information From where For what Reason
First Name, Last Name, Email Address Directly from you on our website When you fill in the “Contact Us” form on our website

When it comes to Marketing, we will only send you marketing (think emails, messages, phone calls etc.) or services having gained your explicit and documented consent from within the Cufflink app itself, or by you having signed up to our Beta or subsequent Release programmes. You can of course always opt out at any point from these types of communications and rest assured, we won’t spam, cold call or harass you and we’ll always ensure that, on balance, we will not adversely impact you.

In respect of the purposes for which we use your PI, we are required to ensure we have a legal / Lawful basis for that processing, and this is dependent upon the services you use and how you use them. Cufflink collects and processes your PI on the basis of;

A Legal Obligation :

We need to process your PI in order to comply with a legal or regulatory obligation.

In support of a contract :

We need your PI in order to provide you with the service including to operate the Services, provide customer support and personalised features and to protect the safety and security of the Services; or

As a Legitimate Interest:

It satisfies a legitimate interest (which is not overridden by your data protection interests), such as for research and development, to market and promote the Services and to protect our legal rights and interests; or

Explicit Consent:

We may also rely on your explicit and unambiguous consent as a legal basis to process your PI. If we do rely on your consent, you will, of course, always have the right to change your mind at any time (but this will not affect any processing that has already taken place) and revoke that consent either through the Cufflink App or by contacting us directly.

What does that mean in English?

In short….. Cufflink will process or retain your PI for one of the following reasons;

    1.  We have to;
      So for example, Accounting information needs to be retained for about 6 years.
    2. We need to;
      If you’ve downloaded the App and want to use the service, we need to know who to send it to etc.
    3. We want to;
      If you’ve enrolled into a programme (i.e. the Beta Programme) and we need to keep you updated on its progress / issues / changes / updates / releases etc.
    4. We’d like to;
      If you’re happy for us to keep you updated about Cufflink via email, newsletter, social media etc.

The list above is by no means exhaustive and which one is applicable is dependent upon your relationship with us, however, we’re hoping it might provide a little bit of clarity on an otherwise very legal part of this notice.

All data processing and storage is within the UK or EU and we’d like to keep it like this going forward.

We do not transfer your PI outside of the EU.

We do not knowingly transfer your PI to any third parties other than those as outlined in the following processes;

Beta programme Sign-up (via Website)

You provided your First name, Surname and Email Address when you signed up to our “Beta Programme” via our website.

We asked you for this information so that we can contact you about anything related to the Cufflink Beta Release Programme. However, once the “Beta programme” has ended, we will delete your PI, unless you indicate otherwise.

Your PI is delivered to us in the form of an email (across an encrypted Network) which in turn is stored on the Office 365 Cloud (Exchange) which is backed up and stored in the UK and retained for up to 2-years, in line with the current Cufflink retention policy.

The website is hosted on WordPress and you entered your PI via a WordPress form. Their Privacy Policy can be found here and they are a “Data processor” under GDPR. Cufflink has enabled the “GDPR enhancements” on our website, details of which can be found here

All members of the Cufflink Team are skilled and trained in data privacy practices and procedures. In fact, most of us are a bit nerdy when it comes to data privacy. We see ourselves as part of the wider group of “data champions” or “privacy champions” and regularly help to influence both data protection practices and policies. We know how important your PI is to you as we know how important ours is to us!

In line with the GDPR, we retain your PI only for as long as is absolutely necessary. We only retain data in line with the Cufflink retention policy, which is aligned with the Microsoft MRM retention policy which can be found here.

We consciously limit the number of cookies we use on our Website. Those we do use are either essential to provide the service or Analytical based cookies (with pseudonymous based identifiers) that allow us to monitor and maintain the website more effectively. We don’t use any tracking cookies, functionality cookies, advertising nor social media cookies.

Further information about the cookies we use can be found here. However, you can also find out more information at and

Under GDPR you are afforded certain rights. You can find out more on these here, however, we’ve outlined them below;

Your RightWhat it means (in English)

How do you use my PI?”

You have the right to be informed of how your data is being used at Cufflink. This includes what we collect, for what reason and what we do with it. We hope this is clearly outlined in this Privacy Notice.


“Tell me what you know about me”

You can ask to see the PI we store about you.


“You’ve spelt my name wrong”

You can ask to have any PI we store about you updated. This could be an incorrectly spelt surname, address details or other piece of PI.


“Delete my PI”

Also known as the “Right to be forgotten” you can ask us to delete all instances of your PI that we store. However, please be aware that there are some cases where we won’t be able to do this (i.e. The law requires us to keep the information)


“Don’t use my PI”

You can ask for us to stop using your PI. This is very similar to the next right (Restriction) however, this right is to permanently stop processing.


“Stop what you’re doing”

Much like the previous Right, this right allows you to request a temporarily stop on the processing of your information. However, please be aware that this sometimes can be technically impractical given the typical timescales of a DSAR process.


“Provide me with a copy of my PI”

You have the right to request a copy (in a machine-readable format) of the PI you provided to us which you can then “port” to another provider

Auto Decisions

“I want a human to decide”

You have the right to request a human assess any automated decision processes (including profiling) should you require.

Withdraw Consent

“You no longer have my permission”

Should data be being processed on the legal basis of Consent (explicitly given by yourself) you have the right to likewise, un-consent to this processing at any time.

The easiest method of exercising your rights as set out above is to:

  • Email our data protection officer on; or
  • Write to us at Ltd, Menai Science Park, Gaerwen, Anglesey, LL60 6AG, United Kingdom, marked for the attention of the data protection officer.

Please note that in order to protect your privacy, we may ask you to prove your identity before we take any steps in response to a request you have made.

If you would like to submit a complaint regarding this privacy Policy or regarding our Personal data management processes or procedures, please contact us here.

We will respond to your complaint as soon as we can, however, if you feel that your complaint has not been adequately resolved or dealt with, you can contact your local DPA (Data Protection Authority) details of which can be found here for Europe or here globally.