Privacy Notice

At OryxAlign, we are committed to maintaining the trust and confidence of our clients and visitors to our website. In particular, we want you to know that OryxAlign is not in the business of selling, renting, or trading email lists with other companies and businesses for marketing purposes. 

For the purposes of our website, OryxAlign is the controller and responsible for your personal data (also referred to as "we", "us" or "our" in this Privacy Notice). 

We have appointed a data protection officer (“DPO”) who is responsible for overseeing questions in relation to this Privacy Notice. If you have any questions about this Privacy Notice, including any requests to exercise your legal rights, please contact the DPO using the information set out in the contact details below.   

This Privacy Notice contains detailed information on when and why we collect your personal information, how we use it, the limited conditions under which we may disclose it to others and how we keep it secure. 

Should we ask you to provide certain information by which you can be identified when using this website, then you can be assured that it will only be used in accordance with this Privacy Notice. 

OryxAlign may change this notice from time to time by updating this page. You should check this page frequently to ensure that you are happy with any changes. This policy is effective from 1st October 2025. 

What we collect

We may collect the following information:  

• Identity Data includes first name, last name, any previous names, username or similar identifier.
• Contact Data includes billing address, delivery address, email address and telephone numbers.
• Financial Data includes bank account and payment card details.
• Transaction Data includes details about payments to and from you and other details of products and services you have purchased from us.
• Technical Data includes internet protocol (IP) address, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, device ID and other technology on the devices you use to access this website. 
• Usage Data includes information about how you interact with and use our website, products and services. 
• Marketing and Communications Data includes your preferences in receiving marketing from us and our third parties and your communication preferences. 

We also collect, use and share aggregated data such as statistical or demographic data which is not personal data as it does not directly (or indirectly) reveal your identity. For example, we may aggregate individuals' Usage Data to calculate the percentage of users accessing a specific website feature in order to analyse general trends in how users are interacting with our website to help improve the website and our service offering. 

How do we collect this data?

We use different methods to collect data from and about you including through: 

Your interactions with us

You may give us your personal data by filling in online forms or by corresponding with us by post, phone, email or otherwise. This includes personal data you provide when you: 

• Apply for our products or services;
• Request marketing to be sent to you; or
• Give us feedback or contact us.  

 

Automated technologies or interactions

As you interact with our website, we will automatically collect Technical Data about your equipment, browsing actions and patterns. We collect this personal data by using cookies and other similar technologies. We may also receive Technical Data about you if you visit other websites employing our cookies. Please see our cookie policy (https://www.oryxalign.com/cookies) for further details. 

Third parties or publicly available sources

We will receive personal data about you from various third parties as set out below:  

• Technical Data is collected from the following parties:
• Analytics providers such as Google based outside the UK;  
• Advertising networks; and
• Search information providers.
• Contact, Financial and Transaction Data is collected from providers of technical, payment and delivery services.
• Identity and Contact Data is collected from data brokers or aggregators.
• Identity and Contact Data is collected from publicly available sources such as Companies House and the Electoral Register based inside the UK. 

 

Legal basis  

The law requires us to have a legal basis for collecting and using your personal data. We rely on one or more of the following legal bases: 

• Performance of a contract with you: Where we need to perform the contract we are about to enter into or have entered into with you. Please see Additional information for clients who contract with us for services (below).
• Legitimate interests: We may use your personal data where it is necessary to conduct our business and pursue our legitimate interests, for example to prevent fraud and enable us to give you the best and most secure customer experience. We make sure we consider and balance any potential impact on you and your rights (both positive and negative) before we process your personal data for our legitimate interests. We do not use your personal data for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law).
• Legal obligation: We may use your personal data where it is necessary for compliance with a legal obligation that we are subject to. We will identify the relevant legal obligation when we rely on this legal basis.
• Consent: We rely on consent only where we have obtained your active agreement to use your personal data for a specified purpose, for example if you subscribe to our mailing list. 

 

What do we do with the information we gather? 

 

For product enquiries, sales and administration 

If you have made an enquiry about us or our products or services, either online or over the phone, your personal information will be used to respond to the enquiry or to take other steps at your request prior to you entering into a contract with us. 

If you have purchased or registered for one of our products or services, including on a trial basis, we will use your personal information, including bank or card details, to provide you with the product or service, communicate with you about it, handle payments and recover any debts. 

Further, we shall use information to manage your relationship with us which is necessary in the performance of a contract with you, to comply with a legal obligation and for our legitimate interest (for example, to keep our records updated and to study how customers use our products/services). We may also recommend products or services which may be of interest to you which are necessary for our legitimate interest (to develop our products / services and grow our business). 

In-call monitoring for training and quality monitoring purposes  

When one of our sales representatives speaks to you over the phone, the calls are recorded for training and monitoring purposes.

For marketing  

The marketing team may use your personal information to send you newsletters, offers or other marketing emails that keep you up to date with our news, events and products that may be of interest.  

Depending on the nature of your interaction with us and applicable data protection laws, you may have actively given us your consent (i.e. opted in) or we may be entitled to rely on our legitimate interest to market to you. Should you wish to be removed from our database, you may unsubscribe at any time using the unsubscribe link in the footer of all our marketing emails or by emailing marketing@oryxalign.com. 

We don’t rent or trade email lists with other organisations and businesses. 

Analytics

When someone visits www.oryxalign.com, we use a third-party service, Google Analytics, to collect standard internet log information and details of visitor behaviour patterns. This is to help us understand our client’s preferences. Through this engine, we can monitor various metrics, including the number of visitors to the various parts of the site and the popularity of specific pages. Individual identity details are not collected or processed by Google Analytics. 

Under no circumstances will Google be able to access the identities of individuals visiting the OryxAlign website. 

Mailing lists 

We use a third-party provider, HubSpot, to deliver our newsletter. Using industry-standard technologies to help us monitor and improve our e-newsletter, we gather statistics around email opening and click-through rates. 

You may unsubscribe anytime by clicking the unsubscribe link at the bottom of our emails or emailing marketing@oryxalign.com. 

Cookies 

For more information about the cookies we use and how to change your cookie preferences, please see https://www.oryxalign.com/cookies.  

Subject access requests 

You are entitled to view, amend, or delete the personal information that we hold on you. Email your request to dpo@oryxalign.com. 

Security 

We are committed to ensuring that your information is secure. In order to prevent unauthorised access or disclosure, we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the information we collect online. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. 

Retention 

We will not hold onto your personal data for longer than is necessary for the purpose for which it was collected including for the purposes of satisfying any legal, accounting, reporting, or support requirements.   

To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means and the applicable legal requirements. 

By law, we have to keep basic information about our customers (including contact, identity and financial information and transaction data) for seven years after they cease being customers for tax purposes.  

In some circumstances, you can ask us to delete your data. You can exercise this right at any time by contacting the DPO (see below). 

In some circumstances, we may anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes in which case we may use this information indefinitely without further notice to you.  

We will take all reasonable steps to destroy or erase from our system, all data which is no longer required.   

Controlling your personal information 

You may choose to restrict the collection or use of your personal information in the following ways: whenever you are asked to fill in a form on the website, ensure that you have not clicked a box to opt-in to have your data used for marketing purposes, or for any other reason beyond your original contact resolution. 

If you believe any information we are holding on you is incorrect or incomplete, please email us as soon as possible at the above address. We will promptly correct any information found to be incorrect. 

You have a number of rights under UK and EU data protection laws in relation to your personal data.  

You have the right to: 

• Request access to your personal data.
• Request correction of your personal data.
• Request erasure of your personal data.
• Object to processing of your personal data.
• Request restriction of processing your personal data.
• Request transfer or your personal data.
• Right to withdraw consent. 

If you wish to exercise any of the rights set out above, please contact the DPO (see below). 

You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we could refuse to comply with your request in these circumstances. 

We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response. 

Disclosures of your personal data 

Subject to what we say below, we will not pass on your personal details to any third party, including site sponsors or advertisers, without your consent. We may provide aggregate statistics about our users, sales, traffic patterns and related site information to our third-party partners (if any), but these statistics will not contain any information about you from which you could be identified.  

Whenever we transfer your personal data out of the UK, we ensure a similar degree of protection is afforded to it as further set out in the Domestic and international transfer mechanisms in respect of Approved Subprocessors table below.  

Additional information for clients who contract with us for services

If you are a client, who has entered into a contract for services with us, we shall process personal data in accordance with the particulars set out in the table below. Any capitalised terms shall have the same meaning as defined in the agreement between us (“Agreement”): 

Details of personal data processing 

 

 

Approved Subprocessors

 

Approved Subprocessor	Technical Controls
Canon Business Services Australia Pty Ltd	MFA, SSO via Azure
OryxAlign South Africa Pty Ltd	MFA, SSO via Azure
ConnectWise Manage	MFA, SSO via Azure
ConnectWise Automate	Plugin integrations with SentinelOne, Auvik
ConnectWise Screen Connect	SSO, MFA, role-based access
Kaseya - ITGlue	SSO, MFA, restricted access
Auvik	SSO, MFA, API integrations
SentinelOne	SSO, MFA, API integrations
ConnectWise	MFA, role-based access
Exclaimer	MFA, API to PSA
Clip Training	SSO, role-based
Cloud Radial	SSO, MFA, API integrations
Xero	MFA, role-based
Wise-Sync	Microsoft/Xero login
Syft Analytics	MFA
Keeper	MFA, master password
Sage	VPN access required
Sage	Authy MFA
GoCardless Ltd	MFA, Xero plugin
Campaign Monitor	MFA, archival use only
Exclaimer	SSO via Azure AD
Hubspot	SSO, role-based
Above Digital	2FA enabled
DocuSign	MFA
Udemy	SSO
ScalePad	SSO, restricted access
Microsoft 365	MFA, SSO, extensive integrations
Microsoft Azure	MFA, SSO
Microsoft Sharepoint	SSO, role-based
Cisco Umbrella	SSO, shared login (to be changed)
Cisco SIG	SSO, role-based
Cisco Meraki	SSO, API integrations
KnowBe4	SSO, manual provisioning
Zencontract	SSO, role-based
Moovilla	SSO, role-based

 

 

Domestic and international transfer mechanisms in respect of Approved Subprocessors: 

 

 

Contact details

If you have any questions about this Privacy Notice or about the use of your personal data or you want to exercise your privacy rights, please contact our DPO in the following ways: 

Email address: dpo@oryxalign.com 

Complaints  

You have the right to make a complaint to the Information Commissioner’s Office (ICO), the UK regulator for data protection issues (www.ico.org.uk). However, before doing so please make sure you have first made your complaint to us or asked us for clarification if there is something you do not understand. Please contact hello@oryxalign.com or dpo@oryxalign.com to log your complaint. 

Last updated: 1st October 2025.