Privacy Policy

Version: 1.0 | Last Updated: 10 March 2026 | Jurisdiction: United Kingdom (UK GDPR), Data Protection Act 2018

Zenera Ltd is committed to safeguarding the privacy and personal data of all individuals who interact with our website and services. This Privacy Policy sets out in full the basis on which any personal data we collect from you, or that you provide to us, will be processed by us. Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it.

Table of Contents

1. Who We Are and How to Contact Us 2. The Personal Data We Collect 3. How We Collect Your Personal Data 4. How We Use Your Personal Data 5. Legal Bases for Processing 6. Disclosure of Your Personal Data 7. International Transfers of Personal Data 8. Data Security 9. Data Retention 10. Cookies and Tracking Technologies 11. Your Legal Rights 12. Third-Party Personal Data 13. Changes to This Privacy Policy 14. Glossary of Key Terms

1. Who We Are and How to Contact Us

Zenera Ltd ("Zenera", "we", "us", or "our") is the data controller responsible for your personal data collected via our website and in connection with our services. Zenera is a technology company incorporated in the United Kingdom, specialising in the development of software solutions designed to help businesses automate routine processes and manage recurring tasks with efficiency and precision.

1.1 Our Contact Details

Full legal name: Zenera Ltd

Registered address: Zenera Ltd, 30 Timbermans View, Basildon, Essex, SS16 4UX.

Telephone: 0207 856 0191

Email: support@zenera.co.uk

Website: www.zenera.co.uk

Should you have any questions regarding this Privacy Policy, or should you wish to exercise any of your rights, please contact us through the above-mentioned email. We shall respond to all legitimate enquiries within one calendar month.

You also have the right to lodge a complaint at any time with the Information Commissioner's Office (ICO), the supervisory authority for data protection matters in the United Kingdom. Their contact details are available at www.ico.org.uk. We would, however, welcome the opportunity to address your concerns directly before you approach the ICO, and encourage you to contact us in the first instance.

2. The Personal Data We Collect

Personal data refers to any information from which a living individual can be identified, either directly or indirectly. It does not include data that has been fully anonymised. Depending on the nature of your interaction with Zenera, we may collect and process the following categories of personal data:

2.1 Categories of Data

Identity Data - including your first name, last name, username, or similar identifiers used to access our platform.
Contact Data - including your business email address, telephone number, and postal address.
Account and Profile Data - including your login credentials, account preferences, activity history, and any feedback or survey responses you provide.
Technical Data - including your Internet Protocol (IP) address, browser type and version, operating system, device identifiers, time zone settings, and other technologies on the devices you use to access our website or services.
Usage Data - including information about how you navigate and interact with our website and platform, pages visited, features used, and session duration.
Financial and Transaction Data - including details of any subscription plans or purchases made through our platform. Please note that Zenera does not store or process payment card details directly. All payment transactions are securely processed by authorised third-party payment service providers.
Communications Data - including correspondence exchanged with us via email, contact forms, or other channels, as well as your marketing preferences and consent records.

2.2 Aggregated Data

We may also collect, use, and share aggregated or anonymised data, for example, to analyse trends in how users interact with our platform. Such data does not identify you as an individual and is therefore not considered personal data. However, should we link aggregated data with your personal information in a way that could identify you, we will treat that combined data as personal data in accordance with this Privacy Policy.

2.3 Special Categories of Personal Data

Zenera does not intentionally collect any special categories of personal data about you (such as details relating to your racial or ethnic origin, religious beliefs, health, biometric data, or sexual orientation), nor do we collect information relating to criminal convictions or offences. Should you inadvertently provide such information to us, we will endeavour to delete it promptly.

2.4 Failure to Provide Personal Data

Where the provision of personal data is required by law, or is necessary for us to perform our contractual obligations to you, failure to provide that data may prevent us from delivering our services to you. In such circumstances, we will notify you of this at the time of collection.

3. How We Collect Your Personal Data

We collect personal data through a variety of lawful means, as described below:

3.1 Direct Interactions

You may provide us with your personal data directly when you:

Register for an account or subscribe to any of our software services.
Complete an enquiry, contact, or feedback form on our website.
Correspond with us by email, telephone, post, or any other means.
Request a product demonstration or consultation.
Take part in a survey, competition, or promotional activity.

3.2 Automated Technologies

As you access and browse our website, we may automatically collect Technical Data and Usage Data via cookies, web beacons, pixels, and similar tracking technologies. For further information on our use of cookies, please refer to Section 10 of this Privacy Policy.

3.3 Third-Party and Publicly Available Sources

We may also receive personal data about you from the following third-party sources:

Analytics providers (such as Google Analytics), who may be based outside the United Kingdom or the European Economic Area.
Payment and subscription management providers, who process financial transactions on our behalf.
Publicly available directories and databases, such as Companies House, to the extent permitted by applicable law.
Marketing and lead-generation partners, where you have provided appropriate consent for your data to be shared.

4. How We Use Your Personal Data

Zenera will only use your personal data where we have a lawful basis to do so. The purposes for which we process your personal data, and the corresponding legal bases, are set out in the table below:

Purpose / Activity
Type of Data
Lawful Basis
Retention



To register you as a user and create your account.
Identity, Contact, Profile
Performance of a contract
Duration of account + 2 years

To provide, maintain, and improve our software services.
Identity, Contact, Profile, Usage, Technical
Performance of a contract; Legitimate interests
Duration of subscription

To process payments and manage subscriptions.
Identity, Contact, Financial, Transaction
Performance of a contract; Legitimate interests
6 years (tax/legal)

To respond to enquiries, support requests, and communications.
Identity, Contact, Communications
Performance of a contract; Legitimate interests
3 years from last contact

To send you service updates, notices, or changes to our terms.
Identity, Contact, Communications
Legal obligation; Legitimate interests
Duration of contract

To conduct analytics and improve our platform.
Technical, Usage
Legitimate interests
26 months

To send marketing communications (with your consent).
Identity, Contact, Usage, Profile
Consent; Legitimate interests
Until opt-out or 3 years

To administer our website and ensure its security.
Technical, Usage
Legitimate interests; Legal obligation
12 months

To comply with legal and regulatory obligations.
All relevant categories
Legal obligation
As required by law

Purpose / Activity	Type of Data	Lawful Basis	Retention
To register you as a user and create your account.	Identity, Contact, Profile	Performance of a contract	Duration of account + 2 years
To provide, maintain, and improve our software services.	Identity, Contact, Profile, Usage, Technical	Performance of a contract; Legitimate interests	Duration of subscription
To process payments and manage subscriptions.	Identity, Contact, Financial, Transaction	Performance of a contract; Legitimate interests	6 years (tax/legal)
To respond to enquiries, support requests, and communications.	Identity, Contact, Communications	Performance of a contract; Legitimate interests	3 years from last contact
To send you service updates, notices, or changes to our terms.	Identity, Contact, Communications	Legal obligation; Legitimate interests	Duration of contract
To conduct analytics and improve our platform.	Technical, Usage	Legitimate interests	26 months
To send marketing communications (with your consent).	Identity, Contact, Usage, Profile	Consent; Legitimate interests	Until opt-out or 3 years
To administer our website and ensure its security.	Technical, Usage	Legitimate interests; Legal obligation	12 months
To comply with legal and regulatory obligations.	All relevant categories	Legal obligation	As required by law

4.1 Marketing

We may use your Identity, Contact, Technical, Usage, and Profile Data to form a view on what products, services, or features may be of interest to you. You may receive marketing communications from us if you have provided consent or were permitted under the ‘soft opt-in’ provisions for existing customers under the Privacy and Electronic Communications Regulations (PECR).

We will always obtain your explicit opt-in consent before sharing your personal data with any third party for their own marketing purposes. You may withdraw your consent or opt out of receiving marketing communications from us at any time by following the unsubscribe link within any marketing email, or by contacting us directly at support@zenera.co.uk.

5. Legal Bases for Processing

Under UK data protection law, we are required to identify a lawful basis for each purpose for which we process your personal data. The legal bases we rely upon are as follows:

Performance of a Contract: Processing necessary to fulfil our contractual obligations to you, or to take steps prior to entering into a contract with you, for example, creating your account or delivering our software services.

Legitimate Interests: Processing necessary for the purposes of our legitimate business interests, where those interests are not overridden by your rights and freedoms. This includes improving our services, preventing fraud, administering our systems, and conducting direct marketing to existing customers. We carry out a balancing test before relying on this basis, and you may request details of our assessment.

Legal Obligation: Processing required to comply with our obligations under applicable law, including tax, accounting, and regulatory requirements.

Consent: Where none of the above bases applies, we will ask for your express, informed consent before processing your personal data. You have the right to withdraw your consent at any time, without affecting the lawfulness of any processing carried out prior to its withdrawal.

6. Disclosure of Your Personal Data

Zenera does not sell your personal data to third parties. We may, however, disclose your personal data in the following limited circumstances:

6.1 Service Providers and Data Processors

We share personal data with carefully selected third-party service providers who assist us in operating our business, including:

Cloud infrastructure and hosting providers.
Payment processing and subscription management platforms.
Customer relationship management (CRM) and marketing automation tools.
Analytics and website monitoring services.
Legal, financial, and professional advisors.

All such third parties are contractually required to process your data only in accordance with our instructions, to implement appropriate security measures, and to treat your data in full compliance with applicable UK data protection legislation.

6.2 Business Transfers

In the event that Zenera is subject to a merger, acquisition, restructuring, or sale of all or part of its business or assets, your personal data may be disclosed to prospective purchasers or their advisors as part of the due diligence process, and subsequently transferred to the new owners. Any such transfer will be subject to confidentiality undertakings.

6.3 Legal and Regulatory Obligations

We may disclose your personal data where we are under a legal duty to do so, including in response to an order from a court, regulator, or governmental authority. Where lawful and practicable, we will endeavour to notify you of any such disclosure.

7. International Transfers of Personal Data

In certain circumstances, it may be necessary to transfer your personal data to countries or territories outside the United Kingdom or European Economic Area (EEA). Where such transfers occur, we take all steps necessary to ensure that your data is afforded a level of protection equivalent to that which it would receive in the United Kingdom.

Safeguards we may implement include:

Standard Contractual Clauses (SCCs) approved by the relevant supervisory authority.
Transfers to countries deemed by the Secretary of State to provide an adequate level of data protection.
Binding Corporate Rules, where applicable within a corporate group.
UK International Data Transfer Agreement (IDTA) or other approved transfer mechanisms.

You are welcome to contact us at support@zenera.co.uk for further details of the specific safeguards applied to any international transfers of your personal data.

8. Data Security

Zenera takes the security of your personal data extremely seriously. We have implemented appropriate technical and organisational measures to protect your personal data against accidental loss, unauthorised access, misuse, disclosure, alteration, or destruction. These measures include:

Encryption of data in transit and at rest.
Role-based access controls, ensuring that only authorised personnel may access personal data on a strict need-to-know basis.
Regular security assessments, penetration testing, and vulnerability management.
Staff training on data protection and information security obligations.
Incident response and breach notification procedures.

Where we engage third-party processors to handle personal data on our behalf, we require them to implement security standards no less rigorous than our own.

In the event of a personal data breach that is likely to result in a risk to individuals, we will notify the Information Commissioner's Office within 72 hours where required under applicable law. We maintain documented procedures for detecting, reporting, and investigating data security incidents.

9. Data Retention

We will retain your personal data only for as long as is necessary to fulfil the purposes set out in this Privacy Policy, including for the purposes of satisfying any legal, regulatory, accounting, or reporting obligations.

In determining the appropriate retention period for any category of personal data, we consider the following factors:

The amount, nature, and sensitivity of the personal data.
The potential risk of harm from unauthorised use or disclosure.
The purposes for which we process the data and whether we can achieve those purposes through other means.
Applicable statutory limitation periods and legal obligations.

As a general guide, we apply the following retention periods:

Account and subscription data: retained for the duration of your contract, plus a further two years following termination.
Financial and transaction records: retained for a minimum of six years in compliance with HMRC requirements.
Marketing consent records: retained for the duration of the marketing relationship, plus three years.
Website analytics data: retained for up to 26 months.
Security and system logs: retained for up to 12 months.

On expiry of the applicable retention period, we shall securely delete or anonymise your personal data in accordance with our data disposal procedures. In some circumstances, we may anonymise your personal data for research or statistical purposes, in which case it will no longer constitute personal data and may be retained indefinitely.

10. Cookies and Tracking Technologies

Our website makes use of cookies and similar tracking technologies in order to distinguish you from other users, enhance your browsing experience, and assist us in improving our services. Where required by law, cookies will only be placed on your device after you have provided consent through our cookie consent banner. You may manage or withdraw your cookie preferences at any time.

10.1 Types of Cookies We Use

Strictly Necessary Cookies: Essential to the operation of our website. Without these cookies, the services you have requested cannot be provided.

Performance and Analytics Cookies: Used to collect information about how visitors use our website, enabling us to improve its functionality and performance. We use Google Analytics for this purpose.

Functionality Cookies: Allow our website to remember your preferences and settings, such as language or region, providing you with a more personalised experience.

Targeting and Marketing Cookies: Set by us or third-party advertising partners to record your visit to our website and the pages you have visited. These may be used to make our advertising more relevant to your interests.

10.2 Managing Your Cookie Preferences

You may control or disable cookies through the settings of your web browser. Please note, however, that disabling certain cookies may affect the functionality of our website and your ability to access certain features. Most browsers accept cookies automatically, but you can amend your settings via your browser's help function.

You may also opt out of certain third-party tracking via the following mechanisms:

Google Analytics opt-out: https://tools.google.com/dlpage/gaoptout
Network Advertising Initiative: www.networkadvertising.org/choices
Digital Advertising Alliance: www.aboutads.info/choices

11. Your Legal Rights

Under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018, you have the following rights in relation to your personal data. There is ordinarily no charge for exercising these rights, although we reserve the right to levy a reasonable fee in the case of requests that are manifestly unfounded, repetitive, or excessive.

To exercise any of the rights listed below, please contact us at support@zenera.co.uk. We aim to respond to all valid requests within one calendar month, though we may take up to three months in cases of complexity or volume, in which case we shall keep you duly informed.

11.1 Summary of Your Rights

Right of Access: You have the right to obtain a copy of the personal data we hold about you and to verify that we are processing it lawfully.

Right to Rectification: You have the right to require us to correct any inaccurate or incomplete personal data held about you without undue delay.

Right to Erasure ('Right to be Forgotten'): You have the right to request the deletion of your personal data where there is no compelling reason for its continued processing, subject to certain legal exceptions.

Right to Restriction of Processing: You have the right to request that we suspend the processing of your personal data in certain circumstances, for example, whilst we verify the accuracy of data you have contested.

Right to Data Portability: Where processing is based on your consent or on the performance of a contract, you have the right to receive your personal data in a structured, commonly used, machine-readable format and to have it transmitted to another controller.

Right to Object: You have the right to object to the processing of your personal data where we rely on legitimate interests as our legal basis, or where we process your data for direct marketing purposes. We shall cease such processing unless we can demonstrate compelling legitimate grounds that override your interests, rights, and freedoms.

Right to Withdraw Consent: Where processing is based on your consent, you have the right to withdraw that consent at any time. Withdrawal does not affect the lawfulness of any processing carried out prior to withdrawal.

Right to Lodge a Complaint: You have the right to lodge a complaint with the Information Commissioner's Office (ICO) at any time. Contact details: www.ico.org.uk.

12. Third-Party Personal Data

Zenera's software platform may enable users to upload, manage, or otherwise process personal data relating to third parties, for example, contact records, client data, or employee information, in the course of using our services. In such circumstances, you act as the data controller in respect of that third-party personal data, and Zenera acts as your data processor.

You are solely responsible for ensuring that your collection and use of any such third-party personal data complies with all applicable data protection and privacy laws, including the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. You must ensure that you have a lawful basis for processing such data and that any required notices or consents have been obtained.

Please refer to our Data Processing Agreement, which forms part of our Terms and Conditions, for a full description of our respective obligations in relation to any third-party personal data processed via our platform.

13. Changes to This Privacy Policy

We review this Privacy Policy regularly and reserve the right to update or amend it at any time. Any changes we make will be published on this page, and where appropriate (for example, in the case of significant changes), we shall notify you by email or via a prominent notice on our website.

The date at the top of this Privacy Policy indicates when it was last updated. We encourage you to review this Policy periodically to remain informed of how we are protecting your information. Your continued use of our website or services following the posting of any changes constitutes your acceptance of such changes.

14. Glossary of Key Terms

Data Controller: The natural or legal person, public authority, agency, or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.

Data Processor: A natural or legal person, public authority, agency, or other body which processes personal data on behalf of the controller.

Personal Data: Any information relating to an identified or identifiable natural person ('data subject').

Processing: Any operation or set of operations performed on personal data, whether or not by automated means, including collection, recording, storage, adaptation, retrieval, use, disclosure, or erasure.

UK GDPR: The UK General Data Protection Regulation, the retained EU law version of the EU General Data Protection Regulation (2016/679), as it forms part of UK domestic law by virtue of the European Union (Withdrawal) Act 2018.

Legitimate Interests: A lawful basis for processing personal data where the controller's interests are not overridden by the rights and freedoms of the data subject. A balancing test is applied before relying on this basis.

Consent: Any freely given, specific, informed, and unambiguous indication of the data subject's wishes by which they signify agreement to the processing of personal data relating to them.

ICO: The Information Commissioner's Office, the independent authority in the United Kingdom responsible for upholding information rights and data privacy.

Special Categories of Personal Data: Personal data that is particularly sensitive and deserving of enhanced protection, including data revealing racial or ethnic origin, political opinions, religious beliefs, trade union membership, genetic or biometric data, health data, or data concerning sex life or sexual orientation.

Zenera Ltd · Support@zenera.co.uk · www.zenera.co.uk

Registered in England & Wales · Registered Office: 30 Timbermans View, Basildon, Essex, SS16 4UX