Privacy Policy

Last updated: 26 May 2026  |  Devruno Ltd, United Kingdom

Important notice: This is a draft privacy policy generated for review purposes only. It must be reviewed by a qualified legal professional before being relied upon as a legally compliant document.

1. Who We Are

Devruno Ltd ("Devruno", "we", "our", "us") is an AI and enterprise systems consultancy registered in England and Wales under company number 17162083, with its registered office at C/O Quastels LLP, Second Floor South, 55 Baker Street, W1U 8EW. Our primary website is devruno.uk. We are the data controller for personal data collected through this website and in the course of providing our services.

Devruno is registered with the UK Information Commissioner's Office (ICO) under registration number ZC132926. You can verify this on the ICO public register.

As a small organisation whose core activities do not involve large-scale processing of personal data or special category data, we are not required to appoint a Data Protection Officer under UK GDPR. Privacy enquiries are handled by Devruno's leadership team.

For any privacy-related enquiries, please contact us at: admin@devruno.uk

2. What Data We Collect

We may collect and process the following categories of personal data:

• Contact information: name, email address, telephone number, and company name submitted via our contact form or during business communications.
• Technical data: IP address, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access this website.
• Usage data: information about how you use our website, including pages visited, time spent, and referring URLs.
• Communications data: records of communications between you and Devruno, including emails and form submissions.
• Client data: information provided in the course of procuring or receiving our services, including billing details, project requirements, and relevant business information.

3. How We Collect Data

We collect personal data through the following means:

• Direct interactions — when you contact us via our website contact form, by email, or by telephone.
• Automated technologies — cookies and similar tracking technologies may collect technical and usage data as you browse our website.
• Third parties — we may receive data from analytics providers, search engines, or publicly available sources.

4. Why We Use Your Data (Legal Basis)

We process your personal data on the following legal bases under UK GDPR:

• Legitimate interests: to respond to enquiries, to operate and improve our website, and to promote our services to relevant businesses.
• Contract performance: to deliver services you have engaged us to provide, and to manage the contractual relationship.
• Legal obligation: to comply with applicable laws, regulations, and legal proceedings.
• Consent: where you have explicitly provided consent, for example to receive marketing communications.

5. How We Use Your Data

We use your personal data to:

• Respond to your enquiries and provide the services you have requested.
• Manage our business relationship with you, including billing and account management.
• Improve and personalise our website and service offering.
• Send service-related communications (e.g. project updates, invoices).
• Comply with legal and regulatory requirements.
• Send marketing communications where you have opted in, or where we have a legitimate interest in doing so.

6. Data Sharing

We do not sell your personal data. We may share your data with carefully selected third parties in the following circumstances:

• Service providers: companies that help us deliver our services (e.g. hosting providers, email platforms, project management tools). These companies are contractually required to handle data securely and only as instructed by us.
• Legal requirements: where required by law, court order, or regulatory authority.
• Business transfers: in connection with any merger, acquisition, or sale of company assets, in which case personal data may be transferred as a business asset.

7. Data Retention

We retain personal data for as long as necessary to fulfil the purposes for which it was collected, including to satisfy any legal, accounting, or reporting requirements. In general:

• Contact form enquiries are retained for up to 2 years.
• Client records are retained for 7 years following the end of the contract, in line with standard UK accounting and legal requirements.
• Email correspondence is retained for as long as needed to manage the relationship, and is reviewed periodically for deletion.

8. Your Rights

Under UK GDPR, you have the following rights regarding your personal data:

• Right of access — to request a copy of the personal data we hold about you.
• Right to rectification — to request correction of inaccurate or incomplete data.
• Right to erasure — to request deletion of your data in certain circumstances.
• Right to restrict processing — to request that we limit how we use your data.
• Right to data portability — to receive your data in a structured, machine-readable format.
• Right to object — to object to processing based on legitimate interests or for direct marketing.
• Right to withdraw consent — where we rely on consent (for example, marketing communications), you may withdraw it at any time without affecting the lawfulness of processing prior to withdrawal.
• Rights related to automated decision-making — we do not engage in solely automated decision-making that produces legal or similarly significant effects.

To exercise any of these rights, please contact us at admin@devruno.uk. We will respond within 30 days. You also have the right to lodge a complaint with the Information Commissioner's Office (ICO).

9. Cookies and Tracking

This website does not use any analytics, advertising, or tracking cookies. We do not deploy Google Analytics, Meta Pixel, or any third-party behavioural tracking.

Our hosting provider may set a small number of strictly necessary cookies or similar identifiers required to deliver the website (for example, to operate the contact form's anti-spam protection or to maintain a secure connection). These do not require consent under the Privacy and Electronic Communications Regulations (PECR) because they are essential to the service you have requested.

If we introduce analytics or other non-essential cookies in the future, we will update this policy and present a cookie consent banner before any such cookies are set.

10. International Data Transfers

Some of the service providers we rely on (for example, our website host and email provider) may process data outside the United Kingdom, including in the European Economic Area (EEA) and the United States. Where data is transferred outside the UK, we ensure an appropriate safeguard is in place under UK GDPR, which may include:

• Transfers to countries the UK has determined provide an adequate level of data protection (e.g. EEA countries).
• The UK International Data Transfer Agreement (IDTA), the UK Addendum to the EU Standard Contractual Clauses, or equivalent contractual protections.
• Other valid transfer mechanisms recognised under UK GDPR.

You can request further details about specific transfers by contacting us at admin@devruno.uk.

11. Children's Data

Our website and services are directed at businesses and adult professionals. We do not knowingly collect personal data from children under the age of 16. If you believe a child has provided personal data through our website, please contact us at admin@devruno.uk and we will delete it.

12. Special Category Data

We do not intentionally collect or process special category personal data (such as data revealing racial or ethnic origin, political opinions, religious beliefs, trade union membership, genetic or biometric data, health data, or data concerning sex life or sexual orientation) through this website. If special category data is necessary in the course of a specific client engagement, that processing will be governed by a separate Data Processing Agreement and an appropriate lawful basis under Article 9 of UK GDPR.

13. Marketing Communications

We will only send you marketing communications where you have explicitly opted in, or where you are an existing or prospective business contact and we have a legitimate interest in promoting related services. You can opt out of marketing communications at any time by using the unsubscribe link in any marketing email, or by contacting us at admin@devruno.uk.

14. Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, loss, alteration, or disclosure. These include encrypted communications (HTTPS), access controls, and regular security assessments. However, no method of transmission over the internet is entirely secure, and we cannot guarantee absolute security.

15. Third-Party Links

Our website may contain links to third-party websites. We are not responsible for the privacy practices of those sites and encourage you to review their privacy policies.

16. Changes to This Policy

We may update this Privacy Policy from time to time. We will post the revised policy on this page with an updated "last updated" date. We encourage you to review this policy periodically.

17. Contact Us

For any questions about this Privacy Policy or our data practices, please contact:

Devruno Ltd
Email: admin@devruno.uk
Website: devruno.uk