Privacy Policy

Data Processing Notice (“Notice”)

Who are we?

We are Ormotec Limited (“Ormotec”, “we”, “us”, “our”). We are a financial modelling and advisory company providing analytical, modelling, and related professional services to businesses in the United Kingdom and internationally.

Why have we taken the time to write this Notice?

Transparency and trust are particularly important in our line of work and are committed to protecting personal data. This Notice explains how we handle personal information responsibly.

When does this Notice apply?

This Notice explains how we collect and use personal data when:

  • you visit or interact with our website;

  • you contact us or communicate with us directly;

  • we provide services to you or to the organisation you work for;

  • we receive personal data in the course of providing our services to another organisation.

Browsing or interacting with third-party websites linked from our website is subject to those websites’ own privacy policies.

Core data protection principles

We handle personal data in accordance with the following principles:

  • Lawfulness, fairness and transparency

  • Purpose limitation

  • Data minimisation

  • Accuracy

  • Storage limitation

  • Integrity and confidentiality

  • Accountability

What personal data do we collect?

When we act as a data controller We may collect and use personal data when:

  • you use our website;

  • you submit an enquiry or contact request;

  • you receive marketing or informational communications from us;

  • we provide services directly to you or to your organisation.

The personal data we collect may include:

  • Names

  • Business contact details (such as email address and job title)

  • Company and role information

  • Communications with us

  • Information necessary to deliver our services

  • Opinions or feedback shared in a professional context

When we act as a data processor

In some engagements, Ormotec acts on the instructions of another organisation. In these cases, that organisation determines what personal data is collected and how it is used. Where this applies, you should also review the privacy notice of the relevant organisation to understand your rights.

Marketing communications

We may use business contact details to send marketing or informational communications about our services, insights, or events.

Our legal basis for this processing is legitimate interest, as our communications are business-to-business in nature and relevant to professional recipients. You have the right to object to marketing at any time, and every marketing communication will include a clear method for opting out.

Legal basis for processing

We process personal data on one or more of the following legal bases:

  • Contract – where processing is necessary to deliver services

  • Legitimate interests – to operate, improve, and market our business responsibly

  • Consent – where explicitly provided

  • Legal obligation – where required by law

Special category data

In limited circumstances, we may receive special category personal data (for example, information shared to accommodate availability or accessibility needs). Such data is used only where necessary and handled with additional care and appropriate safeguards.

International data transfers

Ormotec is based in the United Kingdom but works with clients internationally, including in the United States. Personal data may be processed outside the UK where required to deliver our services. Where international transfers occur, we ensure appropriate safeguards are in place in accordance with applicable data protection laws.

Sharing your personal data

We do not sell personal data and do not share it for advertising purposes.

Access to personal data is limited to individuals who require it to perform their role. We do not routinely share personal data with third parties, except where required by law or necessary to meet legal, accounting, or regulatory obligations.

Automated decision-making

We do not use automated decision-making or profiling that produces legal or similarly significant effects.

Data security

We have implemented appropriate technical and organisational measures to protect personal data against unauthorised access, loss, misuse, alteration, or disclosure. Access to personal data is restricted to those with a legitimate business need and subject to confidentiality obligations.

We maintain procedures to address suspected personal data breaches and will notify affected individuals and regulators where legally required.

Data retention

We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, including to meet legal, regulatory, or contractual obligations. Where possible, data is securely deleted or anonymised once it is no longer required.

Your rights

Under UK data protection law, and applicable US privacy laws where relevant, you have the right to:

  • Access your personal data

  • Request correction of inaccurate data

  • Request erasure of your personal data

  • Restrict or object to processing

  • Withdraw consent where processing is based on consent

  • Receive your data in a portable format

  • Object to marketing communications at any time

To exercise any of these rights, please contact us using the details below.

Your right to complain

If you have concerns about how we handle personal data, we encourage you to contact us first so we can address the issue. You also have the right to lodge a complaint with the UK Information Commissioner’s Office (ICO) or another relevant supervisory authority.

Changes to this Notice

We may update this Privacy Policy from time to time. Any updates will be published on our website, and the revised policy will apply from the date of publication.

Contact us

If you have any questions about this Privacy Policy or how your personal data is handled, please contact us at:

Email: [email protected]