Last updated: 14th November 2025
1. Important Information and Who We Are
This privacy policy explains how 28X Limited (“28X”, “we”, “us”, or “our”) collects and uses your personal data when you use our website https://www.my28x.com.
This website is designed to provide information about our company and our mobile application (the “App”). We do not sell products or services directly through this website.
We only collect limited personal data — most likely your name, telephone number and email address, if you choose to contact us via email.
Controller:
28X Limited is the controller responsible for your personal data for the purposes of both the UK General Data Protection Regulation (UK GDPR) and the EU General Data Protection Regulation (EU GDPR).
If you have any questions about this privacy policy, including any requests to exercise your data protection rights, please contact us using the details in Section 10 below.
This website is not intended for children, and we do not knowingly collect data relating to children.
2. The Types of Personal Data We Collect About You
We collect and process only the personal data necessary to operate this website and respond to your enquiries.
This may include:
Identity Data: your name (if provided).
Contact Data: your email address and telephone number (if provided).
Technical Data: limited technical information such as your IP address, browser type and version, and operating system, collected automatically through cookies or similar technologies.
We do not collect financial data, transactional data, or marketing preferences. We do not use your data for profiling or automated decision-making.
3. How Is Your Personal Data Collected?
We collect your data through the following methods:
Direct interactions: when you correspond with us by email.
Automated technologies: when you visit our website, certain technical data may be collected automatically using cookies or similar technologies.
We do not obtain data from third parties or public sources.
4. How We Use Your Personal Data
We will only use your personal data where we are permitted to do so by law.
The purposes for which we use your personal data are:
Purpose
To respond to your enquiry
Type of Data
Identity, Contact
Legal Basis for Processing
Legitimate interest (to respond to enquiries and operate our business effectively)
Purpose
To maintain the security and functionality of our website
Type of Data
Technical
Legal Basis for Processing
Legitimate interest (to ensure the proper functioning and security of our website)
Purpose
To comply with legal or regulatory obligations
Type of Data
Identity, Contact
Legal Basis for Processing
Legal obligation (to comply with applicable laws or requests from authorities)
5. Disclosures of Your Personal Data
We may share your personal data only with:
Service providers who support our website and IT systems (for example, website hosting or email hosting providers). These parties are bound by confidentiality and data protection obligations; and
Regulators or authorities if required by law.
We do not sell or otherwise share your personal data with third parties for advertising, marketing, or
commercial purposes.
6. International Transfers
28X Limited is based in the United Kingdom, but our website may be accessible to users in the European Union.
We do not routinely transfer your personal data outside the UK or the European Economic Area (EEA).
If it becomes necessary to transfer your data internationally (for example, through a service provider
located outside the UK or EEA), we will ensure that appropriate safeguards are in place, such as:
Transfers to countries deemed to provide an adequate level of data protection by the UK or the EU; or
Use of standard contractual clauses or the UK International Data Transfer Agreement/Addendum, which provide equivalent protections for your data.
You can request further details of these safeguards by contacting us (see Section 10).
7. Data Security
We have implemented appropriate technical and organisational measures to protect your personal data against accidental loss, misuse, unauthorised access, alteration, or disclosure.
Access to your personal data is restricted to employees, contractors, or service providers who need it for legitimate business purposes and are subject to confidentiality obligations.
We also maintain procedures to deal with any suspected personal data breach and will notify you and the relevant supervisory authority where legally required.
8. Data Retention
We will only retain your personal data for as long as necessary to fulfil the purposes for which it was collected.
Email submissions are normally retained for up to 12 months after the last correspondence, unless required longer for legal or operational reasons.
Once the retention period expires, your personal data will be securely deleted or anonymised.
9. Your Legal Rights
Under both the UK GDPR and the EU GDPR, you have the following rights regarding your personal data:
Access: request a copy of the personal data we hold about you.
Correction: request correction of any incomplete or inaccurate data.
Erasure: request deletion of your personal data where there is no lawful reason for us to
continue processing it.
Restriction: request limitation of how we process your data in certain circumstances.
Objection: object to processing where we rely on legitimate interests as our legal basis.
Data Portability: request transfer of your data to you or another controller in a structured, machine-readable format.
Withdraw Consent: where we rely on consent (though we generally do not), you may withdraw it at any time.
To exercise any of these rights, please contact us (see Section 10).
You will not have to pay a fee unless your request is clearly unfounded or excessive. We may need to confirm your identity before processing your request.
We aim to respond to all legitimate requests within one month.
10. Contact Details
If you have any questions about this privacy policy or wish to exercise your rights, please contact:
28X Limited
Email: info@my28x.com
Postal address: 20 Wenlock Road, London, N1 7GU
11. Complaints
If you are based in the UK, you have the right to make a complaint to the Information Commissioner’s
Office (ICO): Website: www.ico.org.uk
If you are based in the EU, you may also contact your local data protection authority. A list of EU data
protection authorities is available here: https://edpb.europa.eu/about-edpb/board/members_en
12. Changes to This Privacy Policy
We keep our privacy policy under regular review and may update it from time to time. The most recent version will always be available on this page, showing the date of the latest update.
Please check back periodically to stay informed about how we handle your personal data.
13. Third-Party Links
Our website may contain links to external websites, plug-ins, or applications. Clicking on those links may allow third parties to collect or share data about you.
We do not control these third-party websites and are not responsible for their privacy practices. We encourage you to read the privacy policy of every website you visit.
.svg)
