Data Protection & GDPR Policy

Devology Labs acts as a data controller for personal data we collect directly (for example, when you contact us through this website), and as a data processor for personal data we handle on behalf of our clients.

We comply with the UK General Data Protection Regulation (UK GDPR), the EU General Data Protection Regulation (EU GDPR) where applicable, and the Data Protection Act 2018.

Through this website and direct correspondence, we may collect: your name, email address, company, and any information you choose to share when contacting us. We may also collect technical data (IP address, browser type, pages visited) for security and analytics.

Within client engagements, the categories of personal data we process are defined in the engagement contract or data processing agreement.

We rely on the following lawful bases under Article 6 of the UK GDPR: (a) legitimate interests for routine business communication and analytics; (b) contract for delivering services to clients; (c) consent where required (for example, optional marketing communications); and (d) legal obligation where required by law.

You have the right to access, correct, delete, restrict, port, or object to our processing of your personal data, and to withdraw consent at any time. To exercise any of these rights, contact us at hello@devology.io.

You also have the right to complain to a supervisory authority — in the UK, the Information Commissioner's Office (ICO) at ico.org.uk.

We retain personal data only for as long as necessary to fulfil the purpose for which it was collected, or to comply with legal, accounting, or reporting obligations. Specific retention periods are set in our internal data retention schedule.

Devology Labs operates across the United Kingdom, the European Union, and the United States. Where personal data is transferred between these jurisdictions, we rely on appropriate safeguards including UK and EU adequacy decisions, Standard Contractual Clauses, and the UK International Data Transfer Addendum.

We apply technical and organisational security measures including encryption in transit, access controls, and regular review of vendor security posture. Suspected personal data breaches are investigated immediately and notified to the relevant supervisory authority within 72 hours where required.

For any data protection enquiry, contact us at hello@devology.io. This policy is reviewed at least annually.