Website and Service User Privacy Notice
1. Introduction
At Lexxic Ltd, we are committed to protecting and respecting your privacy. This Privacy Notice explains the types of personal information we will collect, when and why we collect personal information about people who visit our website (‘Site’) and/ or use our services, how we use it, the conditions under which we may disclose it to others, how we keep it secure, and your options. This Privacy Notice applies to the following individuals:
users of our website (https://lexxic.com)
users of Lexxic services
Lexxic personnel (employees and contractors) and job applicants
healthcare professionals
other persons involved in commercial operations (suppliers, strategic partners, shareholders/ investors, etc.)
2. Who are we?
Lexxic Ltd (referred to as ‘Lexxic’, ‘we’, ‘our’ or ‘us’) is a consultancy service which aims to support employees and organisations with the tools they need to achieve their full potential. We are a team of highly qualified psychologists who operate throughout the UK and Ireland. We specialise in providing neurodiversity services to adults in areas related to Dyslexia, Dyspraxia, Dyscalculia, ADHD and Autism Spectrum Conditions (ASC). In addition, we are passionate about technology and provide other online and e-learning services worldwide.
Lexxic Ltd is registered with the Information Commissioner’s Office (ICO) under registration reference Z332046X.
Lexxic is the data controller of any personal information that we collect about you. We are committed to protecting your privacy and keeping your personal information safe. If you have any questions about this Notice, or about our use of your personal information, please email us as stated in the ‘How can you contact us?’ section below.
3. Definitions
For the purpose of this Privacy Notice, the following terms and definitions apply:
| Term | Definition |
|---|---|
| Data Controller | For the purposes of the Data Protection Legislation, this refers to the legal entity, which alone or jointly with others, determines the purposes and means of the processing of personal information. Lexxic is the Data Controller of your Personal Data. |
| Data Processor | For the purposes of the Data Protection Legislation, refers to Lexxic’s Service Providers. |
| Data Protection Legislation | Means the Data Protection Act 2018 (‘DPA 2018’), United Kingdom General Data Protection Regulation (‘UK GDPR’), Privacy and Electronic Communications (EC Directive) Regulations 2003 (‘PECR’) and any legislation implemented in connection with the aforementioned legislation - including any replacement legislation coming into effect from time to time. |
| Personal Data | Means any information relating to you such as a name, an identification number, location data, online identifier; or to one or more factors specific to physical, physiological, genetic, mental, economic, cultural or social identity. |
| Service | Means any services provided by Lexxic - including business-to-business dealings and handling of enquiries. |
| Site | Refers to Lexxic’s website (https://lexxic.com). |
| Strategic Partner | Means any entity that has entered into a collaborative agreement with Lexxic with the aim to share skills, information and/ or other resources. |
| Supplier | Means any natural or legal person who processes the data on behalf of Lexxic. It refers to third-party companies or individuals employed by Lexxic to provide a Service on behalf of Lexxic. For the purpose of the Data Protection Legislation, Suppliers are considered Data Processors. |
| Usage Data | Refers to data collected automatically, either generated by the use of the Service or from the Service infrastructure itself (for example, the duration of a page visit). |
4. Your data: what information do we collect?
We obtain information about you when you use Lexxic Ltd’s services; for example, when you access our Site, contact us about products and services, use our services or receive our newsletter.
The personal information we collect will depend on the type of interaction with Lexxic Ltd; for example, whether you are simply making enquiries, completing a form on our Site, through your participation in one of our services, through employment with us, or other commercial transaction.
Personal information sources and types include:
| Data Subject | Personal Information |
|---|---|
| Users of this site |
|
| Users of our Services |
|
| Healthcare Professional |
|
| Lexxic Personnel (employee or contractor) |
|
| Other persons involved in commercial operations (Suppliers, Strategic Partners, Shareholders/ Investors etc.) |
|
If you make an online purchase, your card information is not held by us; it is collected by our third-party payment processors, who specialise in secure online capture and processing of credit/ debit card transactions.
5. How is your personal data used?
Your Personal Data could be used in any of the following ways, to:
deliver services – e.g. diagnostics, assessments, support training
process orders that you have submitted
carry out our obligations arising from any contracts entered into by you and us
seek your views or comments on the services we provide
notify you of changes to our services
send you communications which you have requested and that may be of interest to you
process a job application.
Your Personal Data is only used if we have legal grounds to do so which might be because:
you have provided consent, or it is necessary to allow us to deal with your request, enquiry or purchase [in accordance with GDPR Article 6(1)(a)]
we have a contractual obligation [in accordance with GDPR Article 6(1)(b)]
we have a legal or regulatory obligation to do so [in accordance with GDPR Article 6(1)(c)]
in order to protect the vital interests of you or a third party [in accordance with GDPR Article 6(1)(d)]
we have a public interest [in accordance with GDPR Article 6(1)(e)]
the information is being used legitimately to further our business aims [in accordance with GDPR Article 6(1)(f).
We may use personal information for benchmarking, analysis, and validation studies to enhance or develop our services. In this case data will be aggregated and anonymised and therefore is no longer considered personally identifiable. The norms we will develop based on this data when compared to new profiles, will generate valuable insights and help us to improve our offering to clients.
6. How long do we keep your personal data?
We review our retention periods for personal information on a regular basis. Your information will always be handled in accordance with the Data Protection Legislation. We will hold your Personal Data on our secure systems only for as long as is necessary for the relevant activity, or as long as is set out in any relevant contract you hold with us.
Lexxic follows a retention schedule which outlines how long we will retain your Personal Data. We consider the retention period to begin from the point at which we last contacted you or otherwise reviewed your record to determine whether it was still active, unless otherwise required by law. As such, your data will be retained for the period specified in the summarised table below and then securely deleted in accordance with our internal policies and procedures.
| Data Subject | Retention Period |
|---|---|
| Users of this Site | 1 year |
| Users of our Services | 6 years following the conclusion of services |
| Lexxic Personnel (employess and contractors) | 8 years following the termination of employment contract |
| Other persons involved in commercial operations (Suppliers, Strategic Partners, Shareholders/ Investors etc.) | 6 years |
7. Who has access to your personal data?
We do not swap, sell or rent your Personal Data to anyone.
As part of our day-to-day work, we may engage service providers who operate on our behalf such as Occupational Health Providers. In these circumstances, they will only have access to the personal information they need to fulfil that service and will only use that information for the purposes for which they have been instructed by us. Examples of service providers include our Clinical Psychologists who may provide The Owl Centre Ltd with personal information that would be processed by the third party.
If we are asked to share your details with other organisations that aren’t our service providers, we will only do so if: we have your permission; we have a legal or regulatory obligation to do so; we need to enforce any agreements we have with you or investigate any complaints; or we need to protect the rights, property and safety of Lexxic Ltd.
8. Where do we store your personal data?
For the most part, your Personal Data will be stored in the UK. However, there may be instances where your information is transferred outside the UK to areas with less strict data protection laws compared with those in the UK and the European Economic Area (EEA).
Lexxic uses service providers in multiple countries. Therefore, your Personal Data may be transferred to third-party business partner and service providers who are located outside the UK or EEA. We will take appropriate steps to ensure that transfers of personal information are in accordance with applicable laws. Please see ‘Do we transfer your personal data?’ section.
9. Do we transfer your personal data?
As part of the services we offer, the information which you provide to us may be transferred to countries outside the UK. By way of example, this may happen if any of our servers are from time to time located in a country outside of the UK. These countries may not have similar data protection laws to the UK. By providing us with your Personal Data, you’re agreeing to this transfer, storing or processing. If we transfer your information outside of the UK in this way, we will take reasonable steps to ensure that appropriate security measures are taken with the aim of ensuring that your privacy rights continue to be protected as outlined in this Notice and under the Data Protection Legislation.
If you use our services while you are outside the UK, your information may be transferred outside the UK in order to provide you with those services. Your data will otherwise not be transferred outside of the UK.
10. What is our email policy?
We only send newsletter emails to you if you have signed up for them on our Site, over the phone, or on one of our order forms. Our newsletter emails are designed to make sure that you get the best service from us, including being the first to know about new information and services.
However, your right to control the emails you receive is very important to us, so we ensure you can easily unsubscribe at any time. Each newsletter email we send offers you the opportunity to unsubscribe and you can find it by scrolling down to the bottom of your email and clicking ‘unsubscribe’. We recognise that your data is private, and we will not share your email data with anyone else. If you believe you have received unwanted, unsolicited email from us, sent by us or purporting to have been sent by us, please forward it to us with your comments at: hello@lexxic.com.
We sometimes track how you or groups of our customers interact with our emails to understand what content and products interests you most. This means we may track and store when you open or click on an email. Only very limited data is collected and stored; for example, email content you clicked on, web page viewed, time and date. We analyse this information to help us tailor emails to you.
11. What marketing do we perform?
We will not contact you for marketing purposes by email, phone or text message unless you have given your prior consent. You can change your marketing preferences at any time by contacting us by email: hello@lexxic.com or telephone on +44 (0) 330 311 2720.
12. Do we work in association with third-party payment providers?
If you are purchasing our products online this will be processed by a third-party payment processor, Stripe (https://stripe.com/gb/privacy) who specialises in the secure online capture and processing of credit/ debit card transactions. If you have any questions regarding secure transactions, please email us as stated in the ‘How can you contact us?’ section below.
13. Automated decision making and the use of artificial intelligence (AI) tools
Lexxic may use approved AI tools to support with certain business processes. These tools operate in accordance with documented policies, procedures, and technical controls that comply with applicable Data Protection Legislation. We do not input confidential or sensitive information into AI tools unless they have been vetted for secure processing. AI outputs are used as drafts and are always reviewed by humans before any decisions are made, or information is communicated externally. Where AI tools process data outside the UK/ EEA, we implement appropriate safeguards to ensure equivalent protection. You can request a copy of the standard data protection clauses we use by emailing us at DataProtection@lexxic.com.
14. How do we ensure data integrity and security?
When exchanging personal information, we take all reasonable steps to ensure that the Personal Data collected from you is reliable for its intended use, accurate, complete, current and secure. We use appropriate technical, administrative, and physical safeguards to protect your Personal Data from loss, misuse, or alteration. In addition, we take steps to ensure that our safeguards take into account new known threats.
Non-sensitive details (your email address etc.) are transmitted normally over the Internet, and this can never be guaranteed to be 100% secure. As a result, while we strive to protect your Personal Data, we cannot guarantee the security of any information you transmit to us via email or the internet, and you do so at your own risk. Once we receive your information, we make our best effort to ensure its security on our systems. We also caution you to guard your own computer and password against unauthorised access by others. Any detected breach of data security (accidental or unlawful access, disclosure or misuse of personal information) shall be reported without undue delay.
15. How do we ensure children’s privacy?
Lexxic does not seek or knowingly collect any personal information about minors/ children under 16 years of age. If we become aware that we have unknowingly and/ or unintentionally collected personal information from a minor/ child under the age of 16, we will make commercially reasonable efforts to delete such information from our database.
If you are the parent or guardian of a minor/ child who has provided us with Personal Data, you may email us as stated in the ‘How can you contact us?’ section below, to request that the information is deleted.
16. Do we link to other websites?
Our Site may contain links to other websites run by other organisations. This Privacy Notice applies only to our Site‚ so we encourage you to read the privacy statements on the other websites you visit. Lexxic is not responsible for the privacy policies and practices of other websites even if you access them using links from our Site.
In addition, if you linked to our Site from a third-party website, we cannot be responsible for the privacy policies and practices of that third-party website - and recommend that you check the policy of that third-party website.
17. What are your privacy rights?
By law you have the right to:
request a copy of your Personal Data which Lexxic holds about you
be informed about the collection and use of your Personal Data. We ensure we do this via our Privacy Notices (including this document). These are regularly reviewed and updated to ensure they accurately reflect our processing activities
request that Lexxic correct any personal information if it is found to be inaccurate or out of date
request that your Personal Data be erased where it is no longer necessary for Lexxic to retain such data
withdraw your consent to the processing of personal information to which you earlier provided consent for processing
request that Lexxic provides you with an export of your Personal Data and where possible, to transmit that data directly to another data controller (known as the right to data portability)
where there is a dispute in relation to the accuracy or processing of your Personal Data, to request a restriction be placed on further processing
object to the processing of personal information (where applicable)
lodge a complaint with a data supervisory authority.
18. How can you contact us?
If you have any questions about this Privacy Notice or the way your Personal Data is processed - or wish to exercise one of your privacy rights as set out above, please contact us as follows:
by post: Lexxic Ltd, Old Station House, Station Approach, Swindon, Wiltshire, SN1 3DU, United Kingdom
by phone: +44 (0) 330 311 2720
by email: hello@lexxic.com.
Our appointed Data Protection Officer (DPO) may be contacted as follows:
by post: The DPO Centre Ltd., 50 Liverpool Street, London EC2M 7PY, United Kingdom
by telephone: +44 (0) 203 797 1289
by email: DataProtection@lexxic.com
19. How can you file a complaint?
If you have a complaint about how we use your Personal Data, please contact us. We will investigate and attempt to promptly resolve any complaints regarding use and disclosure of personal information.
If you are not satisfied with our response, we commit to cooperating with the regulatory body. You may lodge a complaint with the Information Commissioner’s Office (ICO) – as follows:
by post: Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF, United Kingdom
by telephone: +44 (0) 303 123 1113
web: https://ico.org.uk/.
20. Changes to this privacy notice
We keep this Notice under regular review – and it may be updated from time to time, to reflect the changes in our services as well as Data Protection Legislation. We may release information or send notifications, to inform you of any major changes to the Privacy Notice and indicate when the latest update was made at the bottom of the Privacy Notice. We encourage you to review our Privacy Notice periodically.
This Privacy Notice will become effective on 6th of January 2026.