This Privacy Policy explains how Division Group collects, uses, shares, and protects personal information when you visit dvsngroup.com, contact us, or engage us for professional services. It also describes the rights available to you under the privacy laws applicable in your location.
This Policy supplements, and should be read alongside, our Cookie Policy.
Who We Are
"Division Group" or "the Firm" means the business operating under the name "Division Group," to be formally incorporated as a private limited company. Full legal entity details (including registered office and company registration number) will be provided in each Engagement Letter and reflected in this Policy upon incorporation.
For the purposes of the EU and UK General Data Protection Regulations and equivalent privacy laws, Division Group is the controller of personal information collected through this website and through professional engagements.
You can reach us at contact@dvsngroup.com for any privacy-related question, including to exercise the rights described below.
EU and UK Representative
For visitors and clients in the European Economic Area, Division Group has appointed a representative under Article 27 of the EU GDPR. For visitors and clients in the United Kingdom, Division Group has appointed a representative under Article 27 of the UK GDPR. Representative contact details will be published here once appointment is finalised, and may also be obtained on request from contact@dvsngroup.com.
Information We Collect
| Category | Examples | Source |
|---|---|---|
| Contact details | Name, email address, organisation, role, message content | You, when you contact us via the website, email, or during an engagement |
| Engagement information | Information exchanged during professional engagements, including correspondence, meeting notes, and documents you share with us | You and your organisation |
| Technical data | IP address, browser type, device type, operating system, referring URL, pages visited, time stamps | Your browser, automatically |
| Analytics identifiers | Cookie IDs and pseudonymous identifiers set by Google Analytics 4 and Microsoft Clarity (subject to your consent — see Cookie Policy) | Your browser, after consent |
We do not knowingly collect special categories of personal data (such as health, racial or ethnic origin, religious beliefs, or biometric data), and we do not knowingly collect personal information from children under 16.
Why We Collect It and Our Lawful Basis
| Purpose | Lawful basis (GDPR / UK GDPR) |
|---|---|
| Responding to enquiries received via the website or email | Legitimate interest in operating and growing our business; pre-contractual steps at your request |
| Delivering professional services under an Engagement Letter | Performance of a contract |
| Maintaining records of engagements, invoices, and correspondence | Legal obligation (tax and accounting); legitimate interest in maintaining business records |
| Understanding how the website is used (analytics) | Consent |
| Protecting the security of the website and our systems | Legitimate interest in protecting our infrastructure and visitors |
| Complying with legal, regulatory, or professional obligations | Legal obligation |
Who We Share It With
We do not sell personal information, and we do not share it with third parties for advertising purposes. We share personal information only with the following categories of recipients, and only to the extent necessary:
- Service providers who support our operations — including Hostinger International Ltd. (website hosting), Apple Inc. (email via iCloud Custom Email Domain), Formspree Inc. (contact form delivery), Google LLC (Google Analytics 4 and reCAPTCHA spam protection), and (subject to your consent) Microsoft Corporation (Microsoft Clarity). These providers act as our processors under their standard data processing terms.
- Professional advisers such as accountants, auditors, lawyers, and insurers, where reasonably necessary.
- Authorities, courts, and regulators where we are legally required to disclose information.
- Successors in the event of a reorganisation, merger, or sale of the business, subject to appropriate confidentiality protections.
International Data Transfers
Some of our service providers — including Hostinger, Apple, Google, and Microsoft — process personal information in the United States. When personal information is transferred outside the European Economic Area, the United Kingdom, or Switzerland, we rely on appropriate safeguards, which may include the European Commission's Standard Contractual Clauses, the UK International Data Transfer Addendum, the EU–US, UK, and Swiss–US Data Privacy Framework certifications of the relevant provider, or other lawful mechanisms.
You may request a copy of the safeguards in place for any specific transfer by contacting us at contact@dvsngroup.com.
How Long We Keep It
| Category | Retention period |
|---|---|
| Enquiries that do not result in an engagement | Up to 24 months from last contact, then deleted |
| Engagement records, correspondence, and deliverables | Duration of the engagement, plus 7 years to meet professional, tax, and statutory limitation requirements |
| Invoices and accounting records | As required by applicable tax law (typically 7–10 years) |
| Analytics data | As described in the Cookie Policy (typically 14 months for Google Analytics 4) |
| Server and security logs | Up to 12 months |
Security
We use reasonable technical and organisational measures to protect personal information against accidental or unlawful loss, alteration, disclosure, or unauthorised access. These include encryption of data in transit (HTTPS), restricted access to systems containing personal information, vendor due diligence, and prompt patching of known vulnerabilities. No method of transmission or storage is fully secure; we cannot guarantee absolute security.
Your Rights
Depending on where you are located, you have some or all of the following rights in relation to your personal information:
| Right | What it means |
|---|---|
| Access | Obtain confirmation of whether we hold personal information about you and a copy of that information |
| Rectification | Correct inaccurate or incomplete personal information |
| Erasure | Ask us to delete personal information, subject to legal exceptions |
| Restriction | Ask us to limit how we use your personal information in certain circumstances |
| Objection | Object to processing based on legitimate interest |
| Portability | Receive personal information you provided to us in a structured, commonly used, machine-readable format |
| Withdraw consent | Withdraw consent at any time where processing is based on consent (without affecting the lawfulness of processing before withdrawal) |
| Complain | Lodge a complaint with the data protection authority in your country |
To exercise any of these rights, contact us at contact@dvsngroup.com. We will respond within the timeframe required by the law applicable to you (generally 30 days under EU/UK GDPR, extendable by a further 60 days for complex requests; 45 days under CCPA/CPRA, extendable by a further 45 days). We may need to verify your identity before responding.
Region-Specific Information
European Economic Area, United Kingdom, and Switzerland. You have the rights set out above under the EU GDPR, UK GDPR, and the Swiss Federal Act on Data Protection (FADP) respectively. You may also lodge a complaint with your national supervisory authority — for example, the UK Information Commissioner's Office (ico.org.uk), the Irish Data Protection Commission (dataprotection.ie), the French CNIL (cnil.fr), or the Swiss Federal Data Protection and Information Commissioner (edoeb.admin.ch).
Brazil. Under the Lei Geral de Proteção de Dados (LGPD), you have rights of confirmation, access, correction, anonymisation, portability, deletion, information about sharing, and revocation of consent. The supervisory authority is the Autoridade Nacional de Proteção de Dados (gov.br/anpd).
Canada. Under the Personal Information Protection and Electronic Documents Act (PIPEDA), you may contact the Office of the Privacy Commissioner of Canada (priv.gc.ca).
United States — California and other states with consumer privacy laws. Although Division Group is unlikely to meet the applicability thresholds of the California Consumer Privacy Act / California Privacy Rights Act (CCPA/CPRA), we voluntarily extend the rights of access, deletion, correction, and opt-out of "sale" or "sharing" of personal information to all visitors. We do not sell or share personal information for cross-context behavioural advertising. Our website honours Global Privacy Control (GPC) signals as described in the Cookie Policy.
Automated Decision-Making
We do not use personal information for automated decision-making or profiling that produces legal or similarly significant effects.
Children
Our website and services are directed to organisations and to professional adults. We do not knowingly collect personal information from individuals under the age of 16. If you believe a child has provided us with personal information, please contact us and we will delete it.
Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, our services, or the law. The date at the top of this page indicates when it was last updated. Where changes are material, we will take reasonable steps to bring them to your attention before they take effect.
Contact
For any question about this Policy, the personal information we hold about you, or to exercise any of your rights, please contact us at contact@dvsngroup.com.