Legal

Privacy Policy

How CX Agency collects, uses, and protects your personal data.

Last updated: 1 March 2026

Contents

  1. Who we are
  2. What personal data we collect
  3. How we use your data
  4. Legal basis for processing
  5. Who we share your data with
  6. How long we keep your data
  7. Your rights
  8. Cookies
  9. Security
  10. International transfers
  11. Changes to this policy
  12. Contact us

1. Who we are

CX Agency is the trading name of CX Advisory Ltd, a company registered in England and Wales. Our registered address and company number are available upon request. We operate the website at cxagency.io and provide digital products and consultancy services relating to Customer Experience operating systems.

For the purposes of the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018, CX Advisory Ltd is the Data Controller in respect of personal data processed through our website and services.

If you have any questions about this Privacy Policy or how we handle your personal data, please contact us at sales@cxagency.io.

2. What personal data we collect

We collect personal data in the following ways:

Data you provide directly:

  • Name and email address when you contact us, complete the Churn Diagnostic, download a resource, or make a purchase
  • Company name and job title when completing enquiry forms
  • Payment information (processed securely by our payment provider — we do not store card details)
  • Any information you share voluntarily in messages or enquiries

Data collected automatically:

  • IP address and browser/device information
  • Pages visited, time spent, referring URLs
  • Cookie data (see our Cookies section below)

We do not collect special category data (such as health, biometric, or political data) through this website.

3. How we use your data

We use your personal data for the following purposes:

  • To deliver the products and services you have purchased
  • To respond to enquiries and provide customer support
  • To send you marketing communications where you have opted in or where we have a legitimate interest (you can unsubscribe at any time)
  • To send product updates, new resources, or relevant content where you have agreed to receive these
  • To process payments and maintain transaction records
  • To improve our website and product offering based on analytics data
  • To comply with our legal obligations

We will never sell your personal data to third parties for their own marketing purposes.

We process your personal data under the following legal bases as defined by UK GDPR:

  • Contract: Where processing is necessary to fulfil an order or service agreement you have entered into with us
  • Legitimate interests: Where we have a legitimate business interest in processing your data that does not override your rights — for example, contacting prospects who have expressed interest in our services
  • Consent: Where you have given clear consent — for example, subscribing to our email list or completing the Churn Diagnostic with an email address
  • Legal obligation: Where we are required to retain certain data to comply with applicable laws (such as financial records)

5. Who we share your data with

We share your data with trusted third-party service providers only where necessary to operate our business:

  • Payment processors (e.g. Stripe) to handle transactions securely
  • Email marketing platforms (e.g. Mailchimp, ConvertKit) where you have opted in to communications
  • Analytics providers (e.g. Google Analytics) to understand how our website is used
  • Cloud infrastructure providers (e.g. Google Firebase) who host our website

All third-party providers are required to handle your data in compliance with applicable data protection law. We do not sell, rent, or trade your personal data.

6. How long we keep your data

  • Customer purchase records: 7 years from the date of purchase (legal/financial obligation)
  • Email marketing list: Until you unsubscribe or withdraw consent
  • Enquiry/contact data: Up to 2 years from last contact
  • Diagnostic responses (without email): Not stored — session data only
  • Website analytics: As per third-party provider settings (typically 26 months for Google Analytics)

7. Your rights

Under UK GDPR, you have the following rights in relation to your personal data:

  • Right of access: Request a copy of the personal data we hold about you
  • Right to rectification: Ask us to correct inaccurate or incomplete data
  • Right to erasure: Request deletion of your data in certain circumstances
  • Right to restrict processing: Ask us to pause processing of your data in certain circumstances
  • Right to data portability: Receive your data in a structured, machine-readable format
  • Right to object: Object to processing based on legitimate interests or for direct marketing
  • Right to withdraw consent: Where processing is based on consent, you may withdraw it at any time

To exercise any of these rights, please email sales@cxagency.io. We will respond within 30 days. You also have the right to lodge a complaint with the UK's Information Commissioner's Office (ICO) at ico.org.uk if you believe we have not handled your data appropriately.

8. Cookies

Our website uses cookies — small text files stored on your device — to improve your experience and understand how the site is used.

Essential cookies: Required for the website to function correctly. These cannot be disabled.

Analytics cookies: Used to understand website traffic and behaviour (e.g. Google Analytics). These are only set with your consent where required.

Marketing cookies: Used to track the effectiveness of any marketing campaigns. We will seek consent before setting these.

You can control cookies through your browser settings. Disabling analytics or marketing cookies will not affect your ability to use the website. For more information on managing cookies, visit allaboutcookies.org.

9. Security

We take the security of your personal data seriously and implement appropriate technical and organisational measures to protect it against unauthorised access, loss, destruction, or alteration. Our website is served over HTTPS. Payment processing is handled entirely by PCI-DSS compliant providers and we do not store payment card information.

No method of transmission over the internet is completely secure. If you have concerns about data security, please contact us at sales@cxagency.io.

10. International transfers

Some of our third-party service providers may process data outside the UK or European Economic Area (EEA). Where this occurs, we ensure appropriate safeguards are in place — such as Standard Contractual Clauses (SCCs) or reliance on adequacy decisions — to protect your data in line with UK GDPR requirements.

11. Changes to this policy

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable law. The "Last updated" date at the top of this page will always reflect the most recent revision. Where changes are material, we will take reasonable steps to notify you (for example, by email if you are a customer or subscriber).

12. Contact us

Data Controller — CX Advisory Ltd (trading as CX Agency)

For any privacy-related queries, rights requests, or complaints, please contact us at:
sales@cxagency.io

We aim to respond to all enquiries within 30 days. If you are unsatisfied with our response, you can escalate to the ICO at ico.org.uk.