Privacy Policy
1. Who We Are
Data controller: McCormick and McCormick Limited, trading as Veritex. Registered in England and Wales, Company No. 09843847.
We provide independent electronics manufacturing consultancy services including design review, fractional NPI directorship, and turnkey prototype management. When you use our website, send an enquiry, or use our client portal, we collect and process personal data as described in this policy.
Contact us at: [email protected]
2. Data We Collect
We may collect the following categories of personal data:
| Category | Examples | Source |
|---|---|---|
| Identity data | First name, last name, job title | You, directly |
| Contact data | Email address, telephone number, company name | You, directly |
| Account data | Portal login credentials, notification preferences | You, directly |
| Project data | Design files (Gerbers, BOMs, schematics), project descriptions, correspondence | You, via portal upload |
| Financial data | Invoice references, payment status, credit terms | You and QuickBooks Online |
| Technical data | IP address, browser type, session data | Automatically, via web server |
| Enquiry data | Name, company, email, enquiry message, attached files | You, via website contact form |
We do not collect special category data (e.g. health, ethnicity, biometric data) and we do not collect data relating to individuals under 18.
3. How We Use Your Data
We use personal data for the following purposes:
- To respond to enquiries submitted via our website or email
- To create and manage your client portal account
- To deliver consultancy services and manage project files
- To issue quotes and invoices and record payment
- To communicate with you about your projects and engagements
- To comply with legal and regulatory obligations, including financial record-keeping
- To maintain the security and integrity of our systems
We do not use your data for automated decision-making or profiling. We do not use your data for marketing without your explicit consent. We do not sell or share your data with third parties for their own commercial purposes.
4. Legal Basis for Processing
| Purpose | Legal basis (UK GDPR Article 6) |
|---|---|
| Responding to enquiries | Legitimate interests (Article 6(1)(f)) — to respond to prospective client requests |
| Delivering services via the portal | Performance of a contract (Article 6(1)(b)) |
| Issuing quotes and invoices | Performance of a contract (Article 6(1)(b)) |
| Financial record-keeping | Legal obligation (Article 6(1)(c)) — Companies Act 2006, HMRC requirements |
| Maintaining system security | Legitimate interests (Article 6(1)(f)) |
5. Data Retention
We retain personal data only as long as necessary for the purpose it was collected and to meet our legal obligations:
| Data type | Retention period |
|---|---|
| Portal account and project data | Duration of the client relationship, plus 6 years from end of engagement (financial record requirement) |
| Invoice and payment records | 6 years from the date of the transaction (HMRC requirement) |
| Enquiry data (no account created) | 2 years from the date of enquiry |
| Technical/server logs | 90 days |
At the end of the applicable retention period, data is securely deleted or anonymised.
6. Third Parties
We share personal data with a limited number of third-party processors who act on our instructions and are bound by appropriate data processing agreements:
| Processor | Purpose | Location |
|---|---|---|
| Intuit QuickBooks Online | Issuing and syncing quotes and invoices; customer account management | United States (adequacy / Standard Contractual Clauses) |
| Web hosting provider | Hosting the website and client portal | United Kingdom / EEA |
Where data is transferred outside the UK, we ensure appropriate safeguards are in place in accordance with UK GDPR Chapter V.
We do not share personal data with any other third party without your explicit consent, except where required by law or regulation.
7. Your Rights
Under UK GDPR, you have the following rights in relation to your personal data:
- Right of access — to request a copy of the personal data we hold about you
- Right to rectification — to ask us to correct inaccurate or incomplete data
- Right to erasure — to ask us to delete your data, subject to any legal retention obligations
- Right to restriction — to ask us to restrict processing in certain circumstances
- Right to data portability — to receive your data in a structured, machine-readable format where processing is based on consent or contract
- Right to object — to object to processing based on legitimate interests
To exercise any of these rights, contact us at [email protected]. We will respond within one calendar month. There is no charge for reasonable requests.
8. Cookies
Our website uses only the following cookies:
| Cookie | Purpose | Duration |
|---|---|---|
sessionid | Maintains your logged-in session in the client portal | Session (deleted on browser close) |
csrftoken | Security token to prevent cross-site request forgery | 1 year |
theme (localStorage) | Remembers your light/dark mode preference | Persistent (local storage, not a cookie) |
We do not use analytics cookies, advertising cookies, or any third-party tracking cookies. No consent banner is required as we only use strictly necessary cookies.
9. Security
We take appropriate technical and organisational measures to protect your personal data against unauthorised access, loss, or disclosure. These include:
- Encrypted transmission (HTTPS/TLS) for all data in transit
- Access controls — portal accounts are protected by password authentication
- Project files are stored in access-controlled server storage, segregated by client
- Staff access to client data is limited to those with a legitimate need
In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the Information Commissioner's Office within 72 hours and, where required, notify you without undue delay.
10. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices or applicable law. The version date at the top of this page indicates when the policy was last revised. Where changes are material, we will notify existing clients by email.
11. Contact and Complaints
For any questions about this policy or to exercise your data rights, contact us at:
Veritex
Email: [email protected]
Telephone: 0333 335 6452
If you are not satisfied with our response, you have the right to lodge a complaint with the Information Commissioner's Office (ICO):
Website: ico.org.uk
Telephone: 0303 123 1113