Privacy Policy

This Privacy Policy explains how MWM Solutions Limited, trading as Ember Solutions ("Ember", "we", "our", or "us"), collects, uses, and protects personal data when you visit this website or contact us through it.

We are committed to handling personal data lawfully, transparently, and in line with our obligations under the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and the Privacy and Electronic Communications Regulations (PECR).

1. Who we are

Ember Solutions is the trading name of MWM Solutions Limited, a private limited company registered in England and Wales under company number 15957824, with its registered office at 31 Dwight Road, Watford, England, WD18 9SB.

We are the data controller for personal data collected through this website. Our registration with the UK Information Commissioner's Office (ICO) is in progress; this policy will be updated with our registration number once available.

2. What personal data we collect

We collect personal data only when you choose to provide it to us, primarily through the contact form on this website. The categories of personal data we may collect are:

• Identity and contact details — your name, business email address, telephone number, and the name of your organisation.
• Enquiry content — the message you send us, including any information you choose to share about your operational requirements, business context, or services of interest.
• Technical data — basic information automatically collected by our hosting infrastructure when you visit the site, such as IP address, browser type, and pages viewed. This is used solely for security, performance, and aggregate analytics; we do not link it to identifiable individuals.

We do not collect special category data (such as health data, racial or ethnic origin, or political opinions) through this website. If you choose to share such information voluntarily in a message to us, we will handle it with appropriate care and only use it to respond to your enquiry.

3. How we use your personal data

We use the personal data you provide to:

• Respond to your enquiry and any follow-up correspondence you initiate;
• Discuss the services you have asked about and, where appropriate, prepare a proposal or arrange a discovery call;
• Maintain a record of our communications for business administration and audit purposes;
• Comply with our legal obligations, including responding to lawful requests from regulators or law enforcement.

We do not use the personal data you provide through the contact form for marketing communications. We do not send mass marketing emails. We do not sell, rent, or otherwise share your data with third parties for marketing purposes.

4. The lawful basis for processing

Under the UK GDPR, we rely on the following lawful bases for processing your personal data:

• Legitimate interests — when responding to a business enquiry initiated by you, the processing is necessary for our legitimate interests in pursuing the commercial relationship you have asked us to consider, balanced against your reasonable expectations as the person who contacted us.
• Performance of a contract — where our communications progress to a contracted engagement, the processing is necessary for the performance of that contract.
• Compliance with a legal obligation — where we are required by law to retain or disclose personal data (for example, to comply with tax, accounting, or regulatory requirements).

5. Who we share your personal data with

We share personal data only with carefully selected service providers ("processors") who help us operate our business, and only to the extent necessary for the services they provide to us. Each processor is bound by a written data processing agreement that requires them to handle personal data in accordance with our instructions and the UK GDPR.

The processors we currently use are:

• Microsoft Corporation (Microsoft 365) — for email, calendar, and document management. Contact form submissions made through this website are received as emails into our Microsoft 365 environment. Microsoft processes data within its UK and EU data centres for our tenant; certain administrative functions may transit Microsoft's global infrastructure under the UK Extension to the EU-US Data Privacy Framework.
• Netlify, Inc. — for website hosting and content delivery. Netlify is a US-based provider that operates a global content delivery network. Server logs and any personal data passing through Netlify's infrastructure may be processed in the United States. Netlify is certified under the UK Extension to the EU-US Data Privacy Framework, which provides an adequate level of protection for personal data transferred from the UK to the US.
• Supabase Inc. — for storing structured records of contact form submissions in a database table dedicated to this purpose. Our Supabase project is hosted in the London (eu-west-2) region, so submission data is processed within the United Kingdom. Supabase Inc. is the corporate operator of the platform; the underlying infrastructure is hosted on Amazon Web Services in the UK region.

We do not currently use a customer relationship management (CRM) platform, a third-party email marketing tool, or analytics services that involve personal data. If we engage further processors in the future, we will update this policy.

We may also disclose personal data where required by law, in response to a lawful request from a regulator or court, or where necessary to protect the rights, property, or safety of MWM Solutions Limited, our clients, or others.

6. International transfers

Some of our processors are based outside the UK or process data outside the UK in the course of providing their services to us. Specifically:

• Netlify processes hosting data in the United States.
• Microsoft 365 primarily processes our tenant data within the UK and EU, but certain administrative functions may transit US infrastructure.

Both providers are certified under the UK Extension to the EU-US Data Privacy Framework, which the UK Government has recognised as providing an adequate level of data protection for personal data transferred from the UK to certified US organisations. Where appropriate, we also rely on the UK International Data Transfer Agreement (IDTA) or Standard Contractual Clauses (SCCs) as supplementary safeguards.

Submissions stored in our Supabase database remain within the UK (eu-west-2 region) and are not subject to international transfer.

7. How long we keep your personal data

We retain personal data only for as long as is necessary for the purposes for which it was collected, after which it is deleted or anonymised. Our standard retention periods are:

• Enquiries that do not progress to engagement — up to 24 months from the last meaningful contact, after which records are deleted unless retention is otherwise required.
• Enquiries that progress to a contracted engagement — for the duration of the engagement, plus seven years from the end of the engagement, in line with standard UK business and tax record retention requirements.
• Records held for legal or regulatory reasons — for the period required by the relevant law or regulator.

You can ask us to delete your personal data sooner; see Section 8.

8. Your rights under the UK GDPR

Under UK data protection law, you have the following rights in relation to your personal data:

• Right of access — to ask us for a copy of the personal data we hold about you.
• Right to rectification — to ask us to correct personal data that is inaccurate or incomplete.
• Right to erasure — to ask us to delete personal data we hold about you, in certain circumstances.
• Right to restrict processing — to ask us to limit how we use your personal data, in certain circumstances.
• Right to data portability — to receive a copy of the personal data you have provided to us in a commonly used, machine-readable format.
• Right to object — to object to processing based on legitimate interests, including any direct marketing.
• Right to withdraw consent — where we rely on consent (which is not the basis for any current website processing), to withdraw it at any time.

To exercise any of these rights, please email us at info@ember-solutions.co.uk. We will respond within one calendar month, in line with the UK GDPR. We may need to verify your identity before acting on a request.

If you are not satisfied with how we have handled your personal data or a request, you have the right to lodge a complaint with the UK Information Commissioner's Office (ICO):

Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF
Helpline: 0303 123 1113
Website: ico.org.uk

9. Cookies

This website uses a small number of strictly necessary cookies to function correctly. We do not use analytics, advertising, or tracking cookies. For full details, see our Cookie Policy.

10. Security

We take appropriate technical and organisational measures to protect personal data against unauthorised access, alteration, disclosure, or destruction. These include encrypted connections (HTTPS) for all traffic to and from this website, secure credential management, and access controls within our Microsoft 365 environment. No system is completely secure; in the unlikely event of a personal data breach affecting your rights, we will notify you and the ICO in line with our legal obligations.

11. Children

This website is intended for business users. We do not knowingly collect personal data from children under 18. If you believe we have inadvertently received data from a child, please contact us so we can delete it.

12. Changes to this policy

We may update this policy from time to time to reflect changes to our practices or for legal, operational, or regulatory reasons. The "Last updated" date at the top of this page indicates when the policy was last revised. Where changes are material, we will take reasonable steps to bring them to your attention.

13. How to contact us

For any questions about this Privacy Policy or how we handle personal data, please contact:

MWM Solutions Limited (trading as Ember Solutions)
31 Dwight Road, Watford, England, WD18 9SB
Email: info@ember-solutions.co.uk