Privacy NOTICE
Privacy NOTICE
This Privacy Notice explains how Bytes&Rights collects and processes personal data in the course of its business activities, including through its websites (www.bytes-and-rights.pro, www.bytes-and-rights.com), client engagements, and communications.
WHO WE ARE
Bytes&Rights operates through the following entities:
Bytes And Rights Ltd, a company incorporated in England and Wales with the company number 16436952 (the “UK Entity”); and
Bytes&Rights TMI, a business entity registered in Finland with business ID 3402918-6 (the “EEA Entity”).
For the purposes of applicable data protection laws:
the UK Entity acts as data controller for individuals located in the United Kingdom and outside the European Economic Area (EEA);
the EEA Entity acts as data controller for individuals located within the EEA.
References in this Notice to “Bytes&Rights”, “we”, “us” or “our” mean the relevant entity acting as controller in the specific context.
APPLICABLE LEGAL FRAMEWORK
We process personal data in accordance with:
the General Data Protection Regulation (EU) 2016/679 (GDPR);
the Finnish Data Protection Act (1050/2018), where applicable;
the UK General Data Protection Regulation (UK GDPR); and
the UK Data Protection Act 2018.
The applicable framework depends on your location and the entity with which you interact.
We collect only the personal data necessary for our business purposes. We may collect and process the following categories of personal data:
Website. If you only access our website as a visitor, it is most likely that we don’t collect any of your personal data. However, our website uses cookies, so you might wish to read our Cookies Policy to know what exactly we do and how you can manage your cookies settings.
Services. If you contact us or request services, for example, if you submit a consultation request via our website, we may collect:
your name,
telephone number,
email address, and
content of your inquiry or instructions.
Recruitment. If you apply for a position, we may process:
your name,
telephone number,
email address,
your CV and professional background, and
any additional information you choose to provide.
Marketing. If you subscribe to our updates, we process:
your email address,
engagement data (e.g. opens, clicks).
CHILDREN’S DATA
Our services are not directed at children. We do not knowingly collect personal data from individuals under the age of 16. If we become aware that such data has been provided, we will delete it.
If you are a parent or guardian and believe your child has provided us with personal data, please contact us.
We may process personal data for the following purposes:
to respond to your inquiries and consultation requests;
to provide our legal and advisory services;
to manage client relationships;
to process recruitment applications;
to send you legal updates and marketing communications (where permitted);
to improve and secure our systems and websites;
to comply with legal and regulatoryobligations;
to establish, exercise or defend legal claims.
LEGAL BASIS FOR PROCESSING
We rely on the following legal bases, as applicable:
performance of a contract
compliance with legal obligations
legitimate interests (including professional communications, service delivery, and business operations)
consent (in particular, for marketing communications).
Where processing is based on consent, it may be withdrawn at any time.
SHARING OF PERSONAL DATA
We do not sell personal data.
We may share personal data with trusted service providers who help us operate our business, including:
IT and infrastructure services,
hosting and website support,
CRM and communication tools,
email distribution and analytics services.
We may also share data between our UK and EEA entities:
for internal administrative and client service purposes;
where required by law or regulation;
to protect our legal rights.
All third parties are subject to appropriate confidentiality and data protection obligations.
Analytics service providers may use their own cookies to collect information about the usage of our website.
INTERNATIONAL DATA TRANSFER
Where personal data is transferred outside the EEA or the United Kingdom, we ensure appropriate safeguards, including:
Standard Contractual Clauses approved by the European Commission;
the UK International Data Transfer Agreement (IDTA) or UK Addendum; or
adequacy decisions.
Some service providers (such as email platforms) may process data in jurisdictions outside the EEA or UK under these safeguards.
SPECIAL CATEGORIES OF PERSONAL DATA
We don’t collect and don’t process special categories of personal data, namely data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, genetic data, biometric data, data concerning health or data concerning a natural person's sex life or sexual orientation.
DATA RETENTION
We retain personal data only for as long as necessary for the purposes described in this Notice, including to meet legal, regulatory, and professional obligations.
Retention periods vary depending on the nature of the data and the context in which it was collected.
We implement appropriate technical and organizational measures to protect personal data. However, no transmission over the Internet is entirely secure, and we cannot guarantee absolute security.
Subject to applicable law, you have certain rights in relation to your personal data:
The right to be informed: our obligation is to inform you that we process your personal data (and that's what we're doing in this Notice);
The right of access: your right to request a copy of the personal data we hold about you;
The right of rectification: your right to request that we correct personal data about you if it is incomplete or inaccurate;
The right to erasure (also known as the 'right to be forgotten'): under certain circumstances, you may ask us to delete the personal data we have about you (unless it remains necessary for us to continue processing your personal data for a legitimate business need or to comply with a legal obligation as permitted under the GDPR, in which case we will inform you);
The right to restrict processing: your right, under certain circumstances, to ask us to suspend our processing of your personal data;
The right to data portability: your right to ask us for a copy of your personal data in a common format (for example, a .csv file);
The right to object: your right to object to us processing your personal data (for example, if you object to us processing your data for direct marketing);
Rights in relation to automated decision-making and profiling: our obligation to be transparent about any profiling we do, or any automated decision-making.
These rights are subject to legal limitations and may not apply in all circumstances.
COMPLAINTS
You have the right to lodge a complaint with a supervisory authority:
in the United Kingdom — the Information Commissioner’s Office (ICO);
in Finland — the Office of the Data Protection Ombudsman.
We encourage you to contact us first so we can address your concerns.
Our website and communications may contain links to third-party websites. The personal information you share on those sites is not governed by this Privacy Notice, and we are not responsible for how your personal data is handled by those websites.
We may update this Privacy Notice from time to time. The latest version will be available on our website.
For any questions regarding this Privacy Notice or our data practices, please contact us: law@bytes-and-rights.com.
Please indicate your location so your request can be handled by the appropriate entity.
Last update: March 2026.
This Privacy Notice explains how Bytes&Rights collects and processes personal data in the course of its business activities, including through its websites (www.bytes-and-rights.pro, www.bytes-and-rights.com), client engagements, and communications.
WHO WE ARE
Bytes&Rights operates through the following entities:
Bytes And Rights Ltd, a company incorporated in England and Wales with the company number 16436952 (the “UK Entity”); and
Bytes&Rights TMI, a business entity registered in Finland with business ID 3402918-6 (the “EEA Entity”).
For the purposes of applicable data protection laws:
the UK Entity acts as data controller for individuals located in the United Kingdom and outside the European Economic Area (EEA);
the EEA Entity acts as data controller for individuals located within the EEA.
References in this Notice to “Bytes&Rights”, “we”, “us” or “our” mean the relevant entity acting as controller in the specific context.
APPLICABLE LEGAL FRAMEWORK
We process personal data in accordance with:
the General Data Protection Regulation (EU) 2016/679 (GDPR);
the Finnish Data Protection Act (1050/2018), where applicable;
the UK General Data Protection Regulation (UK GDPR); and
the UK Data Protection Act 2018.
The applicable framework depends on your location and the entity with which you interact.
We collect only the personal data necessary for our business purposes. We may collect and process the following categories of personal data:
Website. If you only access our website as a visitor, it is most likely that we don’t collect any of your personal data. However, our website uses cookies, so you might wish to read our Cookies Policy to know what exactly we do and how you can manage your cookies settings.
Services. If you contact us or request services, for example, if you submit a consultation request via our website, we may collect:
your name,
telephone number,
email address, and
content of your inquiry or instructions.
Recruitment. If you apply for a position, we may process:
your name,
telephone number,
email address,
your CV and professional background, and
any additional information you choose to provide.
Marketing. If you subscribe to our updates, we process:
your email address,
engagement data (e.g. opens, clicks).
CHILDREN’S DATA
Our services are not directed at children. We do not knowingly collect personal data from individuals under the age of 16. If we become aware that such data has been provided, we will delete it.
If you are a parent or guardian and believe your child has provided us with personal data, please contact us.
We may process personal data for the following purposes:
to respond to your inquiries and consultation requests;
to provide our legal and advisory services;
to manage client relationships;
to process recruitment applications;
to send you legal updates and marketing communications (where permitted);
to improve and secure our systems and websites;
to comply with legal and regulatoryobligations;
to establish, exercise or defend legal claims.
LEGAL BASIS FOR PROCESSING
We rely on the following legal bases, as applicable:
performance of a contract
compliance with legal obligations
legitimate interests (including professional communications, service delivery, and business operations)
consent (in particular, for marketing communications).
Where processing is based on consent, it may be withdrawn at any time.
SHARING OF PERSONAL DATA
We do not sell personal data.
We may share personal data with trusted service providers who help us operate our business, including:
IT and infrastructure services,
hosting and website support,
CRM and communication tools,
email distribution and analytics services.
We may also share data between our UK and EEA entities:
for internal administrative and client service purposes;
where required by law or regulation;
to protect our legal rights.
All third parties are subject to appropriate confidentiality and data protection obligations.
Analytics service providers may use their own cookies to collect information about the usage of our website.
INTERNATIONAL DATA TRANSFER
Where personal data is transferred outside the EEA or the United Kingdom, we ensure appropriate safeguards, including:
Standard Contractual Clauses approved by the European Commission;
the UK International Data Transfer Agreement (IDTA) or UK Addendum; or
adequacy decisions.
Some service providers (such as email platforms) may process data in jurisdictions outside the EEA or UK under these safeguards.
SPECIAL CATEGORIES OF PERSONAL DATA
We don’t collect and don’t process special categories of personal data, namely data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, genetic data, biometric data, data concerning health or data concerning a natural person's sex life or sexual orientation.
DATA RETENTION
We retain personal data only for as long as necessary for the purposes described in this Notice, including to meet legal, regulatory, and professional obligations.
Retention periods vary depending on the nature of the data and the context in which it was collected.
We implement appropriate technical and organizational measures to protect personal data. However, no transmission over the Internet is entirely secure, and we cannot guarantee absolute security.
Subject to applicable law, you have certain rights in relation to your personal data:
The right to be informed: our obligation is to inform you that we process your personal data (and that's what we're doing in this Notice);
The right of access: your right to request a copy of the personal data we hold about you;
The right of rectification: your right to request that we correct personal data about you if it is incomplete or inaccurate;
The right to erasure (also known as the 'right to be forgotten'): under certain circumstances, you may ask us to delete the personal data we have about you (unless it remains necessary for us to continue processing your personal data for a legitimate business need or to comply with a legal obligation as permitted under the GDPR, in which case we will inform you);
The right to restrict processing: your right, under certain circumstances, to ask us to suspend our processing of your personal data;
The right to data portability: your right to ask us for a copy of your personal data in a common format (for example, a .csv file);
The right to object: your right to object to us processing your personal data (for example, if you object to us processing your data for direct marketing);
Rights in relation to automated decision-making and profiling: our obligation to be transparent about any profiling we do, or any automated decision-making.
These rights are subject to legal limitations and may not apply in all circumstances.
COMPLAINTS
You have the right to lodge a complaint with a supervisory authority:
in the United Kingdom — the Information Commissioner’s Office (ICO);
in Finland — the Office of the Data Protection Ombudsman.
We encourage you to contact us first so we can address your concerns.
Our website and communications may contain links to third-party websites. The personal information you share on those sites is not governed by this Privacy Notice, and we are not responsible for how your personal data is handled by those websites.
We may update this Privacy Notice from time to time. The latest version will be available on our website.
For any questions regarding this Privacy Notice or our data practices, please contact us: law@bytes-and-rights.com.
Please indicate your location so your request can be handled by the appropriate entity.
Last update: March 2026.
This Privacy Notice explains how Bytes&Rights collects and processes personal data in the course of its business activities, including through its websites (www.bytes-and-rights.pro, www.bytes-and-rights.com), client engagements, and communications.
WHO WE ARE
Bytes&Rights operates through the following entities:
Bytes And Rights Ltd, a company incorporated in England and Wales with the company number 16436952 (the “UK Entity”); and
Bytes&Rights TMI, a business entity registered in Finland with business ID 3402918-6 (the “EEA Entity”).
For the purposes of applicable data protection laws:
the UK Entity acts as data controller for individuals located in the United Kingdom and outside the European Economic Area (EEA);
the EEA Entity acts as data controller for individuals located within the EEA.
References in this Notice to “Bytes&Rights”, “we”, “us” or “our” mean the relevant entity acting as controller in the specific context.
APPLICABLE LEGAL FRAMEWORK
We process personal data in accordance with:
the General Data Protection Regulation (EU) 2016/679 (GDPR);
the Finnish Data Protection Act (1050/2018), where applicable;
the UK General Data Protection Regulation (UK GDPR); and
the UK Data Protection Act 2018.
The applicable framework depends on your location and the entity with which you interact.
We collect only the personal data necessary for our business purposes. We may collect and process the following categories of personal data:
Website. If you only access our website as a visitor, it is most likely that we don’t collect any of your personal data. However, our website uses cookies, so you might wish to read our Cookies Policy to know what exactly we do and how you can manage your cookies settings.
Services. If you contact us or request services, for example, if you submit a consultation request via our website, we may collect:
your name,
telephone number,
email address, and
content of your inquiry or instructions.
Recruitment. If you apply for a position, we may process:
your name,
telephone number,
email address,
your CV and professional background, and
any additional information you choose to provide.
Marketing. If you subscribe to our updates, we process:
your email address,
engagement data (e.g. opens, clicks).
CHILDREN’S DATA
Our services are not directed at children. We do not knowingly collect personal data from individuals under the age of 16. If we become aware that such data has been provided, we will delete it.
If you are a parent or guardian and believe your child has provided us with personal data, please contact us.
We may process personal data for the following purposes:
to respond to your inquiries and consultation requests;
to provide our legal and advisory services;
to manage client relationships;
to process recruitment applications;
to send you legal updates and marketing communications (where permitted);
to improve and secure our systems and websites;
to comply with legal and regulatoryobligations;
to establish, exercise or defend legal claims.
LEGAL BASIS FOR PROCESSING
We rely on the following legal bases, as applicable:
performance of a contract
compliance with legal obligations
legitimate interests (including professional communications, service delivery, and business operations)
consent (in particular, for marketing communications).
Where processing is based on consent, it may be withdrawn at any time.
SHARING OF PERSONAL DATA
We do not sell personal data.
We may share personal data with trusted service providers who help us operate our business, including:
IT and infrastructure services,
hosting and website support,
CRM and communication tools,
email distribution and analytics services.
We may also share data between our UK and EEA entities:
for internal administrative and client service purposes;
where required by law or regulation;
to protect our legal rights.
All third parties are subject to appropriate confidentiality and data protection obligations.
Analytics service providers may use their own cookies to collect information about the usage of our website.
INTERNATIONAL DATA TRANSFER
Where personal data is transferred outside the EEA or the United Kingdom, we ensure appropriate safeguards, including:
Standard Contractual Clauses approved by the European Commission;
the UK International Data Transfer Agreement (IDTA) or UK Addendum; or
adequacy decisions.
Some service providers (such as email platforms) may process data in jurisdictions outside the EEA or UK under these safeguards.
SPECIAL CATEGORIES OF PERSONAL DATA
We don’t collect and don’t process special categories of personal data, namely data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, genetic data, biometric data, data concerning health or data concerning a natural person's sex life or sexual orientation.
DATA RETENTION
We retain personal data only for as long as necessary for the purposes described in this Notice, including to meet legal, regulatory, and professional obligations.
Retention periods vary depending on the nature of the data and the context in which it was collected.
We implement appropriate technical and organizational measures to protect personal data. However, no transmission over the Internet is entirely secure, and we cannot guarantee absolute security.
Subject to applicable law, you have certain rights in relation to your personal data:
The right to be informed: our obligation is to inform you that we process your personal data (and that's what we're doing in this Notice);
The right of access: your right to request a copy of the personal data we hold about you;
The right of rectification: your right to request that we correct personal data about you if it is incomplete or inaccurate;
The right to erasure (also known as the 'right to be forgotten'): under certain circumstances, you may ask us to delete the personal data we have about you (unless it remains necessary for us to continue processing your personal data for a legitimate business need or to comply with a legal obligation as permitted under the GDPR, in which case we will inform you);
The right to restrict processing: your right, under certain circumstances, to ask us to suspend our processing of your personal data;
The right to data portability: your right to ask us for a copy of your personal data in a common format (for example, a .csv file);
The right to object: your right to object to us processing your personal data (for example, if you object to us processing your data for direct marketing);
Rights in relation to automated decision-making and profiling: our obligation to be transparent about any profiling we do, or any automated decision-making.
These rights are subject to legal limitations and may not apply in all circumstances.
COMPLAINTS
You have the right to lodge a complaint with a supervisory authority:
in the United Kingdom — the Information Commissioner’s Office (ICO);
in Finland — the Office of the Data Protection Ombudsman.
We encourage you to contact us first so we can address your concerns.
Our website and communications may contain links to third-party websites. The personal information you share on those sites is not governed by this Privacy Notice, and we are not responsible for how your personal data is handled by those websites.
We may update this Privacy Notice from time to time. The latest version will be available on our website.
For any questions regarding this Privacy Notice or our data practices, please contact us: law@bytes-and-rights.com.
Please indicate your location so your request can be handled by the appropriate entity.
Last update: March 2026.