HomePrivacy Policy

🔒 GDPR Compliant · Last Updated: March 2026

Privacy Policy

Effective: 1 March 2026

Last updated: 20 March 2026

~8 min read

Plain-language summary: We collect only what we need to deliver our services, protect it seriously, never sell it to anyone, and give you full control over it. This policy explains exactly what we do and why — in plain English, not legalese.

Who We Are

Corematrix is an AI-first IT services and consulting company. We act as data controller for website visitors, marketing, and business development. When we deliver services to clients, we act as a data processor under their instructions.

If you have questions about how we handle your data, contact us at info@corematrixs.com before using our services.

Data We Collect

Data you provide directly

Contact form submissions (name, email, phone, company, message)
Job applications (CV, cover letter, portfolio links)
Newsletter sign-ups (email, first name)
Project enquiry and discovery call details

Data collected automatically

IP address (anonymised where possible)
Browser type and device info
Pages visited and time on site
Referrer URL

Data from third parties

We may receive limited contact data from partners or referrals when you have consented to that sharing. We do not buy or trade contact lists.

What we never collect: Sensitive categories (health, ethnicity, political views), precise geolocation, or data obtained through dark patterns. We do not engage in cross-site tracking.

How We Use Data

We use your data only for the purposes below. Each purpose has a clear legal basis under GDPR.

Data processing purposes and legal bases
Purpose	Data Used	Legal Basis
Respond to enquiries and project requests	Name, email, phone, project details	Legitimate interest / Contract
Deliver contracted services	Contact, billing, project data	Contract performance
Send newsletter (if subscribed)	Email, first name	Consent
Process job applications	Application data	Pre-contractual steps
Improve our website and services	Usage and analytics data	Legitimate interest
Legal and compliance obligations	As required by law	Legal obligation
Prevent fraud and ensure security	Technical and usage data	Legitimate interest

We never use your data for automated profiling or automated decisions that significantly affect you.

Legal Basis

Consent (Art 6(1)(a)) — e.g. newsletter, optional cookies
Contract (Art 6(1)(b)) — processing necessary to perform a contract with you
Legal obligation (Art 6(1)(c)) — e.g. tax, compliance, law enforcement requests
Legitimate interests (Art 6(1)(f)) — e.g. fraud prevention, improving our services, responding to enquiries

Right to Object: Where we rely on legitimate interests, you may object at any time. Contact us at info@corematrixs.com to exercise this right.

Data Sharing

We do not sell, rent, or trade your personal data — ever.

Service providers

We share data only with processors who help us operate (e.g. hosting, email, analytics). All processors are bound by data processing agreements and handle data only as instructed.

Legal requirements

We may disclose data when required by law, court order, or to protect our rights and safety.

Business transfers

If Corematrix is acquired or merges, your data may transfer to the new entity. You will be notified of any material change in ownership.

No advertising networks: We do not use advertising cookies or retargeting. Your data is not shared with ad networks.

Retention

We retain data only for as long as necessary. When retention periods expire, data is deleted securely or anonymised.

Data retention periods and reasons
Data Type	Retention	Reason
Contact enquiry data	3 years from last contact	Business relationship management
Active client data	Contract + 7 years	Legal, tax, and contractual obligations
Newsletter subscribers	Until unsubscribed	Consent-based — you control this
Unsuccessful job applications	6 months	Future opportunities (with notice)
Website analytics data	14 months (anonymised)	Trend analysis
Server logs	90 days	Security and fraud prevention
Financial records	7 years	Legal / tax compliance

Your Rights

Under GDPR, you have the following rights. Exercise them by emailing info@corematrixs.com. We respond within 30 days.

Right to Access

Request a copy of the personal data we hold about you and how we use it.

Right to Rectification

Ask us to correct inaccurate or incomplete personal data about you.

Right to Erasure

Request deletion of your data where there is no compelling reason to continue processing.

Right to Restriction

Request that we restrict processing of your data in certain circumstances.

Right to Portability

Receive your data in a structured, machine-readable format and transfer it.

Right to Object

Object to processing based on legitimate interests or for direct marketing at any time.

Withdraw Consent

Where processing is based on consent, withdraw it at any time without affecting past processing.

Right to Complain

Lodge a complaint with your local data protection authority.

There is no fee for exercising your rights. We will not charge you for access, rectification, erasure, or portability requests.

Security

TLS 1.2+ for all data in transit
AES-256 encryption at rest
Role-based access controls and MFA for all staff
Regular security reviews and penetration testing
Incident response plan with 72-hour breach notification to regulators where required

Cookies

We use cookies only where necessary. Our cookie banner lets you manage preferences. You can also adjust settings in your browser.

Cookie categories and consent requirements
Category	Purpose	Consent
Strictly Necessary	Essential website functionality (security tokens, session management)	No — required for site to function
Analytics	Understanding how visitors use our site — data anonymised	Yes — opt-in only
Functional	Remembering preferences (language, form state)	Yes — opt-in only
Marketing	We do not use marketing or tracking cookies	N/A — not used

We do not use advertising or retargeting cookies.

International Transfers

We may transfer data outside the EEA. When we do, we use appropriate safeguards:

Standard Contractual Clauses (SCCs) approved by the European Commission
Adequacy decisions where the destination country is recognised as adequate
Explicit consent where required

A list of countries where we transfer data is available on request.

Children's Privacy

Our services are intended for businesses and professionals aged 18 and over. We do not knowingly collect personal data from children under 16.

If you believe we have collected data from a child under 16, contact us immediately at info@corematrixs.com and we will delete it.

Changes

We update the 'Last Updated' date at the top of this policy
We post a notice on our homepage for 30 days for material changes
Where required by law, we email you about material changes

Contact Us

For privacy enquiries, rights requests, or complaints, contact our Data Controller:

DATA CONTROLLER CONTACT

Corematrix

info@corematrixs.com +224 494 4994

You have the right to lodge a complaint with your supervisory authority. For EU residents, find yours at edpb.europa.eu (opens in new tab).

This policy was last updated on 20 March 2026and is effective immediately.

Questions About Your Data?

We respond to every privacy inquiry within 30 days. Reach out — we're happy to explain anything.

📧 Email Our Team Use Contact Form →