Winston Marriot Limited (“we,” “us,” “our”), trading as PONDESK, is a limited company registered in England and Wales. We are committed to protecting your privacy and ensuring compliance with the UK General Data Protection Regulation (UK GDPR), the EU GDPR, and all applicable data protection laws, including the Data (Use and Access) Act 2025.
This Privacy Policy explains how we collect, use, store, and protect your personal information when you interact with our website, products, and services.
We collect information to operate effectively, deliver quality products and services, and improve customer experience. This includes information you provide directly, information collected automatically when using our platforms, and data obtained from third parties.
“Personal information” means data that identifies, relates to, or can reasonably be linked to an individual (or household in certain regions).
We collect and process personal information through online and offline interactions for operational, business management, and compliance purposes. This includes defending against potential legal claims and fulfilling contractual or legitimate business interests.
Personal Identifiers and Professional Information – We may collect details such as your name, phone number, email address, postal address, username, password, job title, company name, and professional background.
We use this data to:
Respond to enquiries and process orders.
Register you for services, promotions, or events.
Facilitate surveys, contests, and feedback forms.
Manage accounts and user preferences.
Send marketing or service updates (where permitted by law).
Messages and Reviews – Data submitted through forms, messages, or reviews helps us to:
Respond to your requests.
Personalise your experience and improve services.
Analyse user preferences to enhance website and product design.
Audio and Visual Information – We may collect and store images, videos, or recordings you upload to public sections of our website or social platforms. We also record customer service calls for quality assurance, compliance, and training.
Product and transaction details.
Payment and delivery information.
Purchase history and related records.
This information is used to fulfil orders, manage warranties, improve marketing efforts, and enhance our offerings.
Inferences from Collected Data – We combine your data with publicly available and third-party information to understand preferences and interests. This enables us to tailor communications and improve customer experience.
Job Applications – Information submitted through job applications is processed to evaluate your suitability for employment and manage recruitment communications.
System and Product Information – When you install or use our products, we collect technical data such as operating system details, device identifiers, system configuration, and usage statistics to improve functionality, troubleshoot issues, and enhance security.
Conferences, Trade Shows, and Events – When engaging with us at events, we may collect your contact and professional details for follow-ups, distributing promotional material, and maintaining business communication.
Customer Service Interactions – To maintain service quality and legal compliance, we may record customer service calls and retain relevant data for training or operational needs.
Collection from Other Sources
We may receive personal information from:
Employers or business partners – We may receive personal information from employers or authorised business partners to facilitate corporate services, manage employee or client accounts, and coordinate project activities. This information helps ensure smooth communication, service delivery, and compliance with contractual agreements.
Resellers and distributors – Personal information may be shared with our approved resellers and distribution partners to help process product or service orders, manage logistics, and provide technical or after-sales support. These partners are required to handle all data securely and use it only for authorised business purposes.
Public sources (e.g., LinkedIn, company websites) – We may collect publicly available information from professional or business platforms such as LinkedIn, trade directories, or company websites. This helps us verify business details, build professional relationships, and keep our records accurate and up to date.
Purchased marketing lists or event organisers – We may obtain contact information from third-party marketing list providers or event organisers, always in compliance with applicable privacy and marketing laws. This data is used only for legitimate business outreach, such as sharing product updates or relevant promotional offers.
We may anonymise or aggregate personal information for analytics, reporting, and service improvement. This information cannot be used to identify individuals and may be shared with third parties for business insights.
We process personal information under one or more of the following legal bases:
Contractual necessity – to deliver services or fulfil purchases.
Legal obligation – to meet regulatory or tax requirements.
Consent – where you have agreed (e.g., for marketing).
Legitimate interests – for improving services, ensuring security, or communicating with you (unless your rights override ours).
Recognised legitimate interests (UK only) – introduced under the Data (Use and Access) Act 2025, allowing processing for certain public and business purposes, such as fraud prevention or network security.
With your consent or as permitted by law, we may send you marketing messages about our products, services, offers, or events through email, SMS, or social media.
You may withdraw your consent at any time by emailing info@pondesk.co or using the unsubscribe link in our messages.
Please note that opting out of marketing does not affect essential service communications (e.g., order updates or policy changes).
We may share your personal information with trusted and carefully selected third parties to operate effectively, deliver our services, and maintain compliance with applicable laws and regulations. These include:
Service Providers and Partners – We work with IT vendors, hosting providers, payment processors, and customer support teams who help us deliver and maintain our products and services efficiently. They are only allowed to process your data as instructed and must maintain strict confidentiality.
Affiliates and Subsidiaries – Your information may be shared within our corporate group to ensure seamless coordination of global operations, manage shared business functions, and maintain consistent service quality across regions.
Marketing and Advertising Partners – We may share limited information with authorised marketing partners, but only when you have given clear consent. This helps us deliver relevant updates, promotional offers, or event invitations that align with your preferences.
Legal and Regulatory Authorities – We may disclose personal information to government bodies, law enforcement agencies, or regulators when required by law, to comply with legal obligations, or to protect our legitimate rights and interests.
Business Transitions – In the event of a merger, acquisition, or corporate restructuring, your data may be transferred to the new entity, subject to appropriate safeguards and continued protection in line with this Privacy Policy.
All third parties handling your information are bound by contractual agreements to protect your data, maintain confidentiality, and use it solely for authorised and legitimate business purposes.
We may use automated systems for analysis, service improvements, or marketing segmentation.
In line with the 2025 DUA Act, automated decision-making is permitted for non-sensitive data. However, where such decisions produce legal or significant effects, you have the right to request human review or contest the outcome.
We use technical and organisational measures such as encryption, firewalls, and secure access controls to protect your personal data from unauthorised access, loss, or misuse. Regular checks and updates are carried out to maintain security standards.
You are advised to use a strong, unique password and keep your login details private to help safeguard your account.
Although we take every reasonable precaution to protect your data, no online system is completely secure. By using our services, you acknowledge and accept these limited security risks.
We retain personal data only for as long as it is necessary to fulfil the purposes described in this Privacy Policy, including legal, accounting, tax, or compliance obligations. The retention period may vary depending on the nature of the data and the reason it was collected. Once the data is no longer required for these purposes, we take appropriate steps to securely delete, anonymise, or archive it.
In some cases, copies may be retained in secure backups or archives where required by law or for legitimate business continuity and audit purposes. All retained data remains protected with the same level of security and confidentiality.
To deliver our products and services globally, we may transfer your personal data outside the UK or EEA.
Such transfers comply with the UK GDPR, EU GDPR, and the Data (Use and Access) Act 2025.
We rely on appropriate safeguards, including:
Standard Contractual Clauses (SCCs).
Binding Corporate Rules (BCRs).
Adequacy regulations under UK law.
For personal data originating from the EEA, we comply with the European Commission’s adequacy requirements or apply EU SCCs.
For UK-origin data, we follow the UK Binding Corporate Rules (UK BCRs) or other approved mechanisms.
Our services are not directed to children under 16 years of age, and we do not knowingly collect their personal data.
If a child has provided information without parental consent, please contact info@pondesk.co and we will delete the data.
We also follow the Children’s Privacy by Design principle introduced under the Data (Use and Access) Act 2025, ensuring age-appropriate design and protection if any child-accessible service is developed.
We use cookies and similar technologies to improve site navigation, analyse traffic, and personalise content.
Under the updated 2025 PECR rules, certain analytics and functional cookies may be used without consent if they meet specific privacy criteria.
You can manage cookie preferences via the Cookie Settings link in the website footer.
For more details, refer to our Cookies Policy.
We recognise and honour Global Privacy Control (GPC) signals, which enable users to automatically communicate their preference to opt out of the sale or sharing of personal information. When we receive a valid GPC signal from your browser or device, we will process it in accordance with applicable data protection laws and update your privacy settings accordingly.
As technology and privacy regulations continue to evolve, we will monitor developments and take all reasonable steps to ensure full compliance with recognised GPC standards and similar privacy tools in the future
Our website may include links to third-party websites or services that are not operated or controlled by PONDESK. These external sites are provided for your convenience, but we do not have any control over their content, security, or privacy practices. We are not responsible for how these third parties collect, use, or protect your personal information.
We strongly encourage you to review the privacy policies and terms of any third-party websites you visit before providing any personal data. Your interaction with such external sites is subject to their own policies and not this Privacy Policy.
You have the right to:
Access your personal data.
Request correction or deletion.
Restrict or object to processing.
Request data portability.
Withdraw consent at any time.
We respond to all requests in line with applicable laws and will conduct a reasonable and proportionate search, as required by the Data (Use and Access) Act 2025.
If you wish to exercise your rights, contact us at info@pondesk.co.
If you are based in the UK or EEA, you are entitled to:
Object to processing.
Request restrictions on data use.
Request portability of your data.
If you believe your data is being processed in violation of this Policy, you may contact your local Data Protection Authority.
A list of EEA authorities is available here:
https://ec.europa.eu/justice/article-29/structure/data-protection-authorities/index_en.htm
We may update this Privacy Policy periodically to reflect changes in law or business operations.
Significant updates will be announced on our website or communicated directly.
As a UK-based brand operating globally, we transfer personal data across jurisdictions in compliance with the UK GDPR, EU GDPR, and Data (Use and Access) Act 2025.
All transfers include appropriate safeguards to ensure protection and consistency with international data protection standards.
For questions, complaints, or requests related to this Privacy Policy, please contact:
Data Protection Officer
Winston Marriot Limited (Trading as PONDESK)
Email: info@pondesk.co
Website: www.pondesk.co
Last Updated: 31 October 2025