Data Protection & Privacy Policy

Last updated January 6, 2026
Ekstron Ltd

1. Introduction and Aim of This Policy

Ekstron Ltd ("Ekstron", "we", "us", or "our") is committed to protecting and respecting your privacy. We recognise that responsible handling of personal data is fundamental to maintaining trustworthy business relationships.

This Privacy and Data Protection Policy explains how we collect, use, store, and protect personal data in accordance with:

  • the UK General Data Protection Regulation (UK GDPR); and
  • the Data Protection Act 2018.

We continuously work to maintain compliance with applicable data protection laws and apply appropriate technical and organisational measures to safeguard personal data.

This Policy applies to Ekstron Ltd, its website Ekstron - Unlocking Emerging Markets' Liquidity, and any personal data processed through our business activities.

The most recent version of this Policy is always available on our website at Ekstron - Unlocking Emerging Markets' Liquidity.

2. Data Controller

For the purposes of the UK GDPR, the data controller is:

Ekstron Ltd
Company Registration Number: 16756664
13 Hawley Crescent, London, England, NW1 8NP
United Kingdom

Email: info@ekstron.com

Ekstron Ltd is not required to appoint a Data Protection Officer under UK GDPR. All data protection queries should be directed to the email address above.

3. Principles of Personal Data Processing

When processing personal data, Ekstron adheres to the principles set out in Article 5 of the UK GDPR. Personal data shall be:

  • processed lawfully, fairly, and transparently;
  • collected for specified, explicit, and legitimate purposes and not further processed incompatibly with those purposes;
  • adequate, relevant, and limited to what is necessary (data minimisation);
  • accurate and, where necessary, kept up to date;
  • kept for no longer than necessary for the purposes for which it is processed;
  • processed securely using appropriate technical and organisational measures.

4. Lawful Basis for Processing

We only process personal data where a lawful basis exists. Depending on the circumstances, processing is based on one or more of the following legal grounds under Article 6 of the UK GDPR:

  • Consent - where you have given clear consent for us to process your personal data for a specific purpose;
  • Contractual necessity - where processing is necessary to respond to your enquiry or take steps prior to entering into a contract;
  • Legitimate interests - where processing is necessary for our legitimate business interests, provided these do not override your fundamental rights and freedoms.

5. How We Collect Personal Data

We may collect personal data in the following ways:

  • when you contact us via the website contact form;
  • when you email us directly;
  • when you voluntarily provide information in connection with an enquiry;
  • from publicly available sources, such as professional or business-oriented social media platforms.

Our website is not intended for children. If you are under 18, please do not provide personal data without the consent of a parent or legal guardian.

6. Types of Personal Data We Collect

Depending on how you interact with us, we may collect the following personal data:

  • name;
  • email address;
  • telephone number;
  • company name (if provided);
  • country or general location;
  • the content of your message or enquiry.

Technical Data

When you visit our website, certain technical information may be collected automatically, such as:

  • IP address;
  • browser type and version;
  • operating system;
  • referring website.

This information is used for security, website functionality, and basic analytics purposes and is not used to directly identify you.

6A. Contact Forms and Third-Party Services

When you submit an enquiry through the contact form on our website, your data is processed using selected third-party service providers that support secure form delivery and website protection.

Web3Forms

Our contact form is powered by Web3Forms. Form submissions are securely transmitted to our designated email inbox and are not stored in any public or searchable database.

Web3Forms acts solely as a technical service provider for form delivery and does not use submitted data for its own purposes.

hCaptcha

We use hCaptcha to protect our website and contact forms from spam, abuse, and automated submissions.

hCaptcha may process certain technical and security-related data, such as:

  • IP address
  • Browser and device signals

This processing is carried out solely for security and fraud prevention purposes.

hCaptcha assets are loaded from: https://newassets.hcaptcha.com

hCaptcha Privacy Policy: hCaptcha - Privacy Policy

Cloudflare

We use Cloudflare to enhance website security, reliability, and performance.

Cloudflare may process:

  • IP addresses
  • Network traffic data

This processing is limited to bot protection, DDoS mitigation, and load balancing.

Cloudflare Privacy Policy: Cloudflare's Privacy Policy

7. How We Use Your Personal Data

We use personal data only for legitimate business purposes, including:

  • responding to enquiries submitted via the website contact form;
  • communicating with you regarding our services;
  • communicating with prospective clients;
  • protecting the website and contact forms from spam, fraud, and abuse;
  • improving website functionality, performance and security;
  • complying with legal or regulatory obligations.

We do not sell personal data and do not use it for unrelated marketing activities.

8. Data Retention

We retain personal data only for as long as necessary to fulfil the purposes for which it was collected or to comply with legal obligations.

Contact form submissions are typically retained for no longer than 12 months, unless further communication or a contractual relationship arises.

8A. Cookies and Similar Technologies

Our website uses only strictly necessary cookies required for security and infrastructure purposes. We do not use analytics, marketing, advertising, or tracking cookies.

Strictly Necessary Cookies

Cookie name Provider Purpose
__cf_bm Cloudflare Bot protection
__cflb Cloudflare Load balancing
hmt_id hCaptcha Spam and abuse prevention

Because these cookies are essential for the operation and security of the website, user consent is not required under the UK GDPR and the Privacy and Electronic Communications Regulations (PECR).

9. Data Security

We take appropriate technical and organisational measures to protect personal data against unauthorised access, alteration, disclosure, or destruction.

Our security measures include, but are not limited to:

  • restricted access on a need-to-know basis;
  • encrypted data transmission where applicable;
  • firewalled and monitored IT systems;
  • secure hosting infrastructure.

While no method of transmission over the internet is completely secure, we take reasonable steps to protect your personal data in accordance with UK GDPR requirements.

10. International Data Transfers

Our website is accessible internationally. Where personal data is transferred outside the UK, we ensure that appropriate safeguards are in place in accordance with UK GDPR requirements, such as standard contractual clauses or equivalent protections.

11. Your Rights Under UK GDPR

You have the following rights regarding your personal data:

  • Right of access - to request access to your personal data;
  • Right to rectification - to request correction of inaccurate or incomplete data;
  • Right to erasure - to request deletion of your personal data where legally applicable;
  • Right to restriction - to request restricted processing in certain circumstances;
  • Right to object - to object to processing based on legitimate interests;
  • Right to data portability - to receive your data in a structured, commonly used, machine-readable format;
  • Right to withdraw consent - where processing is based on consent.

To exercise any of these rights, please contact us at info@ekstron.com.

The contact form available on our website.

12. Right to Complain

You have the right to lodge a complaint with a supervisory authority. In the UK, this is:

Information Commissioner's Office (ICO)
Website: https://ico.org.uk

We would, however, appreciate the opportunity to address your concerns before you contact the ICO.

13. Changes to This Policy

We may update this Policy from time to time to reflect legal, technical, or business changes. Any updates will be published on this page with the revised effective date.