Privacy & Cookie Notice

Last Updated: 16th February 2026

Modaxo Group UK Limited, trading as Grampian Solutions (“Modaxo”, “we”, “us” or “our”) is committed to protecting personal data and being transparent about how it is used.

This Privacy & Cookie Notice explains how we process personal data in a business-to-business (‘B2B’) context when you visit our website and request we contact you by clicking ‘request a consultation’ or ‘contact us’ website buttons, completing and submitting your details in the ‘get in touch’ forms. It is provided in accordance with the:

  • UK General Data Protection Regulation (UK GDPR)
  • Data Protection Act 2018
  • Privacy and Electronic Communications (EC Directive) Regulations (PECR)

(together, “applicable data protection legislation”)

1. Who we are (Data Controller)

  • Data Controller: Modaxo Group UK Limited
  • Registered office: Brook Suite, Ground Floor Bewley House, Marshfield Road, Chippenham, England, SN15 1JW
  • Company number: 04160790
  • ICO registration number: Z7078847
  • Data privacy contact: dataprotection@grampiansolutions.com
  • Our website is hosted by a third-party acting as a data processor on our behalf.

2. Scope – B2B data processing

This website is intended for business users, including:

  • commercial transport operators
  • technology and infrastructure partners in the transport sector

We do not knowingly collect personal data from children, and this website is not intended for consumer or domestic use.

3. What is personal data?

Personal data means any information relating to an identified or identifiable individual, including business contact details such as names, work email addresses and job titles.  Information that has been anonymised, and individuals can no longer be identified, is not personal data.

4. Personal data we may collect

a. Business contact information you provide
First and Last Name
Company name
Business email address
Business telephone number
Enquiry content you may provide in the ‘Message’ text box

b. Website usage data
When you visit our website, we process limited technical information as part of standard server operations to ensure the security and availability of the site. We do not currently use cookies or similar technologies for analytics or marketing.  See further information in the “Cookies and similar technologies” section below.

5. How we use personal data and our lawful bases

Purpose

Personal data

Lawful basis

Responding to business enquiries

Business contact details, messages

Legitimate interests (UK GDPR)*

Providing product or service information

Business contact details

Legitimate interests (UK GDPR)

Managing business to business relationships

Contractual data and contact

Contract, where a contract exists or is being performed.

Legitimate interests (UK GDPR)

B2B marketing communications

Business email, preferences

Legitimate interests (UK GDPR)

Marketing conditions, soft opt-in, where applicable (PECR)**

Events and webinars

Business contact details

Legitimate interests (UK GDPR)

Legal and regulatory compliance obligations

Personal data to satisfy the purpose, including responding to regulatory or law enforcement requests and managing legal claims.

Legal obligation

*UK General Data Protection Regulation
**Privacy and Electronic Communications (EC Directive) Regulations 2003

Where consent is required (e.g. cookies), it can be withdrawn at any time. You may withdraw consent by using the relevant website controls or contacting us.

6. B2B marketing communications

We may send B2B marketing communications about our products, services, events, or insights where:

  • the communication relates to your professional role, and
  • you have been given a clear opportunity to opt out, or
  • you have explicitly opted in

Where you contact us using our website, we may use your business contact details to send you relevant follow-up information about our products and services that relate to your website enquiry.  This may be sent by email or phone in line with Privacy and Electronic Communications (EC Directive) Regulations (PECR).

We may contact you by email or telephone for B2B marketing purposes where permitted by law.  We will not make marketing calls to numbers registered with the Telephone Preference Services (TPS) or Corporate TPS, unless we have your consent. We screen marketing calls against TPS and Corporate TPS registers as required by law.

Marketing communications are sent by email or phone in line with PECR.

You can opt out of these communications at any time by using the “contact us” details in section ‎14 below.

We do not sell personal data or share it with third parties for their own marketing purposes.

7. Who we share personal data with

We may share personal data with trusted third-party service providers acting as data processors, including:

  • Website and cloud hosting providers
  • CRM and marketing platforms
  • Event and webinar platforms
  • IT, security, and support providers

All processors act under written agreements and are required to apply appropriate confidentiality and security controls.

We may also disclose data where required by law or regulatory authorities.

8. International data transfers

Some service providers may process personal data outside the UK. Where this occurs, we ensure appropriate safeguards are in place, including:

  • UK International Data Transfer Agreements (IDTA)
  • UK Addendum to EU Standard Contractual Clauses
  • Adequacy regulations, where applicable

9. Data retention

We retain personal data only for as long as necessary for legitimate business purposes and legal obligations. Retention periods may be extended where necessary to establish, exercise or defend legal claims.

Typical retention periods include:

  • Business enquiries and sales leads: up to 24 months.
  • Marketing data: until you opt out.
  • Event and webinar data: up to 24 months.
  • Customer and supplier records: in line with contractual and statutory requirements.

10. Cookies and similar technologies (PECR)

Our website does not currently use non-essential cookies or similar tracking technologies.  If this changes, we will update this notice and provide appropriate cookie information and controls.

We use essential cookies to ensure the website functions correctly and securely.  These cookies are set based on our legitimate interest in operating this website.  Consent is not required for these cookies.

11. Third-party websites

Our website may include links to third-party websites. We are not responsible for their privacy practices and recommend reviewing their privacy notices.

12. Information security and ISO 27001

Modaxo Group UK Limited operates an Information Security Management System aligned with recognised best practice. We are certified to ISO/IEC 27001 and apply appropriate technical and organisational security measures, including:

  • access controls and authentication
  • encryption where appropriate
  • monitoring and incident management
  • staff training and security awareness

These measures are designed to protect personal data in accordance with UK GDPR Article 32. However, no method of transmission over the internet or electronic storage is completely secure.

13. Your data protection rights

Under UK GDPR, you have the right to:

  • access your personal data
  • request rectification
  • request erasure
  • restrict processing
  • object to processing
  • data portability (where applicable)
  • withdraw consent at any time
  • lodge a complaint with the Information Commissioner’s Office

There is no fee for exercising your rights.

14. How to contact us

If you have any questions about this notice or how we handle personal data, please contact:

Email: dataprotection@naviquate.com

Post: The Data Protection Officer, Modaxo Group UK Limited, Brook Suite, Ground Floor Bewley House, Marshfield Road, Chippenham, England, SN15 1JW.