Privacy & Cookies Policy


This policy was last updated on 10 May 2023

About this policy

This policy explains how we collect and use personal data from and about visitors to our Website (, prospective customers, and customers who engage Amdaris to use our software development and application support services.

As we make changes to our website and business practices, we may need to update this policy. If we make any important changes, we will make sure we bring this to your attention and explain what it means to you.

Who we are

We are the Amdaris Group (Amdaris, we, us, or our) which is formed of the following companies:

UK Amdaris Group Limited (registered in England and Wales under company number 10485133 with its registered office at Aurora Studio A, Counterslip, Bristol, England, BS1 6BX)

Information Commissioner’s Office registration number: ZA220379

Wholly owned subsidiaries of Amdaris Group Limited:
Moldova Amdaris S.R.L (registered in Moldova with its office at Mt.Varlaam 63/23 str, Chisinau, Moldova
Bulgaria Amdaris Bulgaria EOOD, registered in Bulgaria with registration number UIC 206772815 and with its office at Sofia, post code 1000, district Triaditza, ul. “Georgi Benkovski” 11, 3rd floor, 1000 Sofia, Bulgaria
Ukraine Amdaris Ukraine LLC, registered in Ukraine with registration number 44244936 and with its office at 65007, Odessa region, Odessa, street Novoshchipny row, bldg. 15/17
Romania Amdaris Romania S.R.L (registered in Romania with its office at United Business Center 3, Timișoara, Piata Consiliul Europei 2E, Romania, 300088
UAE Amdaris Software Limited (registered in Dubai with its office at Dubai International Financial Centre, Unit Office-8, Office 9, Level 4, Gate District 5, Dubai, UAE

Our customers are businesses to who we provide technical support to help develop and maintain applications created by their in-house teams. Alternatively, or in addition to our technical support services, we offer our clients advisory services.

If you are a visitor or a key contact working for a prospective or existing customer, Amdaris is the controller for your information (which means that we decide what information we collect and how it is used).

Where you are employed or engaged by our customers and them:

  • Provide us your information (e.g. because you are a contact that our team members need to collaborate with); or
  • access to your information (e.g. administrative access to their internal systems which hold your information),

Amdaris is the processor for your information (which means we must follow the instructions they give us).

The information we collect about you

Personal data means any information that identifies or could be used to identify a person. We have grouped together the types of personal data we collect and how we receive it:

Individuals working for our customers
Personal Data Received from
Identity data – first name, last name, title, job title, employer, pronouns, work experience (to help us assess any skill gaps or expertise Amdaris needs to provide our services and support our customers’ inhouse team)
  • you
  • customer
  • referral source
  • events/ networking
  • third party lead generation services
  • social media platform
Contact Data – work email address, work telephone number, social media handle, office address
  • you
  • customer
  • referral source
  • events/ networking
  • third party lead generation services
  • social media platform
Feedback and enquiries – satisfaction rating and any responses you provide when you rate our services or reply to a survey, any information you send when you contact us
  • you
  • customer
  • third party feedback services
  • social media platform
Image and audio – profile picture, photograph, video footage, audio recording, CCTV
  • you
  • customer
  • social media platform
  • third party security services
Marketing – your status as a marketing recipient (e.g. if you have signed up to or opted out of receiving communications from us), your preferred method of communication and how you have interacted with our communications and content, your telephone preference service (TPS and CPTS) status
  • you (including via cookies and similar technologies)
  • customer
  • referral source
  • events/ networking opportunities
  • third party lead generation services
  • social media platform
Information is available via our access to our customer’s systems: Amdaris are given access to customer systems so that we can provide our services. The types of information we have access to will vary depending on our customer, the project and the systems.
  • you (including via cookies and similar technologies)
  • customer
Website visitors and individuals interacting with our corporate social media accounts
Interactions with our corporate accounts – first name, last name, social media handle, profile picture, content of posts and any additional information you choose to provide
  • you
  • other social media users
  • social media platform
Enquiries – information provided in webform submissions, direct messages, social media interactions, by email or by telephone
  • you
  • customer
  • social media platform
Website usage data – audit logs, chat logs, content or information input or uploaded, clickstream to and on our Website, download or upload errors, length of visit, page interaction
  • you (including via cookies and similar technologies)
Technical data – internet protocol (IP) address, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and type of device used to access our Website
  • you (including via cookies and similar technologies)
Marketing – your status as a marketing recipient (e.g. if you have signed up to or opted out of receiving communications from us), your preferred method of communication and how you have interacted with our communications and content
  • you (including via cookies and similar technologies)
  • customer
Job applicants and prospective employees
Identity data – first name, last name, title, current job title, current employer, gender, pronouns
  • you
  • social media platform
  • recruitment agency
Contact data – work email address, work telephone number, personal email address, personal telephone number, social media handle
  • you
  • social media platform
  • recruitment agency
Recruitment – previous job titles, employment history, preferred working hours, qualifications or accreditations, right to work status, professional memberships, CV, application form, outcome of recruitment process, current and desired salary, DBS checks
  • you
  • social media platform
  • recruitment agency
  • third parties we engage to conduct background checks
Sensitive – information about your racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, data concerning (mental or physical) health, sex life or sexual orientation, trade union members, information about criminal convictions and offences.

Note: we typically only receive this information if you voluntarily complete diversity or inclusion questionnaires, you require reasonable adjustment or the information is publicly available.

  • you
  • social media platform
  • recruitment agency

How we use your information

We use your personal data to:

  • pursue our legitimate interests (our justifiable business aims) but only if those interests are not outweighed by your other rights and freedoms (e.g. your right to privacy)
  • to do something that you have given your consent (permission) for
  • to comply with a legal obligation that we have
Use Justification
Respond to enquiries and requests that you submit on our Website or via other online platforms  Legitimate interest (necessary to engage prospective customers, provide customer service)
To identify prospective customers and obtain contact details for key contacts (from third party lead generation services) Legitimate interest (necessary to promote and grow our business)
Taking steps to enter into the contract with our customer Legitimate interests (as our customer is an organisation, as necessary to conclude our contract with such organisation and obtain contact details for key contracts)
Provide our technical services to our customer Legitimate interest (necessary to administer the contract between Amdaris and our customer)
Processing payments and collecting and recovering monies owed to us Legitimate interests (as necessary to recover monies and debts due to us)
to make recruitment decisions legitimate interest (necessary to attract, assess and retain individuals with skills, experience and expertise required to provide our services and conduct other business activities)
to investigate and respond to complaints Legitimate interest (necessary to remedy errors, improve our service and protect our reputation)
to lodge or respond to a legal claim legitimate interest (necessary to enforce our contractual or legal right or to effectively respond to a claim made against us
To send service notifications and updates Legitimate interest (for customers, as necessary to administer the contract between Amdaris and our customer)
Administering and protecting products, services and systems (and those of our customers and processors) Legitimate interests (necessary to provide our services, monitor and improve network security and prevent fraud)
Providing insight on how our services are being used Legitimate interest (necessary to improve and optimise our services)

Legitimate interests (to provide our customer with an overview of service users’ engagement with the service)

Consent (where this information is obtained by non-essential cookies and similar technologies)

Send you our e-newsletter Consent (where you have directly subscribed to receive our newsletter)

Legitimate interest (necessary to promote our services to contacts at our business customer)

Ask you to participate in surveys and other types of feedback Legitimate interest (necessary to monitor and improve our customer service and Website)
Sending you electronic marketing communications Consent (where you have indicated to us you would like to receive marketing communications, e.g. by subscribing to our mailing list)

Legitimate interests (where we market on a business-to-business, also known as B2B, basis – necessary to promote and grow our business)

Administer and protect how our Website functions Legitimate interest (necessary to monitor and improve network security)
Analyse how you interact with our Website Legitimate interest (necessary to improve and optimise our Website and its content)
To notify you about changes to this document Legal obligation
To enable a person to exercise their legal rights Legal obligation
To provide reasonable adjustment Legal obligation

Who we share your information with

  • Our personnel: Amdaris employees (or other types of workers) who have contracts containing confidentiality and data protection obligations.
  • Other entities within the Amdaris Group: we share information within our group. We have a data sharing agreement which all our group entities are party to which sets out our responsibilities and data protection obligations and includes appropriate legal mechanisms to allow us to transfer personal data between countries in a safe and lawful way.
  • Our customers: where we correspond or administer our services. Our customer is the controller they receive from us (which means they make their own decisions about how they use that information. Where we act as the processor for our customer, we only use personal data in the way they expressly authorise us to in writing or in our contract with them). If you have any questions about how they use the information they receive you should ask to see their privacy information.
  • Our supply chain : we engage other organisations to help us administer our Website (such as our hosting, analytics insight, marketing, IT infrastructure, advertising, recruitment agencies). These organisations can only access the information required to provide the service we use them for and are bound by contracts containing confidentiality and data protection obligations.
  • Our professional advisers: such as our accountants or legal advisors.
  • Regulatory authorities such as national tax authorities (for example, HM Revenue & Customs in the United Kingdom).
  • Social medial platforms linked to our Website: where you click a link on our Website which transfers you to a third-party website (such as LinkedIn, Twitter, Facebook, YouTube).
  • Any actual or potential buyer of our business.

If we are asked to provide your information (e.g. by the police) we follow strict internal processes to ensure it is a valid request and carefully consider the potential impact on you before we decide to share information. We can decide to seek legal advice to help us decide whether to respond to or reject a request.

If we are the processor for that information, unless we are not allowed to do so, we notify our customer (the controller) and they will decide what to do next.

Where your information is located or transferred to

Where we transfer personal data outside the UK or the EEA we will only do so to a country that is subject to an adequacy decision given by the UK Secretary of State or the European Commission or in reliance upon a valid mechanism for transferring personal data under UK or EEA law.

If you would like further information about international transfers and the specific mechanism relied upon by us for a specific transfer, please contact us at

How we keep your information safe

We have security measures to reduce the risk of your personal data being accidentally lost, used or accessed in an unauthorised way, altered or disclosed (a data breach). Some examples of the measures we use are:

  • https technology
  • technical measures (e.g. monitoring and security alert systems, intrusion detection and prevention systems, internal vulnerability scans and penetration testing, backups, encryption technologies, MFA)
  • organisational measures (e.g. incident reporting processes, internal policies and procedures, staff training, internal audits, risk analysis)
  • external audits (e.g. penetration testing, vulnerability testing, Information Security System audits, network scanning)
  • procurement processes (supplier analysis, NDAs).

Where there has been a suspected data breach, if we are the controller for the affected data then we will notify you and the relevant regulator where required to do so. If we are the processor for the affected information, we inform the relevant controller and support them with their investigation and response to the data breach.

How long we keep your information for

We only keep your personal data for as long as necessary in connection with the purposes we collected it for and to comply with any legal, accounting or reporting requirements. To decide how long we keep your personal data for, we consider the amount, nature and sensitivity of the personal data, the purposes for which it was collected and the potential risk of continuing to keep it.

  • Where you submit an enquiry via our Website, we keep the information for 60 months (unless your organisation subsequently becomes our customer, or engages in ongoing discussions with our company in which case we keep it for three years after our relationship has ceased.
  • We keep the analytical data about how you used our Website for 60 months.
  • Where you subscribe to our newsletter or marketing communications, we actively use your information until you unsubscribe or your email becomes permanently unavailable. When you unsubscribe, we keep a record of your preference to ensure that you are not
  • We return information or cease to have access to most personal data at the end of our customer relationship but we retain key contact information for three years so we have a point of contact on our CRM system.
  • We may keep information for longer where there is a legal obligation to do so (e.g. finance records) or we have a legitimate interest (e.g. to defend against legal claims).

Where Amdaris has converted personal data into anonymous data (which means it is no longer possible to identify a person from the information) we keep that information indefinitely.

Email marketing

Where you have indicated you would like to receive marketing emails from Amdaris, we use Salesforce, Mailchimp and ActiveCampaign and Pardot to deliver and monitor those emails. Their digital tools let us see whether a recipient has clicked any of the links in our email, which help us understand what content that individual might find interesting and allow us to personalise the content of future emails.

Pixels (which are a similar technology to cookies) within those emails enable Amdaris to see:

  • if the email was opened
  • where the device opening the email was located (based on the device’s IP address)
  • the type of email client (e.g. Outlook) that was used
  • if the email (or its content) were shared on social media
  • if the email was flagged as spam

Our marketing emails always include a link which allows you to unsubscribe at any time.

Additional information for individuals based in the UK or EEA

You have specific legal rights under data protection law. These are equivalent in the UK and EEA so we have grouped them together. They are the right to:

  • Access: you must be told if your personal data is being used. You can ask for a copy of your personal data as well as information about how we are using it to make sure we are abiding by the law.
  • Correct: you can ask us to correct your personal data if it is inaccurate or incomplete. We might need to verify the new information before we make any changes.
  • Delete: you can ask us to delete or remove your personal data if there is no good reason for us to continuing holding it or if you have asked us to stop using it (see below). If we think there is a good reason to keep the information you have asked us to delete (e.g. to comply with regulatory requirements), we will let you know and explain our decision.
  • Restrict: you can ask us to restrict how we use your personal data and temporarily limit the way we use it (e.g. whilst you check that the personal data we hold for you is correct).
  • Object: you can object to us using your personal data if you want us to stop using it. We always comply with your request if you ask us to stop sending you marketing but in other cases, we decide whether we will continue. If we think there is a good reason for us to keep using your information, we will let you know and explain our decision.
  • Transfer: you can ask us to send you or another organisation an electronic copy of your personal data.
  • Complain: we hope that we can answer any questions or respond to any concerns you might have, so please contact us in the first instance by emailing However, if you are unsatisfied with our response or would prefer to escalate immediately, you can contact the relevant authority.
  • If you are in the UK: you can contact the ICO.
  • If you are in the EEA: you can contact the supervisory authority of your country.


It is usually free for you to exercise your rights and we aim to respond within one month. We might ask you to verify your identity before we begin working on your request as part of our security measures (to keep personal data safe).

It might take us longer to deal with more complicated requests or where multiple requests are made at the same time, but we will always let you know first and will only ever extend the deadline by a maximum of two months.

The only time we charge a fee or refuse to respond is if we feel the request is unfounded or excessive, but we will always let you know and explain our decision.

We do not respond directly to requests which relate to personal data for which we act as the processor. In this situation, we forward your request to the relevant controller and await their instruction before we take any action.

If you want to make any of the right requests above, you can reach us at

Additional information for individuals based in the State of California

Any reference to personal data in this policy include references to personal information as defined under California Consumer Privacy Act (CCPA).

You have specific legal rights under the CCPA which differ from the rights granted to individuals based in the UK and EEA. They are the right to:

  • Access and delete: the rights to access and delete information as described above are limited to the personal data that we have collected over the previous 12 months and are subject to the exceptions set out in the CCPA.
  • Opt-out of sale of information: we do not sell your personal data but you are free to inform us that you wish us to continue with this policy.
  • Non-discrimination: you must not face any discrimination for exercising your legal rights under the CCPA (such as denying you access to our Services).

We confirm that we have not sold any personal data in the past 12 months.

For the purposes of the CCPA, we are deemed to routinely undertake disclosures of personal information to third parties for business purposes. We enter contracts with those third parties which include binding confidentiality clauses and restrictions which prevent them using your information for any other purpose. In the past 12 months we have disclosed all of the categories of personal information listed in the Information we collect about you section which our supply chain for the purposes of hosting our Website and marketing systems, detecting and protecting against security incidents and debugging to identify and repair errors.

We do not respond directly to requests which relate to personal data for which we act as the processor. In this situation, we forward your request to the relevant controller and await their instruction before we take any action.

You (or another person authorised by you and registered with the California Secretary of State) can make a request under the CCPA by emailing


This website uses cookies and similar technologies (such as beacons and pixels).

What are cookies?

Cookies are small text files that are downloaded to your device when you access a website. Cookies contain a uniquely generated references which are used to distinguish you from other visitors on a website. They allow information gathered on one webpage to be stored until it is needed for use on another, allowing a website to provide you with a personalised experience (like remembering your favourites) and the website owner with statistics about how you interact with their (and sometimes third party) webpages.

Cookies are not harmful to your devices (like a virus or malicious code) but some individuals prefer not to share their information (for example, to avoid targeted advertising).

Different types of cookies

  • Session vs. persistent cookies: cookies have a limited lifespan. Cookies which only last a short time or end when you close your browser are called session cookies. Cookies which remain on your device for longer are called persistent cookies (these are the type of cookies allow websites to remember your details when you log back onto them).
  • First party vs third party cookies: cookies placed on your device by the website owner are called first party cookies. When the website owner uses other businesses’ technology to help them manage and monitor their website (for example, they use Google Analytics to see how many visitors their website has), the cookies added by the other business are called third party cookies.
  • Categories of cookies: cookies can be grouped by what they help the website or website owner do.
    • Essential cookies are cookies whose only function is to help the website work.
    • Functional cookies help the website to run properly.
    • Performance cookies help a website owner understand and analyse how website visitors use their website.
    • Advertising cookies tailor online adverts to reflect the content you have previously browse and help inform companies about your interests so they can show you relevant adverts.

What do Amdaris use cookies for?

We use cookies to:

  • to track how visitors use our Website
  • to record whether you have seen specific messages we display on our Website
  • to record the conversation thread when you use our webchat function.

The cookies we use are:


Accepting or declining cookies (and how to delete them)

We can only use cookies with your permission (you click ‘accept’ on the cookie banner when you visit one of our webpages).

You can choose to decline cookies but if you turn off necessary cookies, some pages and functions on our websites may not work properly.

You can manage cookies through your browser settings (the websites All About Cookies and About Cookies have helpful guides) or device settings (your user manual should contain additional information).

You can also delete cookies directly with the relevant third parties (for example, you can disable Google Analytics on their website)