Privacy Policy

How RainbowLens Ltd protects and manages your personal data in compliance with UK GDPR

Contact Data Protection Officer Policy Summary
Summary Data We Collect How We Use Data Data Sharing Data Security Your Rights Contact Us

Privacy Policy Summary

Data Collection

We collect minimal personal data necessary to provide our VR training services and improve user experience.

Data Protection

Your data is protected with industry-standard security measures and we never sell your personal information.

Your Control

You have full rights to access, correct, or delete your personal data at any time.

Last Updated: 21 November 2025
This policy applies to RainbowLens Ltd, registered in England and Wales.

Data We Collect

We collect different types of information depending on your interaction with our services:

Personal Information

  • Contact Details: Name, email address, phone number, organization
  • Professional Information: Job title, department, training requirements
  • Communication Records: Emails, contact form submissions, demo requests

Usage & Technical Data

  • VR Training Analytics: Performance metrics, completion rates, error patterns
  • Device Information: Headset type, software versions, interaction data
  • Website Analytics: IP address, browser type, pages visited, session duration

Financial Information

  • Billing Details: Organization name, address, purchase history
  • Payment Processing: Handled securely by our payment providers (we don't store card details)

How We Collect Your Data

Direct interactions (website forms, demo requests)

VR training sessions and performance analytics

Automated technologies (cookies, analytics tools)

Email communications and customer support

How We Use Your Data

We use your personal data only for specific, legitimate purposes:

Service Delivery

  • Providing VR training modules and licenses
  • Managing user accounts and access
  • Processing payments and invoices
  • Delivering on-site training sessions

Customer Support

  • Responding to inquiries and demo requests
  • Providing technical support
  • Managing training schedules
  • Handling feedback and complaints

Service Improvement

  • Analyzing training effectiveness
  • Developing new VR modules
  • Enhancing user experience
  • Personalizing training content

Marketing & Communication

  • Sending service updates
  • Sharing new training opportunities
  • Newsletter distribution (with consent)
  • Event invitations and industry insights

Our Legal Basis for Processing

Contractual Necessity

Processing necessary to fulfill our service agreements with you

Legitimate Interests

Improving our services, security, and business operations

Legal Obligation

Complying with UK laws and regulatory requirements

Consent

Where we've obtained your explicit permission for specific uses

Data Sharing and Third Parties

We only share your data when necessary and with appropriate safeguards:

International Data Transfers

As a UK-based company with development teams in Pakistan and Bangladesh, we ensure all international data transfers comply with UK GDPR requirements through:

  • Standard Contractual Clauses (SCCs)
  • Adequacy decisions where applicable
  • Appropriate technical and organizational safeguards

Data Security

We implement robust security measures to protect your personal data:

Encryption

All data is encrypted in transit and at rest using industry-standard protocols

Access Controls

Strict role-based access controls limit data access to authorized personnel only

Network Security

Firewalls, intrusion detection, and regular security monitoring protect our systems

Policies & Training

Comprehensive data protection policies and regular staff training

Data Retention

We retain personal data only for as long as necessary to fulfill the purposes for which it was collected:

Customer Account Data
7 years after last activity
Financial Records
7 years for tax purposes
Training Analytics
3 years for service improvement
Marketing Communications
Until consent withdrawal

Your Data Protection Rights

Under UK GDPR, you have important rights regarding your personal data:

Right to Access

You can request copies of your personal data that we hold

Right to Rectification

You can request correction of inaccurate or incomplete data

Right to Erasure

You can request deletion of your personal data in certain circumstances

Right to Restrict Processing

You can request limitation of how we use your data

Right to Data Portability

You can request transfer of your data to another organization

Right to Object

You can object to certain types of data processing

Exercising Your Rights

To exercise any of these rights, please contact us using the details below. We will respond to your request within one month.

We may need to verify your identity before processing certain requests

Some rights may be limited by legal obligations or legitimate business needs

Contact & Complaints

Data Protection Officer

Hammad Akhtar
Director, RainbowLens Ltd

privacy@rainbowlens.co.uk

General Inquiries

For general privacy questions or to exercise your rights

info@rainbowlens.co.uk

Registered Office

RainbowLens Ltd
Leeds Studio
United Kingdom

View Contact Page

Complaints Procedure

If you have concerns about how we handle your personal data, please contact us first. If you're not satisfied with our response, you have the right to lodge a complaint with:

Information Commissioner's Office (ICO)

The UK's independent authority for data protection

Website: ico.org.uk

Helpline: 0303 123 1113

Policy Updates

We may update this privacy policy from time to time to reflect changes in our practices, services, or legal requirements. We will notify you of any material changes through our website or direct communication.

Update History

  • 21 November 2025: Initial privacy policy published