Privacy Policy

Last updated: July 2025

1. Introduction and Scope

Govix Limited (“Govix”) is a Jersey, Channel Islands-based technology company providing compliance tools to institutional customers in Jersey, the UK, EU and the US. This Privacy Policy explains how we comply with Jersey’s Data Protection (Jersey) Law 2018, the UK GDPR, the EU GDPR, and applicable U.S. privacy laws (including the CCPA/CPRA) when processing personal data. Govix is the data controller for the data described in this policy. Contact: hello@govix.ai.

2. Personal Data We Process

2.1 Business Contact Data

We process limited personal data about customer representatives (e.g., name, job title, work email, phone) for administration, communication, and service delivery. No personal data about individual consumers or customers of our customers is collected.

2.2 Commercial and Operational Data (Non-Personal)

Compliance records and business process data on our platform do not constitute personal data. This data is treated as confidential business information and is outside the scope of data protection laws.

3. Purpose of Processing

We process personal data of customer representatives for legitimate business purposes such as relationship management, service provision, and compliance with legal obligations. Use is limited to the original collection context.

4. Legal Basis for Processing

4.1 Legitimate Interests

Processing for service delivery and communications is based on legitimate interests (GDPR Article 6(1)(f), DPJL Schedule 2(5)).

4.2 Contractual Necessity

Where applicable, we process personal data to fulfil our contractual obligations (GDPR Article 6(1)(b), DPJL Schedule 2(2)).

4.3 Legal Compliance

Personal data may be processed to comply with legal obligations (GDPR Article 6(1)(c), DPJL Schedule 2(3)).

5. Sharing and Disclosure of Personal Data

We do not sell or rent personal data. Data is shared with service providers (e.g., AWS, Zoho, Notion) only as needed for operational support. Providers act as processors under binding contracts.

6. International Data Transfers

Data may be hosted in the UK, EU, or the US via secure providers. Transfers comply with GDPR requirements, using adequacy decisions or Standard Contractual Clauses (SCCs).

7. Data Security

We implement security measures including encryption, access control, and regular audits. Access is restricted to trained personnel only.

8. Data Retention

Data is retained only as long as necessary. Retention periods are defined per data category. Data is deleted or anonymized once no longer needed.

9. Your Rights

9.1 Under Jersey/EU/UK Law

You have rights to access, correct, delete, or object to processing of your data. Contact scrub-me@govix.ai to exercise these rights.

9.2 California (CCPA/CPRA)

California residents may request access or deletion of personal data. We do not sell data. Requests will be honored in line with CCPA/CPRA.

9.3 Complaints

Complaints may be directed to the Jersey Office of the Information Commissioner (www.jerseyoic.org) or relevant authorities.

10. Contact Information

Govix Limited, 1st Floor, 9–10 Colomberie Court, St. Helier, Jersey, JE2 4QB
Email: hello@govix.ai

11. Updates to this Policy

We may update this Privacy Policy periodically. Changes will be posted with the effective date and communicated if material.

Legal Basis: Jersey Data Protection Law 2018, GDPR (EU/UK), UK Adequacy Decision, CCPA/CPRA
Last Updated: July 2025
Next Review: July 2026
Version: 1.0