Data Protection and Privacy Policy


Duco deals with highly sensitive data as a matter of course in our day-to-day business, and as a company we consider data protection and privacy to be of paramount importance.

When you interact with us there are certain situations where we will collect and store various types of data about you and/or your activity on our website. The purpose of this policy is to identify what, when, and how this data is collected, and your rights in relation to this data.

We never share, sell, rent, or trade personal data with third parties for their promotional purposes and we carry out all processing operations in strict compliance with the EU General Data Protection Regulation 2016/679 (“GDPR”) and the UK Data Protection Act 2018.

We may update this policy from time to time. The latest version will govern our practices for collecting, processing, and disclosing the data we collect.

Who are “we”?

When we refer to “we” (or “our” or “us”), this means Duco Technology Limited and all its wholly owned subsidiaries globally. Address details for all Duco offices are available on our Contact page.

The data we collect

When you visit our website or use our services, we may collect data. The ways we collect it can be categorised as follows:

  • Data you provide

    Our website includes a number of forms, where you can request additional information from us, apply for a job, or sign up for an event or promotion. In return, we will ask for some basic contact information, for example: name, work email address, company, country, job title, and phone number.

  • Data we collect automatically

    When you visit our site we collect some information automatically, for example: the name of your internet service provider, the website you visited us from, the parts of our site you visit, the date and duration of your visit, and information from the device you used during your visit (e.g. device type, operating system, screen resolution, language, location and browser type). This information gives us a better idea of how users navigate our website, so we can improve its user experience. Much of the information we collect automatically is via cookies which are covered in greater detail below. In addition, if you receive emails from us, we use tools to capture data such as when you open our email or click on any links or banners our emails may contain. This data helps us to gauge the effectiveness of our communications.

  • Data we collect from third parties

    In some cases, we collect data about you from other sources, such as trusted third parties like our marketing and research partners, but only where these third parties either have your consent or are otherwise legally permitted or required to disclose your information to us. We use this information to supplement the data we already hold, in order to better inform, personalise and improve our services.


Cookies are a type of file stored on your internet device (PC, phone or tablet) and are used by most websites in various ways to personalise your online experience. Cookies can also be used to track your activity and behaviour online. This provides website owners with important insights into the quality of their services, allowing them to improve and better meet the needs of all their visitors.

We, and some of our affiliates and third-party service providers, may use different types of cookies. Some are persistent cookies (cookies that remain on your hard drive for an extended period of time) and some are session ID cookies (cookies that expire when you close your browser). Here is a list of the cookies we use on this website:

  • Google Analytics

    Used to analyse how visitors navigate around our website. Also used for website traffic reporting statistics.

  • Hubspot

    Used to help us carry out marketing automation and personalise our communications with you.

  • LinkedIn

    Used to measure the effectiveness of LinkedIn content and campaigns

  • Twitter

    Used to measure the effectiveness of Twitter content and campaigns

  • Facebook

    Used to measure the effectiveness of Facebook content and campaigns

  • Hotjar

    Used to measure and understand how users navigate around our website and use our forms

By using this site you consent to us using the above cookies, in compliance with our standard terms and conditions. If you don’t want to receive cookies, you can modify your browser so that it notifies you when cookies are sent to it, or you can refuse cookies altogether. You can also delete cookies that have already been set. The ‘Help’ function within your browser should tell you how to do this. Alternatively, you can visit, which contains comprehensive information on how to manage cookies on a wide variety of browsers.

How we process data

Once we have collected data, we will only process it:

  • To enter into a business relationship with you or your company
  • Where we have legitimate interests to process the data and they’re not overridden by your personal rights
  • In accordance with a legal obligation, or
  • Where we have your consent

We use this data predominantly to help provide you with services that you have requested, for example contacting you to provide the answer to a query, support request, demo or provide a piece of content such as a whitepaper. We may also use the data:

  • To send you technical notices, updates and administrative messages
  • To send marketing communications to you about Duco, or any other product or service we think may benefit you, in accordance with your marketing preferences
  • To ask you for feedback or to take part in research
  • To improve our websites and services, for example by tracking and monitoring your activity so we can keep can optimise the user experience
  • To protect us from fraud or malicious activity
  • To display targeted advertising, both on our website and third party websites or platforms
  • To produce aggregated reports on website traffic and activity


Legal basis for processing data

We carry out all processing operations in strict compliance with GDPR.

Article 6(1)(f) gives a lawful basis for processing where: “processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data”.

We will only process information about you where it is in our legitimate interests to do so and is not overridden by your rights (for example, in some cases for direct marketing, fraud prevention, network and information systems security, responding to your communications, the operation of networks of groups by the network administrators, and improving our products and services).

Keeping your data secure

We are committed to keeping your data secure and we have robust measures in place to make sure that happens. We are ISO 27001 certified for information security.

We store your usage data until such time when you withdraw your consent for us to do so. All other data as specified above will be retained for as long is necessary for the purpose(s) for which we originally collected it. We will also retain information as required by law.

Who we share your data with

There will be times when we need to share the data we collect with the following third parties:

  • Companies who perform services on our behalf. We will only share data which is necessary for that company to perform those services. Any company we work with protects its data in a way that is consistent with this policy.
  • Auditors and professional advisers such as bankers, lawyers, accountants and insurers, and government bodies, regulators and law enforcement. We will only access and disclose information about you if we believe disclosure is in accordance with, or required by, applicable law, regulation, legal process or audits.


International data transfers

When we share data, it may be transferred to, and processed in, countries other than the country you live in. These countries may have data protection laws that are different to the laws of your country and, in some cases, may not be as protective. However, we have taken appropriate safeguards to require that your information will remain protected in accordance with this policy.

The data of individuals in the European Economic Area (“EEA”) may be transferred outside of the EEA. However, it will only be transferred to countries or entities that have been identified as providing adequate protection for personal data, such as Privacy-Shield certified companies in the USA, or to parties where we have approved transfer mechanisms, such as the European Commission standard contractual clauses, in place to protect your personal data.

Your rights

In relation to the data described above, you have the following data protection rights:

  • If you wish to access, correct, update or request deletion of your personal data, you can do so at any time by contacting us using the contact details provided on our Contact page
  • In addition, you can object to processing of your personal data, ask us to restrict processing of your personal data or request portability of your personal data. Again, you can exercise these rights by contacting us using the contact details provided on our Contact page
  • You have the right to opt out of marketing communications we send you at any time. You can exercise this right by clicking the “unsubscribe” link in the marketing emails we send you. To opt out of other forms of marketing (such as postal marketing or telemarketing), you may contact us using the contact details provided on our Contact page
  • If we have collected and processed your personal data with your consent, then you can withdraw your consent at any time. Withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect any processing of your personal data which relies on lawful processing grounds other than consent

You have the right to raise a complaint, and can do so using the contact details provided on our Contact page. We will respond to all requests we receive from individuals wishing to exercise their data protection rights in accordance with applicable data protection laws. We reserve the right to keep any information in our archives that we deem necessary to comply with our legal obligations, resolve disputes and enforce our agreements.

You also have the right to complain to a data protection authority about our collection and use of your personal information. For more information, please contact your local data protection authority.