Privacy Policy

Max Impact Privacy Notice

Last Updated: March 2026

1. WHAT INFORMATION DO WE COLLECT?

We collect personal information you voluntarily provide (names, emails, phone numbers). We also automatically collect technical data like IP addresses and browser characteristics. Under 2026 UK law, we may also collect cookies without explicit consent for limited "statistical purposes" or to adapt service functions to your preferences, provided an opt-out is available.

2. HOW DO WE PROCESS YOUR INFORMATION?

We process your data to deliver services, respond to inquiries, and manage orders.

  • Infrastructure: We use Amazon Web Services (AWS) to host our infrastructure and process your data. AWS implements rigorous technical and organisational measures to protect your information.

  • Data Controller: Max Impact Services Limited is the data controller for the information described here.

3. LEGAL BASES FOR PROCESSING

Under the UK GDPR and DUAA 2025, we rely on the following bases:

  • Consent: When you give us clear permission for a specific purpose.

  • Performance of a Contract: To fulfil our obligations to you.

  • Recognised Legitimate Interests: We may process data without a balancing test for specific purposes defined by UK law, such as crime prevention, safeguarding, or responding to public body requests.

  • Standard Legitimate Interests: For our own business interests (like marketing), where these do not outweigh your rights.

4. SHARING AND INTERNATIONAL TRANSFERS

We share data with vendors (such as AWS) and during business transfers.

  • AWS Regions: Data processed via AWS may be stored in various geographic regions. AWS allows us to select specific regions to ensure data remains within compliant jurisdictions.

  • International Transfer Test: For transfers outside the UK, we apply the "not materially lower" data protection test to ensure your data receives a level of protection equivalent to UK standards.

5. YOUR PRIVACY RIGHTS

In the UK and EEA, you have rights including access, rectification, erasure, and data portability.

  • Subject Access Requests (DSAR): We may "stop the clock" on the one-month response deadline if we reasonably require clarification from you to fulfil your request.

  • Automated Decision-Making: You have the right to contest decisions made solely by automated means (such as AI) and request human intervention, except where special category data is not involved.

6. NEW: DATA PROTECTION COMPLAINTS

From June 19, 2026, you have a statutory right to complain directly to us regarding our data practices.

  • How to Complain: You can submit a complaint via our contact form (below).

  • Our Timeline: We will acknowledge your complaint within 30 days and investigate it without "undue delay".

Regulatory Body: You always retain the right to lodge a complaint with the Information Commissioner’s Office (ICO).

Max Impact Services Ltd.

6 Springfield Drive
Lakenheath
IP27 9HH

07734 468718

Opening hours

Mon - Fri 9am-5pm

Contact us

Drop us a line now

The 'First name' field is required
The 'Last name' field is required
Please enter a valid Email address

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Cookie Notice

This website, along with many others, uses cookies. Cookies let users navigate around sites and (where appropriate) let us tailor the content to fit the needs of our site's visitors. Without cookies enabled we can't guarantee that the website and your experience of it are as we intended it to be.