1. Interpretation and Definitions

Interpretation

Words with an initial capital letter have meanings defined under the following conditions. These definitions apply regardless of whether they appear in the singular or plural.

Definitions

For the purposes of this Privacy Policy:

• Account: A unique account created for you to access our Service or parts of our Service.
• Affiliate: An entity that controls, is controlled by, or is under common control with a party. "Control" means ownership of 50% or more of the shares, equity interest, or other voting securities.
• Company: (referred to as "the Company," "we," "us," or "our") Onwego Next Phase Limited, Unit 26j, Building 6500, Cork Airport Business Park, Cork, Ireland, T12 E6RY.
• Cookies: Small files placed on your computer, mobile device, or other devices by a website that contain details of your browsing history.
• Country: Ireland.
• Device: Any device (e.g., computer, cellphone, digital tablet) used to access the Service.
• Personal Data: Any information that relates to an identified or identifiable individual.
• Service: The website and related services provided by the Company.
• Service Provider: Any natural or legal person who processes data on behalf of the Company, including third-party companies or individuals who assist with service provision, maintenance, or analysis.
• Usage Data: Data collected automatically, generated by your use of the Service or from the Service infrastructure (e.g., page visit duration, unique device identifiers).
• Website: Onwego Next Phase Limited, accessible from www.getukstatepension.com.
• You: The individual or entity accessing or using the Service.

2. Collecting and Using Your Personal Data

Types of Data Collected

Personal Data

While using our Service, we may ask you to provide certain personally identifiable information to contact or identify you. This may include, but is not limited to:

• Email address
• First name and last name
• Phone number
• Usage Data

Usage Data

Usage Data is collected automatically when you use our Service and may include:

• Your device's IP address, browser type, and version
• The pages of our Service that you visit
• The date and time of your visit, along with the duration of your visit
• Unique device identifiers and other diagnostic data

When you access the Service via a mobile device, additional data may be collected automatically, such as:

• Mobile device type and unique ID
• Mobile operating system
• Mobile browser type and unique identifiers

Additional Data We Collect for HMRC Applications

In addition to the basic contact information collected for marketing purposes (name, email address, and phone number), paying customers who engage our services to draft their HMRC applications provide us with further personal information. This data is collected securely via Typeform and is used solely for preparing and supporting your HMRC CF83 application. The information we collect typically includes, but is not limited to:

• Full Name – As provided on official documents.
• Date of Birth (DOB) – To verify identity and eligibility.
• Residential Address – Your current home address.
• National Insurance (NI) Number – For tax and social security purposes.
• Tax Reference Numbers – Such as your HMRC Unique Taxpayer Reference (UTR) if applicable.
• Employment Details – Information such as employer name, job title, and employment status, which may be relevant for the application.
• Financial Information – Relevant income details or bank account information if required for direct debits or payment verification.
• Identification Documents – Scanned copies or details from a valid passport or driver’s license for identity verification.
• Technical Data – Including your IP address, browser type, and device information, collected automatically via Typeform for security and service improvement purposes.

This information is stored and processed in compliance with GDPR and other applicable privacy laws, ensuring that your data is safeguarded using reasonable security practices.

3. Tracking Technologies and Cookies

We use Cookies and similar tracking technologies (e.g., web beacons, tags, and scripts) to track activity on our Service and store certain information. The technologies used may include:

• Cookies or Browser Cookies: Small files placed on your device. You can instruct your browser to refuse Cookies; however, this may limit your ability to use parts of our Service.
• Web Beacons: Small electronic files (also known as clear gifs, pixel tags, or single-pixel gifs) used to count users or track email interactions.

We use both session and persistent Cookies for the following purposes:

• Necessary/Essential Cookies (Session Cookies): Essential for providing services and authenticating users.
• Cookies Policy/Notice Acceptance Cookies (Persistent Cookies): Identify if you have accepted the use of Cookies.
• Functionality Cookies (Persistent Cookies): Remember choices such as login details or language preferences to provide a more personalized experience.

For more details, please visit our Cookies Policy.

4. Use of Your Personal Data

The Company may use your Personal Data for the following purposes:

• To Provide and Maintain our Service: Including monitoring usage.
• To Manage Your Account: Enabling access to functionalities for registered users.
• For Contractual Performance: Developing, complying with, and fulfilling contracts for products, services, or items purchased.
• To Contact You: Via email, telephone, SMS, or push notifications regarding updates, security alerts, or relevant communications.
• For Marketing Purposes: Sending news, special offers, and information about goods, services, or events similar to those you have inquired about, unless you opt out.
• To Manage Your Requests: Handling your inquiries and requests.
• For Business Transfers: In events such as mergers or acquisitions, where Personal Data may be among transferred assets.
• For Other Purposes: Data analysis, identifying trends, evaluating promotional campaigns, and improving our Service.

We may share your Personal Data in the following situations:

• With Service Providers: For monitoring, analysis, or contacting you.
• For Business Transfers: In connection with mergers, asset sales, financing, or acquisitions.
• With Affiliates: Under the condition that they honor this Privacy Policy.
• With Business Partners: To offer products, services, or promotions.
• Data Sharing with Meta Platforms: When you interact with Meta's tools (e.g., WhatsApp Business, Facebook Login, advertising campaigns). For more details, please review Meta's Privacy Policy.
• With Other Users: When personal information is shared in public areas.
• With Your Consent: For any other purpose you have agreed to.
• To Comply with Laws: Including applicable EU, EEA, and U.S. laws and regulations.
• To Provide Personalized Services: Managing your account and communications.
• To Ensure Compliance: With GDPR and CCPA requirements.

5. Retention and Transfer of Your Personal Data

Retention

We retain your Personal Data only as long as necessary for the purposes outlined in this Privacy Policy, to comply with legal obligations, resolve disputes, and enforce our policies. Usage Data is retained for a shorter period, except where needed to strengthen security or improve Service functionality.

International Data Transfers

Your information, including Personal Data, may be processed and stored outside your jurisdiction. If your data is transferred outside the EU/EEA, including to the United States, we will ensure it is protected through EU-approved Standard Contractual Clauses, adequacy decisions, or other legally acceptable mechanisms.

6. Deletion and Your Privacy Rights

You have the right to access, correct, or delete your Personal Data. Our Service may allow you to manage your information through your account settings. You may also contact us to request access, correction, or deletion of any personal information you have provided.

Your Rights Under GDPR (EU/EEA):

• Access your Personal Data and obtain a copy.
• Request correction or deletion.
• Restrict or object to processing.
• Withdraw consent at any time.

Your Rights Under CCPA (California Residents):

• Know what personal information we collect, use, and share.
• Request deletion of your personal information.
• Opt out of the sale of your personal information (we do not sell personal data).

To exercise these rights, please contact us at [email protected].

7. Disclosure of Your Personal Data

Business Transactions

If the Company is involved in a merger, acquisition, or asset sale, your Personal Data may be transferred. We will notify you before your Personal Data is subject to a different Privacy Policy.

Law Enforcement and Other Legal Requirements

We may disclose your Personal Data if required by law or in response to valid requests from public authorities (e.g., courts or government agencies), or to:

• Comply with a legal obligation
• Protect and defend the rights or property of the Company
• Prevent or investigate wrongdoing
• Protect personal safety or public security
• Protect against legal liability

8. Security of Your Personal Data

The security of your Personal Data is important to us. While we strive to use commercially acceptable means to protect your Personal Data, no method of transmission or electronic storage is 100% secure. We cannot guarantee absolute security.

9. Third-Party Services

To deliver and enhance our Service, we work with the following third-party providers:

• Gohighlevel: Website CMS and publishing platform.
• WhatsApp for Business API & Superchat: For communications via WhatsApp and Meta channels.
• ManyChat: For managing Meta ads, user comments, engagement, and support via Meta channels.
• Stripe: Payment processing.
• Revolut for Business: Merchant transactions.
• Lemon Squeezy: Payment processing and sales tax compliance for clients outside of Ireland.
• Meta Ads: For lead generation.
• OpenAI API (ChatGPT): For enhanced customer support and content functionalities.

By using our Service, you acknowledge that these third parties may process your data in accordance with their own privacy policies. We encourage you to review their policies for further details.

10. Children's Privacy

Our Service does not address anyone under the age of 13. We do not knowingly collect Personal Data from children under 13. If you are a parent or guardian and believe your child has provided us with Personal Data, please contact us immediately. Should we discover that Personal Data of anyone under 13 has been collected without proper parental consent, we will take steps to delete that information.

11. Links to Other Websites

Our Service may contain links to third-party websites not operated by us. We are not responsible for the content, privacy policies, or practices of any third-party sites. We encourage you to review the Privacy Policy of every site you visit.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and, where appropriate, via email or a prominent notice on our Service. The "Last updated" date at the top will be revised when changes become effective. Please review this Privacy Policy periodically.

13. Disclaimer and Limitation of Liability

To the fullest extent permitted by applicable law, including the laws of the jurisdictions in which our clients are located, the Company, its affiliates, officers, directors, employees, agents, and third-party service providers shall not be liable for any indirect, incidental, consequential, special, or punitive damages, or any loss of profits or revenues, whether incurred directly or indirectly, arising out of or relating to your access to or use of our Service or any errors or omissions in the Service. In no event shall the Company's total liability for any claim arising out of or related to this Privacy Policy or your use of our Service exceed the amount paid by you, if any, for accessing the Service. This limitation of liability applies to the fullest extent permitted under applicable law, and nothing in this Privacy Policy shall exclude or limit any liability that cannot be excluded or limited by law.

14. Contact Information

For privacy-related inquiries:
Email: [email protected]
Support Hours: 9 AM – 6 PM GMT (Mon-Fri), 10 AM – 3 PM GMT (Sat-Sun)
Address: Unit 26J, Building 6500, Cork Airport Business Park, Cork, Ireland, T12 E6RY

Data Processing Agreement

This Data Processing Agreement (“DPA”) governs how Onwego Next Phase Limited processes and protects your personal data. It ensures that any data processing carried out by our service providers and sub-processors complies with the GDPR, UK Data Protection Laws, and other applicable regulations.

Key Provisions

• Processing of Data: We process personal data strictly according to your documented instructions and in compliance with applicable data protection laws.
• Confidentiality: All employees and service providers handling your data are bound by confidentiality agreements or statutory obligations.
• Sub-processors: We only engage trusted third parties (e.g., Typeform, AWS, Cloudflare, Stripe, Revolut, and others) that meet our strict security standards. All data transfers to sub-processors are governed by Data Protection Agreements and Standard Contractual Clauses (SCCs).
• Data Subject Rights: We assist you in fulfilling your obligations under data protection laws by supporting access, correction, deletion, and other rights of data subjects.
• Security Measures: We implement robust technical and organizational measures—including encryption, access controls, and regular audits—to protect your data both in transit and at rest.
• International Transfers: When transferring personal data outside the EU/EEA, we use SCCs and supplementary safeguards to ensure an equivalent level of protection.
• Audit Rights and Breach Assistance: We provide necessary cooperation and documentation to demonstrate compliance with this DPA, including prompt notification in the event of any data breach.

For the complete details of our Data Processing Agreement, please click here to view the full document.