| Home | About | Insights | 0
  • Your Shopping cart is empty.

Privacy Notice



This Privacy Notice explains in detail the types of personal data Deslyon Ltd. (DESLYON) may collect about you when you interact with us. It also explains how we store and process your data and keep it safe.  We also explain what your rights are.

It’s likely that we’ll need to update this Privacy Notice from time to time. We’ll notify you of any significant changes, but you’re welcome to come back and check it whenever you wish.

If you have any questions, please do not hesitate to get in touch with us.

Who is collecting your personal data? (The data controller)

When you interact and use Deslyon websites, Deslyon Ltd (DESLYON), will collect various types of data (defined in data types) about you, the client.  DESLYON is both a Data Controller and Data Processor depending on the processing activities we undertake.  Our registered address is;

Deslyon LTD
Denton Road, London, DA5 2AF

Data Controller

DESLYON is the Data Controller when you, the client uses our website and provide us with information to contact you about our services.

Data Processor

DESLYON is a Data Processor when we act on behalf of a client and the client provides all the end user data for processing.

How to contact DESLYON for any data privacy questions



“Applicable EU Law” means any law of the European Union (or the law of one or more of the Member States of the European Union);

“Controller”, Data Subject“, “Processing and Processor” shall have the meanings given to those terms in the Data Protection Legislation, and “Process” and “Processed” shall be construed accordingly;

Data Protection Impact Assessment” means an assessment of the impact of the envisaged Processing operations on the protection of Personal Data, as required by Article 35 of the GDPR;

“Data Protection Legislation” means (a) any law, statute, declaration, decree, directive, legislative enactment, order, ordinance, regulation, rule or other binding restriction (as amended, consolidated or re-enacted from time to time) which relates to the protection of individuals with regards to the Processing of Personal Data to which a Party is subject, including the Data Protection Act 2018 (“DPA“) and EC Directive 95/46/EC (the “DP Directive“) (up to and including 24 May 2018) and the GDPR (on and from 25 May 2018) and all legislation enacted in the UK in respect of the protection of personal data; as well as the Privacy and Electronic Communications (EC Directive) Regulations 2003; and (b) any code of practice or guidance published by the ICO or any other relevant Regulator from time to time;

“Data Subject Request” means an actual or purported subject access request or notice or complaint from (or on behalf of) a Data Subject exercising his rights under the Data Protection Legislation;

“EEA” means the European Economic Area;

“GDPR” means Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and repealing Directive 95/46/EC (General Data Protection Regulation) OJ L 119/1, 4.5.2016;

“ICO” means the UK Information Commissioner’s Office, or any successor or replacement body from time to time;

“Permitted Purpose” means the purpose of the Processing as set out in more detail in the Data Processing Particulars;

“Personal Data” has the meaning set out in the GDPR and for the purposes of this Agreement, includes Sensitive Personal Data;

Personal Data Breach” has the meaning set out in the GDPR

Personal Data Breach Particulars” means the information that must be included in a Personal Data Breach notification as set out in Article 33(3) of the GDPR;

“Regulator” means the UK Information Commissioner’s Office, or any successor or replacement body from time to time, and/or any other regulator or other body having authority over compliance with the Data Protection Legislation by either of the Parties;

“Restricted Country” means a country, territory or jurisdiction outside of the European Economic Area which the EU Commission has not deemed to provide adequate protection in accordance with Article 25(6) of the DP Directive and/or Article 45(1) of the GDPR (as applicable);

“Security Requirements” means the requirements regarding the security of the Personal Data, as set out in the Data Protection Legislation (including, in particular, the seventh data protection principle of the DPA and/or the measures set out in Article 32(1) of the GDPR (taking due account of the matters described in Article 32(2) of the GDPR) as applicable);

“Sensitive Personal Data” means Personal Data that reveals such categories of data as are listed in Article 9(1) and Article 10 of the GDPR referred to in the GDPR as “special categories of personal data”;

“Service/s” means the Services as provided through our websites and learning management systems;

“Standard Contractual Clauses” means the Standard Contractual Clauses approved by the European Commission for transfers from Controllers in the European Economic Area to Processors outside the European Economic Area as updated and/or amended from time to time and in their current form attached as Schedule 2 (Standard Contractual Clauses (Processors)) to this Agreement;

“Third Party Request” means a written request from any third party for disclosure of DESLYON Data where compliance with such request is required or purported to be required by law or regulation;

“User” means any person or entity that accesses our website or makes use of the services we offer through our website or learning management system who, unless otherwise specified coincides with the Data Subject

“Usage Data” means information collected automatically through www.deslyon.com (or third-party services employed in www.deslyon.com), which can include: the IP addresses or domain names of the computers utilised by the Users who use www.deslyon.com, the URI addresses (Uniform Resource Identifier), the time of the request, the method utilized to submit the request to the server, the size of the file received in response, the numerical code indicating the status of the server’s answer (successful outcome, error, etc.), the country of origin, the features of the browser and the operating system utilized by the User, the various time details per visit (e.g., the time spent on each page within the Application) and the details about the path followed within the Application with special reference to the sequence of pages visited, and other parameters about the device operating system and/or the User’s IT environment.


“Data Subject” means the natural person to whom the personal data relates to and referred to in this policy as the “User”

Summary of Data Collected (For detailed data we collect please see the relevant section below)


Google Analytics and Google Analytics with anonymized IP

Personal Data: Cookies and Usage Data

Client Contact Data

Contact form

Personal Data: company name, email address, first name, last name, number of employees, phone number and profession

Mailing list or newsletter

Personal Data: company name, email address, first name and last name

Phone contact

Personal Data: phone number

Data Transfers Outside the EU

Data transfer may take place to locations outside of the EU.  When this is deemed necessary DESLYON will ensure that adequate safeguards are in place.  We may rely on Standard Contractual Clauses, or if the exchange is to the United States of America, Privacy Shield arrangements.

Hosting Infrastructure

DESLYON engages with a 3rd party provider to provide hosting services.  The provider does not transfer any personal data outside of the EU.

Remarketing and behavioral targeting

LinkedIn Website Retargeting, Google Analytics

Personal Data: Cookies and Usage Data



Types of Data Collected

Among the types of Personal Data that DESLYON collects, by itself or through third parties, there are: Usage Data, first name, last name, phone number, company name, profession, email address, number of employees, Cookies and various other types of non-personal data.

Complete details on each type of Personal Data collected are provided in the dedicated sections of this privacy notice or by specific explanation texts displayed prior to the Data collection.
Personal Data may be freely provided by the User, or, in case of Usage Data, collected automatically when using www.deslyon.com

Unless specified otherwise, all Data requested by www.deslyon.com is mandatory and failure to provide this Data may make it impossible for www.deslyon.com to provide its web services. In cases where www.deslyon.com specifically states that some Data is not mandatory, Users are free not to communicate this Data without consequences to the availability or the functioning of the Service.

Users who are uncertain about which Personal Data is mandatory are welcome to contact us.
Any use of Cookies – or of other tracking tools – by www.deslyon.com or by the owners of third-party services used by www.deslyon.com serves the purpose of providing the Service required by the User, in addition to any other purposes described in the present document and in the Cookie Policy, if available.

Users are responsible for any third-party Personal Data obtained, published or shared through www.deslyon.com and confirm that they have the third party’s consent to provide the Data to us.

Mode and place of processing the Data

Methods of processing

DESLYON takes appropriate security measures to prevent unauthorised access, disclosure, modification, or unauthorised destruction of the Data.  For example, we use trusted third parties to conduct penetration testing of our systems to ensure ongoing security improvements are being made.

Data processing is carried out using computers and/or IT-enabled tools, following organisational procedures and modes strictly related to the purposes indicated. In addition to DESLYON, in some cases, the Data may be accessible to certain types of persons in charge, involved with the operation of www.deslyon.com (administration, sales, marketing, legal, system administration) or external parties (such as third-party technical service providers, mail carriers, hosting providers, IT companies, communications agencies) appointed, if necessary, as Data Processors by DESLYON. The updated list of these parties may be requested from us at any time.

Lawful bases for processing

DESLYON may process Personal Data relating to Users of its services if one of the following applies:


  • Users have given their consent for one or more specific purposes. Note: Under some legislations, DESLYON may be allowed to process Personal Data until the User objects to such processing (“opt-out”), without having to rely on consent or any other of the following legal bases. This, however, does not apply, whenever the processing of Personal Data is subject to European data protection law;

Performance of a Contract

  • provision of Data is necessary for the performance of an agreement with the User and/or for any pre-contractual obligations thereof;

Legal Obligation

  • processing is necessary for compliance with a legal obligation to which DESLYON is subject;

Legitimate Interest

  • processing is necessary for the purposes of the legitimate interests pursued by DESLYON or by a third party.

DESLYON will gladly help to clarify the specific legal basis that applies to the processing, and in particular whether the provision of Personal Data is a statutory or contractual requirement, or a requirement necessary to enter into a contract.

Where do we process your personal data?

Your Data is processed at DESLYON operating offices and in any other places where the parties involved in the processing are located.

Depending on the User’s location, data transfers may involve transferring the User’s Data to a country other than their own. To find out more about the place of processing of such transferred Data, Users can check the section containing details about the processing of Personal Data.

Users are also entitled to learn about the legal basis of Data transfers to a country outside the European Union or to any international organization governed by public international law or set up by two or more countries, such as the UN, and about the security measures taken by the DESLYON to safeguard their data.

If any such transfer takes place, Users can find out more by checking the relevant sections of this document or inquire with the Controller using the information provided in the contact section.

Retention Periods

Personal Data shall be processed and stored for only as long as is required and for the purpose they have been collected for.


  • Personal Data collected for purposes related to the performance of a contract between DESLYON and the User shall be retained until such contract has been fully performed.
  • Personal Data collected for the purposes of DESLYON legitimate interests shall be retained as long as needed to fulfil such purposes. Users may find specific information regarding the legitimate interests pursued by DESLYON within the relevant sections of this document or by contacting us.

DESLYON may be allowed to retain Personal Data for a longer period whenever the User has given consent to such processing, as long as such consent is not withdrawn. Furthermore, DESLYON may be obliged to retain Personal Data for a longer period whenever required to do so for the performance of a legal obligation or upon order of an authority.

Once the retention period expires, Personal Data shall be deleted. Therefore, the right to access, the right to erasure, the right to rectification and the right to data portability cannot be enforced after the expiration of the retention period.


The purposes of processing

The Data concerning the User is collected to allow DESLYON to provide its Services, as well as for the following purposes:

Analytics, Contacting the User, Backup saving and management, Hosting and backend infrastructure, Remarketing and behavioral targeting, Displaying content from external platforms, Handling payments and Data transfer outside the EU.

Users can find further detailed information about such purposes of processing and about the specific Personal Data used for each purpose in the respective sections of this document.


The services contained in this section enable the DESLYON to monitor and analyse web traffic and can be used to keep track of User behaviour.

Google Analytics (Google LLC)

Google Analytics is a web analysis service provided by Google LLC (“Google”). Google utilizes the Data collected to track and examine the use of www.deslyon.com, to prepare reports on its activities and share them with other Google services.
Google may use the Data collected to contextualize and personalize the ads of its own advertising network.

Personal Data collected: Cookies and Usage Data.

Place of processing: United States – Privacy Policy – Opt Out. Privacy Shield participant.

Google Analytics with anonymized IP (Google LLC)

Google Analytics is a web analysis service provided by Google LLC (“Google”). Google utilizes the Data collected to track and examine the use of www.deslyon.com, to prepare reports on its activities and share them with other Google services.
Google may use the Data collected to contextualize and personalise the ads of its own advertising network.
This integration of Google Analytics anonymizes your IP address. It works by shortening Users’ IP addresses within member states of the European Union or in other contracting states to the Agreement on the European Economic Area. Only in exceptional cases will the complete IP address be sent to a Google server and shortened within the US.

Personal Data collected: Cookies and Usage Data.

Place of processing: United States – Privacy Policy – Opt Out. Privacy Shield participant.

Cookie Usage

A complete document of all the cookies used and their purpose can be found here.

Backup saving and management

This type of service allows the DESLYON to save and manage backups of www.deslyon.com on external servers managed by the service provider itself. The backups may include the source code and content as well as the data that the User provides to www.deslyon.com.

Contacting the User

Contact form (www.deslyon.com)

By filling in the contact form with their Data, the User authorises www.deslyon.com to use these details to reply to requests for information, quotes or any other kind of request as indicated by the form’s header.

Personal Data collected: company name, email address, first name, last name, number of employees, phone number and profession.

Mailing list or newsletter (www.deslyon.com)

By registering on the mailing list or for the newsletter, the User’s email address will be added to the contact list of those who may receive email messages containing information of commercial or promotional nature concerning www.deslyon.com. Your email address might also be added to this list as a result of signing up to www.deslyon.com or after making a purchase.

Personal Data collected: company name, email address, first name and last name.

Phone contact (www.deslyon.com)

Users that provided their phone number might be contacted for commercial or promotional purposes related to www.deslyon.com, as well as for fulfilling support requests.

Personal Data collected: phone number.

Data transfers outside the EU

DESLYON is allowed to transfer Personal Data collected within the EU to third countries (i.e. any country not part of the EU) only pursuant to a specific legal basis. Any such Data transfer is based on one of the legal bases described below.

Users can inquire with the DESLYON to learn which legal basis applies to which specific service.

Data transfer from the EU and/or Switzerland to the U.S based on Privacy Shield (www.deslyon.com)

If this is the legal basis, the transfer of Personal Data from the EU or Switzerland to the US is carried out according to the EU – U.S. and Swiss – U.S. Privacy Shield.

In particular, Personal Data is transferred to services that self-certify under the Privacy Shield framework and therefore guarantee an adequate level of protection of such transferred Data. All services are listed within the relevant section of this document and those that adhere to Privacy Shield can be singled out by checking their privacy policy and possibly also by specifically checking for Privacy Shield adherence in the official Privacy Shield List. Privacy Shield also specifically guarantees rights to Users which can be found in its most current form on the website run by the US Department of Commerce.

Personal Data may be transferred from within the EU or Switzerland to the U.S. to services that are not, or not anymore, part of Privacy Shield, only based on other valid legal grounds. Users can ask the Owner to learn about such legal grounds.

Standard Contractual Clauses

In the absence of a Privacy Shield arrangement, DESLYON may opt to put in place Standard Contractual Clauses as provided for by the ICO to enable international transfers to take place.  The contracts ensure that a level of adequacy is achieved between data controllers and data processors.

Personal Data collected: various types of Data.

Displaying content from external platforms

This type of service allows you to view content hosted on external platforms directly from the pages of www.deslyon.com and interact with them.

This type of service might still collect web traffic data for the pages where the service is installed, even when Users do not use it.

Hosting and backend infrastructure

This type of service has the purpose of hosting Data and files that enable www.deslyon.com to run and be distributed as well as to provide a ready-made infrastructure to run specific features or parts of www.deslyon.com.

Remarketing and behavioural targeting

LinkedIn Website Retargeting (LinkedIn Corporation)

LinkedIn Website Retargeting is a remarketing and behavioural targeting service provided by LinkedIn Corporation that connects the activity of www.deslyon.com with the LinkedIn advertising network.

Personal Data collected: Cookies and Usage Data.

Place of processing: United States – Privacy Policy – Opt Out. Privacy Shield participant.

Google Ads Remarketing (Google LLC)

Google Ads Remarketing is a remarketing and behavioural targeting service provided by Google LLC that connects the activity of www.deslyon.com with the Google Ads advertising network and the DoubleClick Cookie.

Personal Data collected: Cookies and Usage Data.

Place of processing: United States – Privacy Policy – Opt Out. Privacy Shield participant.

The rights of Users

Users of DESLYON services may exercise certain rights regarding their Data processed by the Owner.

In particular, Users have the right to do the following:

  • Withdraw their consent at any time.Users have the right to withdraw consent where they have previously given their consent to the processing of their Personal Data.
  • Object to processing of their Data.Users have the right to object to the processing of their Data if the processing is carried out on a legal basis other than consent. Further details are provided in the dedicated section below.
  • Access their Data.Users have the right to learn if Data is being processed by the Owner, obtain disclosure regarding certain aspects of the processing and obtain a copy of the Data undergoing processing.
  • Verify and seek rectification.Users have the right to verify the accuracy of their Data and ask for it to be updated or corrected.
  • Restrict the processing of their Data.Users have the right, under certain circumstances, to restrict the processing of their Data. In this case, the Owner will not process their Data for any purpose other than storing it.
  • Have their Personal Data deleted or otherwise removed.Users have the right, under certain circumstances, to obtain the erasure of their Data from the Owner.
  • Receive their Data and have it transferred to another controller.Users have the right to receive their Data in a structured, commonly used and machine-readable format and, if technically feasible, to have it transmitted to another controller without any hindrance. This provision is applicable provided that the Data is processed by automated means and that the processing is based on the User’s consent, on a contract which the User is part of or on pre-contractual obligations thereof.
  • Lodge a complaint.Users have the right to bring a claim before their competent data protection authority.  In the UK, The Information Commissioners Office.

Details about the right to object to processing

Where Personal Data is processed for a public interest, in the exercise of an official authority vested in the Owner or for the purposes of the legitimate interests pursued by the Owner, Users may object to such processing by providing a ground related to their particular situation to justify the objection.

Users must know that, however, should their Personal Data be processed for direct marketing purposes, they can object to that processing at any time without providing any justification. To learn, whether the Owner is processing Personal Data for direct marketing purposes, Users may refer to the relevant sections of this document.

How to exercise your rights

Any requests to exercise User rights can be directed to the Owner through the contact details provided in this document. These requests can be exercised free of charge and will be addressed by the Owner as early as possible and always within one month from receipt of a subject access request and upon positive verification of the Users identity.

Additional information about Data collection and processing

Legal action

The User’s Personal Data may be used for legal purposes by the DESLYON in Court or in the stages leading to possible legal action arising from improper use of www.deslyon.com or the related Services.
The User declares to be aware that DESLYON may be required to reveal personal data upon request of public authorities.

Additional information about User’s Personal Data

In addition to the information contained in this privacy notice, www.deslyon.com may provide the User with additional and contextual information concerning particular Services or the collection and processing of Personal Data upon request.

System logs and maintenance

For operation and maintenance purposes, www.deslyon.com and any third-party services may collect files that record interaction with www.deslyon.com (System logs) use other Personal Data (such as the IP Address) for this purpose.

Information not contained in this notice

More details concerning the collection or processing of Personal Data may be requested from DESLYON at any time. Please see the contact information at the beginning of this document.

How “Do Not Track” requests are handled

Www.deslyon.com does not support “Do Not Track” requests.
To determine whether any of the third-party services it uses honour the “Do Not Track” requests, please read their privacy policies.

Changes to this privacy notice

DESLYON reserves the right to make changes to this privacy notice at any time by giving notice to its Users on this page and possibly within www.deslyon.com and/or – as far as technically and legally feasible – sending a notice to Users via any contact information available to the Owner. It is strongly recommended to check this page often, referring to the date of the last modification listed at the bottom.

Should the changes affect processing activities performed on the basis of the User’s consent, DESLYON shall collect new consent from the User, where required.