Marixia Privacy Policy

Privacy Notice

Organisation: Marixia Limited

Company number: 16982045

Effective date: 10 June 2026

Last updated: 10 June 2026

Version: 1.1

1. Who we are

Marixia Limited is a research intelligence and analytics company incorporated in England and Wales. In this Privacy Notice, "Marixia", "we", "us" and "our" mean Marixia Limited.

Privacy contact: jack.mitchinson@marixia.co.uk

We provide commercial intelligence for scientific and technical markets. Our services include research landscape analysis, product intelligence, researcher intelligence, evidence-backed research contact identification, collaboration mapping, topic modelling, outreach support, CRM support, and distribution-related market intelligence.

This Privacy Notice explains how we collect, use, disclose, retain and protect personal data. We use "personal data" to mean information relating to an identified or identifiable individual. Where local laws use "personal information", we use both terms to mean the same thing.

2. Scope of this Privacy Notice

This Privacy Notice applies to personal data that we process in connection with:

visitors to our website;

people who contact us or request information from us;

clients, prospective clients, suppliers, advisers and business contacts;

professional researchers, academics, inventors, technical specialists, scientific staff and other professional research contacts identified through public or client-provided research evidence;

individuals included in Marixia research intelligence outputs;

individuals contacted by Marixia in a professional or business context;

users of Marixia online services, reports, tools, forms or communications.

This Privacy Notice does not cover employee, worker, contractor or job-applicant privacy. Those activities are covered by separate internal or recruitment privacy notices where required.

3. Our role: controller, processor and service provider

Where we act as controller

We act as a controller when we decide why and how personal data is processed. This includes when we operate our website, respond to enquiries, manage client and supplier relationships, build and analyse our own research intelligence datasets, identify relevant organisations and professional research contacts, and determine the structure, content, scoring, relevance criteria and evidence rationale used in our analytical outputs.

Where we act as processor or service provider

We act as a processor under UK or EU data protection law, or as a service provider or processor under certain other privacy laws, when we process personal data only on behalf of a client and only under that client's documented instructions. This may include cases where a client provides CRM data, account lists, customer records, campaign records or other client-controlled data and asks us to enrich, organise, analyse or process that data for the client's own purposes.

Where we act as processor or service provider, the client remains responsible for its own privacy notice, lawful basis, direct marketing compliance, CRM use and handling of individual rights requests, unless otherwise agreed in writing.

4. What Marixia does with research intelligence data

Marixia analyses public and professional research evidence to help scientific and technical organisations understand:

which research areas, applications, territories, institutions and groups are active;

how scientific products, methods, instruments, materials, services or technologies are being used;

how competitor or adjacent products appear in research workflows;

which organisations or research groups appear relevant to a scientific or technical market;

which professional research contacts appear relevant to a client's scientific, technical, recruitment, collaboration, distribution, commercial or market-development objectives;

what public evidence supports that relevance.

Our outputs may include named professional research contacts, institutional affiliations, public research activity, publication context, technical biography, collaboration context, product-use context, topic relevance, suitability rationale and suggested professional outreach context.

We do not represent that any identified person has requested contact, has purchasing intent, has authorised Marixia or our clients to contact them, or is commercially ready to buy a product or service. We identify professional relevance based on research evidence, public professional information and client context.

5. Personal data we collect

Website visitors

When you visit our website, we may process IP address, browser type and version, device type, operating system, approximate location derived from technical data, pages visited, date and time of visit, referring website, cookie and tracking preferences, and analytics information where permitted.

Enquiries, clients, suppliers and business contacts

When you contact us, become a client, discuss services with us, supply services to us or otherwise interact with us, we may process name, organisation, job title or role, professional contact details, message content, meeting notes, commercial requirements, contract and billing details, correspondence records, project records, relationship management records, marketing preferences, consent records and opt-out records.

Professional research contacts and research intelligence data

Where relevant to our research intelligence services, we may process professional, research-related or publicly available personal data, including name, professional title, current or previous institutional affiliation, department, laboratory, group or company, professional email address, professional profile information, research specialism, technical expertise, publication metadata, authorship and co-authorship information, public grant, funding or project participation, public patent or invention metadata, conference participation where publicly available, collaboration context, product or method references in public research material, relevance scores and evidence-backed professional outreach context.

Client-provided data

Clients may provide information relevant to their projects, such as target market definitions, product ranges, application areas, territory priorities, existing account or CRM data, customer categories, exclusion lists, existing contact records, commercial criteria, outreach preferences, and distribution or recruitment requirements. Where client-provided data includes personal data, our role will depend on the contract and the nature of the processing.

6. Personal data we do not intentionally collect

We do not intentionally collect or use private consumer marketing databases, private home contact details, government identification numbers, bank account details except where needed for supplier or contractual administration, payment card details unless processed securely by a payment provider, precise geolocation data, biometric identifiers, children's personal data, criminal offence data, or special category or sensitive personal data for profiling or targeting purposes.

We do not intentionally infer, classify, store or use sensitive identity-based characteristics such as racial or ethnic origin, religion, political opinions, trade union membership, health status, sexual orientation, genetic data or biometric identity. Research topics may sometimes relate to sensitive scientific areas, such as health, medicine or biotechnology. Where we process that information, we do so as professional research context and not to infer sensitive personal characteristics about the researcher.

7. Sources of personal data

We may collect personal data from individuals directly, our website and contact forms, client communications, client-provided project materials, peer-reviewed publications, abstracts and technical papers, public bibliographic databases, public research repositories, institutional websites, laboratory or company websites, conference programmes and proceedings, public grant and funding databases, public patent and intellectual property databases, public corporate websites, professional public profiles, public records and other lawfully accessible professional sources.

We do not knowingly access password-protected systems without authorisation, bypass technical restrictions, use unlawful access methods, purchase private consumer marketing databases, or collect personal data from sources where we know the data has been unlawfully obtained.

8. Purposes of processing

Website and communications

We process personal data to operate and secure our website, respond to enquiries, manage requests, meetings and correspondence, provide information about Marixia services, maintain business records, and manage preferences and opt-outs.

Client and supplier management

We process personal data to provide services to clients, manage proposals, contracts, invoices and payments, manage supplier relationships, maintain commercial records, and handle legal, tax, accounting and compliance obligations.

Research intelligence services

We process personal data for research landscape analysis, market intelligence, product intelligence, topic modelling and clustering, research trend analysis, collaboration mapping, institution and research group mapping, product-use and method-use analysis, competitor and adjacent-product analysis, identification of relevant organisations, research groups and professional research contacts, preparation of technical biographies or expertise profiles, generation of evidence-backed relevance rationale, suitability scoring or prioritisation based on public professional evidence, support for professional outreach, CRM enrichment, account research, recruitment intelligence, distribution planning and market-development activity, quality control, deduplication, auditability and evidence verification.

Compliance and protection

We process personal data to comply with legal obligations, enforce contracts, protect Marixia, our clients, our suppliers and others, detect misuse, security incidents or unlawful activity, and handle rights requests, objections, complaints and disputes.

9. Lawful basis and legal grounds

Where UK GDPR or EU GDPR applies, we rely on the following lawful bases.

Legitimate interests

We rely on legitimate interests for much of our professional research intelligence work and some business-to-business communications where the law permits this. Our legitimate interests include analysing public professional research evidence, helping scientific and technical organisations understand relevant research activity, supporting evidence-based commercial, recruitment, collaboration and distribution decisions in scientific markets, identifying relevant professional research contacts based on public research evidence, preparing structured market, product, researcher and collaboration intelligence, maintaining security, auditability and quality control, and managing business relationships.

We balance these interests against the rights and freedoms of individuals. Our safeguards include focusing on professional, research-related and business-context information, avoiding private consumer information, avoiding sensitive identity-based inferences, using public, professional or client-provided sources, providing this Privacy Notice, providing objection and suppression routes, limiting data to what is relevant, using evidence-based rationale rather than unsupported assumptions, applying contractual restrictions to client use where appropriate, and maintaining internal assessments where required.

Contract

We process personal data where necessary to enter into or perform a contract, including client contracts, supplier contracts and service agreements.

Legal obligation

We process personal data where necessary to comply with legal obligations, including tax, accounting, regulatory, corporate and data protection obligations.

Consent

We rely on consent where required, including for certain cookies, analytics, marketing communications or other activities where applicable law requires consent. You may withdraw consent at any time where consent is the applicable lawful basis.

Other jurisdictions

Some privacy laws do not use the same lawful-basis structure as UK or EU data protection law. Where those laws apply, we process personal data for the disclosed business and commercial purposes described in this Privacy Notice, subject to applicable rights, safeguards, contractual restrictions and opt-out mechanisms.

10. Profiling, scoring and analytical inferences

Our systems may classify, structure, score or infer professional relevance from research evidence. This may include topic classification, product-use classification, method-use classification, institution or research group mapping, co-authorship and collaboration analysis, expertise profiling based on publication, project or public career evidence, relevance scoring against a client's scientific, technical, recruitment, collaboration, distribution or market-development criteria, and suitability rationale based on public professional evidence.

These activities are designed to support professional research and commercial decision-making. They are not designed to infer private life characteristics, consumer preferences, health status, political beliefs, religion, ethnicity or other protected characteristics.

We do not use automated processing to make decisions about individuals that produce legal effects or similarly significant effects. Our outputs are decision-support materials. Clients are responsible for their own decisions about whether and how to contact or engage any organisation or professional research contact.

11. Use of AI and machine learning

We may use software tools, machine learning models, language models and other analytical systems to extract, classify, summarise, cluster, score or structure research information.

Where we use such tools, we apply safeguards appropriate to the data and use case. These may include limiting inputs to relevant professional or research-context data, avoiding sensitive identity-based prompts or classifications, using access controls, reviewing outputs where appropriate, checking evidence and source context, using contractual restrictions with providers where applicable, avoiding the intentional submission of sensitive personal data to general-purpose public AI tools, and preventing analytical outputs from being treated as definitive statements of personal intent.

AI-assisted output may be inaccurate or incomplete. We use it as analytical support, not as a substitute for evidence review, legal judgement, hiring judgement, sales judgement or client verification.

12. Article 14 and indirect collection transparency

Much of our research intelligence work uses personal data obtained indirectly from public or professional sources rather than directly from individuals. Where UK GDPR or EU GDPR applies, Article 14 may require us to provide privacy information to individuals whose personal data we obtain indirectly.

Where required and practicable, we may provide this Privacy Notice directly, including in communications or other appropriate notices.

For large-scale professional research intelligence datasets built from public sources, providing individual notice to every person may involve disproportionate effort, particularly where the data is limited to professional research context and is used for evidence-based analytical outputs. Where we rely on a disproportionate-effort exception or similar exemption, we assess the position and provide transparency through this publicly available Privacy Notice and through request, objection and suppression routes.

13. Disclosure of personal data

Clients

We may disclose professional research intelligence outputs to clients. These outputs may include named professional research contacts and associated evidence, such as affiliation, publication context, research activity, technical biography, topic relevance, product-use context, collaboration context and suitability rationale.

Clients may include scientific and technical organisations such as manufacturers, distributors, specialist service providers, recruiters, research-driven companies, university spin-outs, investors, commercialisation teams and other organisations operating in scientific or technical markets.

Where appropriate, we require clients to use Marixia outputs lawfully and responsibly, including by using the data only for professional or business-context purposes, complying with applicable privacy, direct marketing and employment laws, not using the data to discriminate unlawfully, not using the data to infer sensitive identity characteristics, respecting objections, opt-outs and suppression notices, and applying their own privacy notices and lawful bases where they independently use the data.

Service providers

We may disclose personal data to service providers who support our business, including website hosting providers, cloud hosting and storage providers, email and communication providers, CRM and project management providers, analytics providers, security providers, professional software providers, AI, data processing or analytical tool providers, accounting providers, legal advisers and other professional advisers. Service providers are required to process personal data under appropriate contractual obligations.

Legal and corporate recipients

We may disclose personal data where required by law, to regulators, courts, law enforcement or public authorities, to professional advisers, to insurers, to auditors, or in connection with a merger, acquisition, restructuring, financing, investment, sale of assets or similar corporate transaction.

14. Sale, sharing and data broker-related disclosures

Marixia is paid to provide research intelligence services. Some services may include professional research contact information and evidence-backed relevance rationale provided to clients.

We do not sell personal data for consumer behavioural advertising. We do not provide private consumer marketing databases. We do not disclose personal data for cross-context behavioural advertising unless clearly stated and subject to applicable consent or opt-out rights.

Where applicable privacy law treats disclosure of professional research contact information in a paid research intelligence output as a "sale", "sharing" or other regulated disclosure, we will provide and honour applicable rights, including opt-out rights. You may submit an opt-out or suppression request using the contact details in Section 25. Where legally required, we will also recognise valid browser-based opt-out preference signals, such as Global Privacy Control, for the browser or device used.

15. Direct marketing and professional outreach

We may contact individuals in a professional or business context where permitted by applicable law. This may include contacting relevant professional research contacts, clients, prospective clients, suppliers or business contacts.

Where we contact you, we will identify ourselves, provide appropriate contact details, explain the professional or business context where appropriate, provide an unsubscribe or opt-out route where required, and honour valid objections and opt-out requests.

Where clients use Marixia outputs to contact individuals, the client is responsible for complying with applicable direct marketing, e-privacy, anti-spam, employment, recruitment and data protection laws unless Marixia has expressly accepted responsibility in writing.

16. Cookies and similar technologies

Our website may use cookies, pixels, local storage, tags and similar technologies. The exact cookies and similar technologies used may depend on our website platform, security settings, analytics tools, embedded content and integrations.

Strictly necessary cookies

These are required for the website to function, maintain security, remember privacy preferences or provide services you request. These cookies cannot usually be switched off.

Analytics cookies

We may use analytics tools to understand how visitors use our website, improve content and monitor performance. Where required by law, we will only use analytics cookies with your consent or with another legally available mechanism that gives you the required information and choice.

Marketing or embedded-content cookies

If we use marketing cookies, advertising cookies, social media pixels, embedded videos, maps or similar third-party technologies, we will provide information and request consent where required by law.

Managing cookies

You can control cookies through your browser settings. Where our website offers a cookie banner or preference centre, you can also use it to manage your choices. A separate Cookie Notice or cookie table may list the specific cookies used, including provider, purpose and duration, and should be reviewed whenever our website tools change.

17. International transfers

Marixia is based in the United Kingdom and operates globally. Personal data may be processed in the United Kingdom, the European Economic Area, the United States and other countries depending on our clients, service providers, infrastructure and project requirements.

Where we transfer personal data internationally, we use safeguards required by applicable law. These may include adequacy regulations or adequacy decisions, Standard Contractual Clauses, the UK International Data Transfer Agreement, the UK Addendum to EU Standard Contractual Clauses, data processing agreements, contractual, organisational and technical safeguards, or other lawful transfer mechanisms available under applicable law.

18. Retention

We retain personal data only for as long as necessary for the purposes described in this Privacy Notice, unless a longer period is required or permitted by law. Our normal retention approach is:

Website analytics and technical logs: retained for up to 12 months unless needed for security, legal or diagnostic purposes.

Enquiry records: retained for up to 3 years after the last meaningful interaction.

Client and supplier records: retained for up to 7 years after the end of the relationship, unless longer retention is required for legal, tax, accounting, contractual or dispute purposes.

Research intelligence records: retained while relevant to our research intelligence purposes and reviewed periodically for relevance, accuracy and continued need.

Client deliverables and project files: retained for up to 7 years after project completion unless the contract states otherwise.

Opt-out, objection and suppression records: retained as long as necessary to respect the request and prevent future inclusion or contact.

Legal, compliance and dispute records: retained for as long as necessary to establish, exercise or defend legal rights.

Where personal data is no longer needed, we delete, anonymise, archive or restrict it as appropriate.

19. Accuracy and context

Research intelligence data may become inaccurate over time because people move institutions, change roles, publish in new areas or stop working in a field. We take reasonable steps to maintain accuracy where appropriate, including by using source references, evidence context, periodic review and correction mechanisms.

If you believe information about you is inaccurate, outdated or misleading, you may contact us and request correction, updating, restriction or suppression.

20. Security

We use appropriate technical and organisational measures to protect personal data. These may include access controls, role-based permissions, multi-factor authentication where appropriate, encryption in transit and at rest where appropriate, secure cloud services, confidentiality obligations, secure backups, audit trails where appropriate, supplier due diligence, contractual data protection obligations, data minimisation, restricted export and sharing controls, staff training and internal policies.

No system is completely secure. We cannot guarantee absolute security, but we take reasonable steps to protect personal data against unauthorised access, loss, misuse, alteration or disclosure.

21. Your UK, EU and Swiss privacy rights

Where UK GDPR, EU GDPR, Swiss data protection law or similar laws apply, you may have the right to:

request access to your personal data;

request correction of inaccurate or incomplete personal data;

request deletion of your personal data;

request restriction of processing;

object to processing based on legitimate interests;

object to direct marketing;

request data portability, where applicable;

withdraw consent where processing is based on consent;

lodge a complaint with a supervisory authority.

If you are in the United Kingdom, you may complain to the Information Commissioner's Office. Website: https://ico.org.uk/make-a-complaint/. Helpline: 0303 123 1113. Postal address: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF, United Kingdom.

If you are in the European Economic Area, you may complain to the supervisory authority in the country where you live, work or believe an infringement has occurred. If you are in Switzerland, you may contact the Federal Data Protection and Information Commissioner where applicable.

22. US privacy rights

Depending on where you live and whether a specific US state privacy law applies to our processing, you may have rights to know or confirm whether we process your personal information, access personal information, receive information about categories of personal information collected, used and disclosed, request deletion, request correction, receive a portable copy of personal information where applicable, opt out of sale, sharing, targeted advertising or certain profiling where applicable, limit use or disclosure of sensitive personal information where applicable, appeal a decision where applicable, and not be discriminated against for exercising privacy rights.

If a US state privacy law applies and requires a specific opt-out route for sale, sharing, targeted advertising or regulated profiling, you may contact us at jack.mitchinson@marixia.co.uk with the subject line "US privacy opt-out".

23. Canada, Australia, Brazil and other jurisdictions

Where Canadian privacy law applies, we process personal information for identified business purposes, limit use and disclosure, use safeguards, support access and correction rights, and provide a contact route for privacy questions and complaints.

Where Australian privacy law applies, we handle personal information in accordance with applicable Australian Privacy Principles, including principles relating to transparency, collection, use, disclosure, security, access and correction.

Where Brazilian privacy law applies, you may have rights including confirmation of processing, access, correction, anonymisation, blocking, deletion, portability, information about sharing, withdrawal of consent and objection where applicable.

Where other privacy laws apply, we will honour applicable rights and obligations according to the law that applies to the relevant processing activity.

24. Objection, suppression and professional contact opt-out

You may object to Marixia processing your personal data for research intelligence, professional contact identification, direct marketing or outreach-support purposes. You may also request that we suppress your professional contact information from future Marixia research intelligence outputs.

To make a request, contact us at jack.mitchinson@marixia.co.uk with the subject line "Privacy request / suppression request". Please include enough information for us to identify the relevant record, such as your name, institution, professional email address, publication name, profile link or other context.

If we suppress your data, we may retain a minimal suppression record, such as your name, professional email address, institution and suppression status, to ensure we do not re-add you later.

25. How to exercise your rights

To exercise privacy rights, contact:

Marixia Limited Privacy Lead

Email: jack.mitchinson@marixia.co.uk

Address: 19 Kestrel Drive, Ashington, United Kingdom, NE63 8JS

We may need to verify your identity before responding. We may also ask for additional information to locate the relevant record. You may use an authorised agent where applicable law allows. We may require evidence that the agent is authorised to act for you.

We will respond within the timeframe required by applicable law. We may refuse, limit or charge for requests where permitted by law, for example where a request is manifestly unfounded, excessive, repetitive, legally restricted or affects the rights and freedoms of others.

26. EU representative

Marixia Limited is established in the United Kingdom. We have not listed an EU representative in this Privacy Notice. If we are required to appoint a representative in the European Union for particular processing under EU GDPR Article 27, we will update this Privacy Notice with the representative's contact details.

27. Data Protection Officer / Privacy Lead

Marixia has not appointed a statutory Data Protection Officer. We have appointed a Privacy Lead to manage privacy and data protection matters. You can contact the Privacy Lead at jack.mitchinson@marixia.co.uk.

28. Children

Our website and services are not directed at children. We do not knowingly collect children's personal data. If we become aware that we have collected children's personal data without an appropriate legal basis, we will delete or restrict it as required by law.

29. Links to other websites

Our website or reports may contain links to third-party websites, databases, publications, platforms or resources. We are not responsible for the privacy practices of third parties. You should review their privacy notices separately.

30. Changes to this Privacy Notice

We may update this Privacy Notice from time to time. The latest version will be published on our website with the effective date and last updated date. Where required by law, we will provide additional notice of material changes.