Privacy Statement

Gestrix Hub (“Gestrix Hub”, “the Platform”, “we”, “our” or “us”) recognises that privacy, confidentiality, information governance and responsible digital practices are fundamental to the trust placed in modern technology platforms by organisations, institutions and individuals.

This Privacy Statement explains the principles, standards and practices governing the handling, processing and protection of information in connection with the use of the Gestrix Hub platform, associated applications, digital environments, websites and related services.

Gestrix Hub is designed as a structured intelligence and operational visibility platform intended to support organisations in collecting, organising, understanding and managing operational, impact and governance-related information in a more structured, accessible and accountable manner.

As organisations increasingly rely on digital systems to manage important operational and organisational information, the importance of privacy, security, controlled access and responsible information handling continues to grow. Gestrix Hub acknowledges these responsibilities and is committed to maintaining an approach that prioritises confidentiality, integrity, accountability and appropriate safeguards across the platform environment.

This Privacy Statement is intended to provide transparency regarding: • How information may be processed in connection with the Platform • The operational principles governing privacy and confidentiality • The measures applied to support secure authentication and access management • The responsibilities of users and organisations accessing the Platform • The safeguards intended to support responsible information handling practices • The limitations and boundaries of platform visibility and operational access

Gestrix Hub is designed with the principle of minimising unnecessary exposure to sensitive information wherever reasonably practicable. In particular, authentication credentials and passwords are protected through secure authentication processes and are not accessible to Gestrix Hub personnel in readable or plain text form.

The Platform is further designed to support appropriate separation between customer-controlled information environments and platform-level operational administration. This approach is intended to reduce unnecessary access exposure while supporting platform functionality, security, maintenance and operational continuity.

We recognise that organisations increasingly require confidence not only in platform functionality, but also in the governance standards and operational philosophies underlying digital systems. Accordingly, Gestrix Hub seeks to maintain a privacy-conscious and security-conscious operational environment aligned with responsible modern digital platform practices.

This Privacy Statement should be read together with any applicable platform terms, acceptable use provisions, service agreements, onboarding documentation or additional policies made available in connection with the Platform.

By accessing, registering for, interacting with or otherwise using Gestrix Hub, users and organisations acknowledge that they have read, understood and accepted the principles and practices described within this Privacy Statement.

Where applicable, continued use of the Platform following updates or modifications to this Privacy Statement may constitute acceptance of such revisions, subject to applicable legal and regulatory requirements.

Gestrix Hub is built upon the understanding that organisations require more than functional digital systems; they require confidence that information is handled responsibly, access is appropriately controlled and operational practices are aligned with modern expectations surrounding privacy, confidentiality and information governance.

Our approach to privacy and information governance is therefore guided by a series of foundational principles intended to support responsible platform operations, user trust and appropriate protection of organisational information.

These principles influence the design, administration, maintenance and ongoing evolution of the Platform.

2.1 Privacy-Conscious Platform Design

Gestrix Hub seeks to apply privacy-conscious operational principles across its digital environment and supporting systems. The Platform is designed to minimise unnecessary exposure to sensitive information while supporting functionality, usability and operational efficiency.

2.2 Controlled Access Principles

Gestrix Hub applies the principle that access to information should be limited, appropriate and operationally justified. Access controls are intended to support organisational confidentiality, appropriate user separation, role-based operational visibility, controlled administrative functions, and responsible support activities.

2.3 Authentication & Credential Protection

The Platform is designed so that user passwords and authentication credentials are not accessible in readable or plain text form to Gestrix Hub personnel. Passwords are not visible to platform administrators, and Gestrix Hub personnel cannot retrieve or disclose customer passwords.

2.4 Data Minimisation Philosophy

Gestrix Hub seeks to avoid unnecessary collection, exposure or processing of information beyond what is reasonably required to support platform functionality, operational integrity, user support and related services.

2.5 Organisational Control & Visibility

Organisations using Gestrix Hub retain responsibility for the information they choose to input, manage and organise within the Platform. The Platform is intended to support organisational visibility, structured intelligence and operational understanding while maintaining appropriate separation between customer-controlled environments and platform-level administration.

2.6 Security-Conscious Operational Practices

Gestrix Hub is operated with an awareness of the importance of confidentiality, integrity, availability and responsible access management within digital systems. Operational safeguards may include role-based access structures, authentication protections, controlled administrative access, monitoring and logging processes, infrastructure and communication security measures, and operational review procedures.

2.7 Transparency & Responsible Communication

We aim to communicate privacy and governance principles in a manner that supports organisational understanding, confidence and informed platform usage.

2.8 Continuous Improvement

Gestrix Hub may periodically review, refine and enhance its operational practices, security approaches and governance measures to support evolving platform requirements and responsible operational standards.

Gestrix Hub is designed to support organisations in structuring, organising and understanding operational, impact and governance-related information within a controlled digital environment.

In order to provide platform functionality, operational continuity, analytics capabilities, user support and system administration, certain categories of information may be processed in connection with the use of the Platform.

Nature of Information Processed: Organisational profile information, operational and programme-related information, impact and activity-related information, governance and administrative information, user account and access-related information, platform interaction and usage information, technical and diagnostic information.

Purpose of Information Processing: Enabling platform access and authentication, supporting structured information management, facilitating dashboards and analytics, maintaining system integrity, supporting user assistance, monitoring operational reliability, detecting and preventing misuse, and supporting platform improvement.

Gestrix Hub seeks to maintain appropriate separation between customer-controlled information environments and platform-level operational administration. The Platform is not designed to provide unrestricted internal visibility into organisational information by default.

Authentication & Credential Handling: Gestrix Hub does not maintain visibility into customer passwords in readable or plain text form. Passwords are not viewable by Gestrix Hub personnel and cannot ordinarily be retrieved.

Technical & Usage Information: Device and browser information, access timestamps, session activity, interaction patterns, system performance data, error reports – used for maintaining performance, identifying issues, and improving stability.

Operational Limitation Principles: Gestrix Hub seeks to minimise unnecessary access to organisational information. Operational access may occur where reasonably necessary for technical support, platform maintenance, security investigation, service administration, legal obligations, or customer-authorised assistance.

Organisational Responsibility: Organisations remain responsible for the information they choose to input, upload, organise or otherwise manage within the Platform. Gestrix Hub does not assume responsibility for the accuracy, legality or appropriateness of information supplied by users.

Gestrix Hub applies the principle that access to systems, environments and information should be controlled, proportionate and operationally justified. The Platform supports controlled authentication mechanisms, restricted operational visibility, role-based access management, and separation between customer-controlled credentials and platform-level operations.

Password Protection & Credential Confidentiality: Gestrix Hub personnel do not have direct visibility into customer passwords. Passwords are not stored in accessible plain text formats. Users remain solely responsible for maintaining the confidentiality and security of their account credentials.

User Responsibilities: Protecting login credentials, preventing unauthorised access, maintaining internal access controls, securing devices, and promptly reporting suspected security concerns.

Controlled Administrative Access: Operational access by authorised personnel may occur where reasonably necessary for technical support, platform administration, security monitoring, infrastructure maintenance, service continuity, customer-authorised assistance, or legal obligations.

Account Misuse & Security Monitoring: Gestrix Hub may monitor operational activity for security protection, fraud prevention, misuse detection, and incident investigation. Accounts associated with suspected misuse may be subject to temporary restriction or investigation.

Gestrix Hub acknowledges that information managed through the Platform may relate to operational activities, organisational performance, governance processes, strategic planning, programme delivery, impact monitoring and other forms of organisationally sensitive information.

Organisational Control: Organisations remain responsible for the information they input, organise, manage or otherwise process within the Platform. Gestrix Hub seeks to maintain appropriate separation between customer-controlled operational environments and platform administration activities.

Restricted Visibility Principles: Platform personnel do not routinely access organisational information unless reasonably necessary. Authentication credentials are not visible in readable or plain text form. Operational access is intended to remain controlled and proportionate.

Disclosure & Information Sharing Limitations: Gestrix Hub does not sell customer-controlled information to third parties. Information may only be disclosed where reasonably necessary for platform operations, infrastructure services, security, legal obligations, or customer-authorised activities.

No Absolute Guarantee: Users acknowledge that no digital platform can guarantee absolute confidentiality, uninterrupted security or complete protection against all risks.

Gestrix Hub seeks to maintain operational, technical and administrative measures intended to support platform integrity, responsible access management, confidentiality-conscious operations and the protection of organisational information environments.

Infrastructure & Environment Security: Managed infrastructure with controlled administration, access restriction mechanisms, monitoring and diagnostic processes, network protections, and security-conscious operational procedures.

Monitoring, Logging & Operational Oversight: Platform integrity management, performance monitoring, operational diagnostics, security detection, incident response, and misuse prevention activities.

Security Incident Response: Protective, investigative or remedial actions including restricting access, investigating suspicious activity, implementing protective measures, and preserving operational logs where appropriate.

User Security Responsibilities: Protecting login credentials, maintaining secure access devices, managing internal permissions, reporting suspected security concerns, and maintaining appropriate internal security procedures.

No Absolute Security Guarantee: Despite operational safeguards, users acknowledge that no digital platform can guarantee absolute security or uninterrupted operation.

Users and organisations accessing Gestrix Hub remain responsible for their own activities, operational practices, internal governance procedures and information management decisions.

Professional & Lawful Platform Usage: The Platform must not be used in violation of applicable laws, for fraudulent activities, to interfere with platform operations, to attempt unauthorised access, to upload malicious code, or to engage in activities capable of compromising platform integrity.

Accuracy & Appropriateness of Information: Organisations remain solely responsible for ensuring that information entered is accurate, lawfully obtained, appropriate, and managed in accordance with internal policies.

Internal Access Governance: Organisations are responsible for authorising appropriate personnel, reviewing permissions, removing access for former personnel, and maintaining internal oversight.

Prohibited Activities: Attempting unauthorised access, reverse engineering, interfering with platform functionality, introducing malicious software, uploading unlawful content, or engaging in abusive or operationally disruptive conduct.

Platform Suspension & Restriction: Where reasonably necessary to protect platform integrity, security or other users, Gestrix Hub may suspend or restrict access in circumstances involving suspected misuse, security concerns, or policy violations.

Information may be retained for periods reasonably necessary to support platform functionality, operational continuity, security monitoring, system maintenance, legal obligations, operational analytics, and customer support.

Organisational Control: Organisations remain responsible for maintaining internal records management practices, determining organisational retention requirements, and ensuring compliance with sector-specific obligations.

Backup & Recovery Processes: Information may be included within backup, restoration or recovery environments for continuity, resilience and disaster recovery purposes. Residual information may remain temporarily in backup environments following deletion due to operational recovery cycles.

Account Closure: Following discontinuation of use, certain information may continue to be retained for operational continuity, security, audit, legal or resolution of disputes.

No Guarantee of Permanent Storage: The Platform is not intended to function as a permanent archival preservation service unless explicitly agreed otherwise. Organisations should maintain independent records management practices.

Gestrix Hub may utilise, integrate with or depend upon third-party technologies, infrastructure environments, communication systems or external digital services for platform functionality, scalability, operational resilience, analytics, security, and management.

Third-party service providers may operate under their own privacy practices, security frameworks, terms and conditions. Gestrix Hub seeks to utilise reputable technologies but does not assume responsibility for independent third-party practices.

Platform Integrations: The Platform may support integrations with external systems, databases, communication tools, authentication systems, or analytical technologies. Organisations remain responsible for assessing the appropriateness and security of any integrations they enable.

External Links: The Platform or associated materials may contain links to external websites. Gestrix Hub does not assume responsibility for external privacy practices, content, or security.

Information Sharing Limitations: Gestrix Hub does not sell customer-controlled information to third parties. Information may be shared only where reasonably necessary for platform operations, infrastructure, security, legal obligations, or customer-authorised integrations.

Gestrix Hub is intended to function as a structured intelligence and operational visibility platform. The Platform is not a legal advisory service, regulatory certification authority, financial assurance provider, or substitute for professional consultancy.

No Guarantee of Outcomes: The Platform does not guarantee business outcomes, funding, regulatory approval, data accuracy independent of user inputs, or organisational performance improvements.

No Absolute Security or Availability Guarantee: No digital system can guarantee absolute security or uninterrupted availability. Operational interruptions, service limitations, technical failures, cyber threats, or external disruptions may occur.

Organisational Responsibility: Organisations remain fully responsible for information entered, internal governance, regulatory compliance, interpretation of platform outputs, and operational decision-making.

Limitation of Liability: To the maximum extent permitted by law, Gestrix Hub shall not be liable for indirect, incidental, consequential, or business-related losses arising from use of the Platform, platform interruptions, loss of data, reliance upon outputs, security incidents beyond reasonable control, or external third-party dependencies.

User Assumption of Risk: By using Gestrix Hub, users acknowledge and accept that digital platforms inherently involve operational, technological and cybersecurity risks. Users assume responsibility for assessing suitability, maintaining independent governance, and exercising professional judgement.

Gestrix Hub seeks to operate within a framework of responsible legal, regulatory and governance-conscious practices appropriate to modern digital platform environments.

Organisational Responsibility for Compliance: Organisations remain solely responsible for compliance with applicable laws and regulations, internal governance, sector-specific obligations, and regulatory reporting.

No Regulatory Certification: Unless explicitly stated otherwise, Gestrix Hub does not certify organisational compliance, provide regulated advisory services, or guarantee regulatory approval outcomes. Organisations should seek independent professional advice where necessary.

Operational Cooperation: Gestrix Hub may cooperate with lawful operational, regulatory or legal processes where reasonably necessary and legally appropriate, including for security investigations, platform integrity protection, and enforcement of operational policies.

Continuing Validity: If any provision is determined to be unenforceable, the remaining provisions shall continue to apply.