PRIVACY POLICY

Effective Date: 13 May 2026 | Last Updated: 13 May 2026
Version 1.1

This Privacy Policy explains how Nagram LTD (“Nagram”, “we”, “us”, or “our”) collects, uses, stores, shares, and otherwise processes personal data when you visit or use https://www.nagram.net (the “Website”), subscribe to our services, contact us, or interact with our digital content platform. Nagram is committed to protecting personal data and handling it responsibly in accordance with applicable data protection laws, including the UK General Data Protection Regulation (UK GDPR), the EU General Data Protection Regulation (EU GDPR) where applicable, the UK Data Protection Act 2018, and other relevant privacy laws. This Privacy Policy is provided in accordance with our transparency obligations under UK GDPR Articles 13 and 14 and the Data Protection Act 2018.

1. Introduction

Your privacy matters to us. This Privacy Policy describes:

  • what information we collect;
  • how we collect it;
  • why we use it;
  • the legal grounds for processing;
  • when we may share it;
  • your rights; and
  • how to contact us.

By using the Website, contacting us, or otherwise interacting with us, you acknowledge this Privacy Policy.

2. Who We Are / Data Controller

For the purposes of applicable data protection law, the data controller is:
Nagram LTD
Company Registration Number: 15833908.
B10 Harben House, Tickford Street, Newport Pagnell, England, MK16 9EY
Email: info@nagram.net
Data Protection Contact: info@nagram.net (marked for the attention of Data Protection)

Where another group company, payment provider, or service provider independently determines how your personal data is processed, that party may act as a separate controller or processor, depending on the circumstances. Where a third party acts as a joint controller, we will inform you of the arrangement and the allocation of responsibilities under Article 26 UK GDPR.

3. Scope of this Policy

This Privacy Policy applies to personal data collected through:

  • our Website;
  • subscription sign-up flows;
  • account creation or login systems, where offered;
  • payment and billing interactions;
  • customer support communications;
  • marketing communications;
  • use of digital content and platform features;
  • cookies and similar technologies;
  • any other interactions with Nagram in connection with our services.

This Privacy Policy does not apply to third-party websites, platforms, or services that may be linked from our Website.

4. Information We Collect

Depending on how you interact with us, we may collect the following categories of personal data:

  • Identity data;
  • Contact data;
  • Account credentials;
  • Billing and transaction data;
  • Technical and device data;
  • Usage and interaction data;
  • Marketing preference data;
  • Customer service records;
  • Fraud prevention and security data;
  • Communications data.

We only collect personal data where reasonably necessary for legitimate business purposes or legal compliance. We do not process special categories of personal data (Article 9 UK GDPR) or data relating to criminal convictions (Article 10 UK GDPR) unless strictly necessary for a specific purpose and supported by an appropriate legal basis and safeguard. Where such processing is required, we will notify you separately.

5. Account Registration Data

Where account registration is available, we may collect: Full name or username; Email address; Password or authentication credentials (stored securely); Country or region; Subscription status; Preferences and settings; Login history and security records. [cite: 274, 275, 276, 277, 278, 279, 280, 281]

You are responsible for ensuring that information you provide is accurate and kept up to date. Passwords are stored using industry-standard hashing and are not accessible to Nagram personnel in plain text.

6. Subscription and Billing Information

If you purchase a subscription or paid service, we may process information such as: Selected subscription plan; Order details; Billing country; Currency; VAT / tax information where applicable; Renewal status; Payment confirmation status; Refund, chargeback, or cancellation records; Internal account references. [cite: 285, 286, 287, 288, 289, 290, 291, 292, 293, 294]

We may retain transaction-related records for accounting, fraud prevention, audit, and legal compliance purposes. Billing records are retained for a minimum of 6 years from the end of the relevant tax year, in accordance with HMRC requirements under the Taxes Management Act 1970. Where chargeback or dispute records are involved, retention may extend for the duration of any related proceedings.

7. Payment Card Processing

Nagram does not necessarily process or store full payment card details directly. Payments may be handled by regulated third-party payment processors such as Stripe, Checkout.com, Paddle, Adyen, or equivalent providers. Those providers may collect payment card details, billing addresses, anti-fraud information, and transaction metadata under their own privacy notices and compliance frameworks. We may receive limited payment-related information, such as payment status, last four digits of card (where provided), card type, transaction identifier, subscription renewal status, and fraud or verification outcomes. All payment processors used by Nagram are required to be PCI-DSS compliant. They act as independent data controllers or data processors (as applicable) and their own privacy notices govern their handling of cardholder data. We enter into Data Processing Agreements with processors acting in that capacity in accordance with Article 28 UK GDPR.

8. Contact Requests and Customer Support

If you contact us, we may collect name, email address, message content, account reference details, support history, and attachments or evidence you voluntarily provide. We use this information to respond to enquiries, resolve issues, verify users, and improve support quality. Customer support records are retained for up to 3 years from the date of last interaction, unless a longer retention period is required for dispute resolution or legal proceedings.

9. Usage, Device and Technical Data

When you access the Website or services, we may automatically collect IP address, browser type and version, device identifiers, operating system, language settings, time zone, referral URLs, pages viewed, clickstream data, session data, crash logs, diagnostic information, and approximate location inferred from IP. This helps us maintain security, improve performance, and optimise user experience. Technical and device data is retained for up to 13 months unless a longer retention period is required for security investigations or legal proceedings. IP addresses are processed on the basis of legitimate interests (fraud prevention and security) and will be anonymised or deleted after the applicable retention period.

10. Marketing Preferences

We may collect and store your preferences regarding email marketing, product updates, promotional offers, newsletter subscriptions, consent status, and opt-out history. Where required by law, we will only send direct marketing communications with valid consent or another lawful basis. In the United Kingdom, direct marketing by electronic means (email, SMS) is regulated by the Privacy and Electronic Communications Regulations 2003 (PECR). We will only send marketing emails to existing customers where the soft opt-in exemption applies under Regulation 22 PECR, or with prior express consent. You may opt out of marketing communications at any time. We will process opt-out requests promptly. Marketing consent records are retained for 3 years from the date of consent or last interaction.

11. How We Collect Data

We may collect personal data: directly from you when you register, subscribe, purchase, or contact us; automatically through cookies and analytics tools; from payment processors regarding transaction outcomes; from fraud prevention vendors; from advertising or marketing partners, where lawful; from publicly available sources where necessary; from service providers supporting our operations. [cite: 322, 323, 324, 325, 326, 327, 328, 329]

12. Legal Bases for Processing (UK GDPR / EU GDPR)

The following sets out the legal basis under UK GDPR (and EU GDPR where applicable) for each principal processing activity.

  • Contractual Necessity (Article 6(1)(b) UK GDPR)
    To provide subscriptions, manage accounts, process payments, and deliver services.
  • Legitimate Interests (Article 6(1)(f) UK GDPR)
    To operate our business, improve services, secure systems, prevent fraud, provide support, and conduct proportionate marketing where lawful. We carry out a Legitimate Interests Assessment (LIA) for each processing activity relying on this basis. Details of relevant LIAs are available on request.
  • Consent (Article 6(1)(a) UK GDPR)
    For cookies, certain analytics tools, and direct marketing where legally required under PECR or UK GDPR. Where processing is based on consent, you have the right to withdraw consent at any time. Withdrawal does not affect the lawfulness of processing carried out before withdrawal.
  • Legal Obligation (Article 6(1)(c) UK GDPR)
    To comply with tax, accounting, anti-fraud, consumer law, regulatory, and law enforcement requirements.
  • Vital Interests / Legal Claims (Article 6(1)(d)/(f) UK GDPR)
    Where necessary to protect rights, safety, or establish, defend, or enforce legal claims.

13. How We Use Personal Data

We may use personal data to: create and manage accounts; provide subscription access; authenticate users; process purchases and renewals; deliver digital content; improve content relevance; provide customer support; detect fraud and abuse; enforce our terms; maintain system security; communicate service notices; send marketing where lawful; analyse business performance; meet legal obligations. [cite: 347, 348, 349, 350, 351, 352, 353, 354, 355, 356, 357, 358, 359, 360, 361]

We will not use personal data for any purpose that is materially incompatible with those described in this Policy without first providing updated notice and, where required, obtaining fresh consent. The purpose limitation principle under Article 5(1)(b) UK GDPR applies to all our processing activities.

14. Digital Content Delivery and Service Operations

We may process user data to enable access to content categories such as music, games, e-sports, health and fitness content, language learning materials, lifestyle content, sports updates, and other premium digital experiences. Content availability may vary by territory, device type, licensing restrictions, technical compatibility, or commercial decisions.

15. Sharing Data with Service Providers

We may share personal data with trusted third parties where reasonably necessary, including payment processors, hosting providers, cloud infrastructure vendors, CDN providers, email delivery providers, CRM systems, customer support platforms, analytics vendors, security monitoring services, fraud prevention partners, professional advisers, and regulators or authorities where required. All third-party processors are subject to a written Data Processing Agreement in accordance with Article 28 UK GDPR before any personal data is shared. We conduct reasonable due diligence on their security and compliance standards prior to engagement. Where a processor sub-contracts any processing, we require that sub-processors are bound by equivalent obligations. In the event of a sale, merger, or restructuring of our business, personal data may be transferred to a successor entity. We will notify you of any such transfer and of the identity of the new data controller before the transfer takes place, and will confirm whether your rights and this Privacy Policy continue to apply.

16. International Transfers

Because we operate online and may use international service providers, your personal data may be transferred outside the UK or EEA. Where such transfers occur, we aim to implement appropriate safeguards, which may include: UK International Data Transfer Addendum (IDTA) to Standard Contractual Clauses; Standard Contractual Clauses approved by the European Commission (for EU transfers); adequacy decisions made by the UK Secretary of State or the European Commission; equivalent lawful safeguards. [cite: 376, 377, 378, 379, 380]

A list of the countries to which personal data may be transferred and the safeguards applicable to each transfer is available on request by contacting info@nagram.net. For transfers from the UK to the United States, we rely on the UK-US Data Bridge (where applicable) or the UK IDTA. For transfers from the EEA to the UK, we rely on the European Commission’s adequacy decision in respect of the UK, subject to any revisions to that decision.

17. Cookies and Tracking Technologies

We may use cookies, pixels, SDKs, tags, and similar technologies for website functionality, security, remembering preferences, analytics, performance monitoring, marketing attribution, and fraud prevention. Where legally required under PECR and UK GDPR, we will seek consent before placing non-essential cookies. Please refer to our Cookie Policy for further details.

18. Data Retention

We retain personal data only for as long as reasonably necessary for the purposes described in this Privacy Policy. The following indicative retention periods apply:

  • Account and subscription records: for the duration of the account and for 6 years following closure, in accordance with the Limitation Act 1980 (standard contractual limitation period);
  • Billing and tax records: minimum 6 years from the end of the relevant tax year (HMRC requirement);
  • Customer support records: up to 3 years from last interaction;
  • Marketing consent records: 3 years from date of consent or last interaction;
  • Technical/device logs: up to 13 months;
  • Fraud prevention records: up to 6 years, or longer where required for ongoing investigations or legal proceedings.

Upon expiry of the applicable retention period, personal data will be securely deleted or anonymised in accordance with our data disposal procedures.

19. Security Measures

We implement proportionate technical and organisational measures designed to protect personal data, including where appropriate access controls, encryption in transit, secure payment integrations, monitoring and logging, authentication controls, role-based permissions, vendor due diligence, and incident response procedures. No internet-based system can be guaranteed completely secure. In the event of a personal data breach that is likely to result in a risk to the rights and freedoms of individuals, we will notify the Information Commissioner’s Office (ICO) without undue delay and, where feasible, in accordance with Article 33 UK GDPR. Where the breach is likely to result in a high risk, we will notify affected individuals without undue delay in accordance with Article 34 UK GDPR.

20. Your Privacy Rights

Subject to applicable law, you have the following rights under UK GDPR:

  • Right of access (Article 15): to request a copy of the personal data we hold about you.
  • Right to rectification (Article 16): to correct inaccurate or incomplete data.
  • Right to erasure (Article 17): to request deletion of your data in certain circumstances.
  • Right to restriction (Article 18): to restrict our processing in certain circumstances.
  • Right to object (Article 21): to object to processing based on legitimate interests or for direct marketing.
  • Right to data portability (Article 20): to receive your data in a structured, machine-readable format.
  • Right to withdraw consent (Article 7(3)): at any time, where processing is based on consent.
  • Right to lodge a complaint: with the ICO at www.ico.org.uk.

We may need to verify identity before fulfilling requests. We will respond to all data subject requests within one calendar month of receipt. Where requests are complex or numerous, we may extend this by a further two months, in which case we will notify you of the extension within the first month. We will not charge a fee for handling requests unless they are manifestly unfounded or excessive.

21. Direct Marketing Rights

You may opt out of marketing communications at any time by clicking unsubscribe links, updating account preferences (if available), or contacting us at info@nagram.net. Service or transactional messages may still be sent where necessary. Your right to object to direct marketing under Article 21(2) UK GDPR is absolute. We will honour all such objections promptly and without charge. Opting out of marketing will not affect your access to paid Services.

22. Account Closure / Cancellation Requests

You may request account closure or subscription cancellation in accordance with applicable contractual terms and billing conditions. Closure of an account does not necessarily require immediate deletion of all records where retention is required for accounting, fraud prevention, legal obligations, dispute handling, or security records. Upon account closure, we will delete or anonymise personal data that is no longer required for a lawful purpose within a reasonable period, subject to the retention periods set out in Clause 18.

23. Children’s Privacy

Our services are not intentionally directed to children where consent of a parent or guardian would be required under applicable law. If we become aware that personal data has been collected from a child unlawfully, we may delete such data or take appropriate remedial steps. Under UK law, the age of digital consent for information society services is 13 years (Data Protection Act 2018, section 9). We do not knowingly collect personal data from children under the age of 13. Where a user is between 13 and 18, parental or guardian consent may be required for certain services or content categories. Where required by the Online Safety Act 2023 or related secondary legislation, age assurance measures may be implemented.

24. Automated Decision Making / Fraud Prevention

We may use automated tools or risk scoring systems to detect suspicious transactions, payment fraud, abuse, account misuse, or security threats. This may result in transactions being delayed, reviewed, declined, or accounts being subject to additional verification. Where solely automated decision-making produces a decision with a legal or similarly significant effect on you (such as account suspension or subscription refusal), you have the right under Article 22 UK GDPR to: (i) request human review of the decision; (ii) express your point of view; and (iii) contest the decision. To exercise these rights, please contact info@nagram.net.

25. Third Party Links and Content

Our Website or services may contain links to third-party platforms, brands, or content providers. We are not responsible for the privacy practices of third-party websites or services. Users should review their separate privacy notices.

26. Changes to This Policy

We may update this Privacy Policy from time to time to reflect legal changes, operational updates, new services, technology changes, or regulatory guidance. Where changes are material , including changes to the purposes of processing, the legal bases relied upon, or the categories of recipients , we will provide advance notice of not less than 30 days by prominent notice on the Website. Where required by applicable law, we will re-obtain consent before any new or incompatible processing commences.

27. Contact Details

For privacy enquiries, data requests, or complaints, please contact:
Nagram LTD
B10 Harben House, Tickford Street, Newport Pagnell, England, MK16 9EY
Email: info@nagram.net
Supervisory Authority: Information Commissioner’s Office (ICO), Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF. Tel: 0303 123 1113. Website: www.ico.org.uk