Privacy Policy

Hydrolize Limited t/a Origin Aqua

Registered in England & Wales | Company No: 1191322

Effective date: 20.04.2026 | Version 1.0

 

1. Who We Are

Hydrolize Limited (trading as Origin Aqua) is a company registered in England and Wales. In this privacy policy, "we", "us" or "our" refers to Hydrolize Limited. Trading as Origin Aqua, we develop and supply the Mineral+Biome® pool water treatment system — a chemical-free, mineral-based filtration technology for residential and commercial swimming pools.

We are the data controller for the personal data described in this policy. This means we determine the purposes and means by which your personal data is processed.

Registered address: Newminster House, Baldwin Street, Bristol, England, BS1 1LT
Contact: info@origin-aqua.com

 

2. Scope of This Policy

This policy applies to all personal data we collect and process in connection with:

  • your use of our websites at www.origin-aqua.com, www.originaqua.com and any associated subdomains
  • enquiries submitted via our contact forms, by email or telephone
  • our installer partner programme, including onboarding, account management, and B2B marketing communications
  • any events, trade shows, or demonstrations at which we collect your information
  • any other interactions you have with us as a business

This policy does not apply to third-party websites linked to from our site. We encourage you to review the privacy policies of any external sites you visit.

 

3. Personal data we collect

3.1 Data You Provide Directly

When you contact us, submit an enquiry, register as a partner installer, or otherwise interact with us, we may collect:

    • Identity data: first name, last name, job title, company name
    • Contact data: email address, telephone number, postal address
    • Professional data: company registration details, trade qualifications, installer accreditations, and references
    • Commercial data: details of pool projects, client requirements, purchase history, and account preferences
    • Communications data: the content of enquiries, correspondence, and notes from telephone or in-person conversations

3.2 Data Collected Automatically

When you visit our website, we or our technology partners automatically collect certain technical and usage data, subject to your cookie preferences:

    • Technical data: IP address, browser type and version, operating system, device type, time zone
    • Usage data: pages visited, time spent on page, referring URL, click interactions, and journey through the site
    • Cookie and tracking data: as described in our Cookie Policy

3.3 Data From Third Parties

We may receive personal data about you from: 

    • Approved installer partners who refer their clients or associates to us
    • Publicly available sources such as Companies House or LinkedIn, where we are researching a business relationship
    • Our technology platform HubSpot, which consolidates data from our contact forms and email interactions

3.4 Data We Do Not Collect

We do not intentionally collect special category personal data (such as health, biometric, racial, or religious data), nor do we target our services at children under the age of 18. If you believe we have inadvertently received such data, please contact us at info@origin-aqua.com so we can delete it promptly.

    • Approved installer partners who refer their clients or associates to us
    • Publicly available sources such as Companies House or LinkedIn, where we are researching a business relationship
    • Our technology platform HubSpot, which consolidates data from our contact forms and email interactions

 

4. How and Why We Use Your Personal Data

UK GDPR requires us to have a lawful basis for each processing activity. The table below sets out our processing activities, the personal data involved, and the lawful basis we rely upon.

Processing Activity Data Basis
Responding to website enquiries and contact form submissions Identity, contact, communications data Legitimate interests – responding to a direct enquiry that is within the reasonable expectations of the enquirer
Sending marketing communications to prospective B2C customers who have opted in Identity, contact data Consent – obtained via opt-in at point of data collection
Sending marketing communications to B2B installer contacts (businesses and sole traders) Identity, contact, professional data Legitimate interests – marketing to businesses in a related trade where there is clear commercial relevance and no overriding prejudice to the individual
Managing installer partner accounts, onboarding, and the partner programme Identity, contact, professional, commercial data
Performance of a contract (or pre-contractual steps at the installer's request)
Improving our website and understanding how it is used Technical, usage data, cookie data Consent – via the cookie banner for analytics cookies
Complying with legal obligations (e.g. tax, accounting, responding to regulatory requests) Identity, contact, commercial data as applicable Legal obligation
Protecting the security of our systems and preventing fraud
Technical, identity data Legitimate interests – maintaining the security and integrity of our systems

 

5. Marketing Communications

5.1 Consumer (B2C) Marketing

We will only send marketing communications to individual consumers (private pool owners) where you have given us your explicit consent to do so. You may withdraw consent at any time by clicking the unsubscribe link in any of our emails or by contacting us at info@origin-aqua.com.

5.2 Installer Partner (B2B) Marketing

Where you have engaged with us in a business context – for example, by requesting information about our installer programme, attending a trade event, or providing your business card – we may contact you about our products and services using the soft opt-in provisions of the Privacy and Electronic Communications Regulations (PECR) and the legitimate interests basis under UK GDPR.

You have the right to opt out of B2B marketing at any time by emailing info@origin-aqua.com or using the unsubscribe link in any communication. We will action all opt-out requests within five working days.

 

6. Cookies and Tracking Technologies

We use cookies and similar tracking technologies on our website. Our cookie banner allows you to control which categories of cookies are set. The categories we use are:

  • Strictly necessary cookies – essential for the website to function. These do not require your consent.
  • Analytics and performance cookies – help us understand how visitors use the site (Google Analytics / GA4, HubSpot Analytics). Set only with your consent.
  • Marketing and personalisation cookies – used to measure campaign effectiveness and serve relevant content (Meta Pixel, LinkedIn Insight Tag). Set only with your consent.

For full details of every cookie we set – including name, purpose, provider, and expiry – please see our Cookie Policy at www.origin-aqua.com/cookie-policy.

 

7. Third-Party Processors

We share your personal data with the following categories of third party, each of whom acts as a data processor on our behalf under written data processing agreements:

HubSpot, Inc. – CRM, marketing automation, contact forms, and email delivery [USA (EU Standard Contractual Clauses in place)]

Google LLC – Analytics (GA4) and productivity tools [USA (EU Standard Contractual Clauses in place)]

Meta Platforms, Inc. – Meta Pixel – marketing performance measurement [USA (EU Standard Contractual Clauses in place)]

LinkedIn Corporation – LinkedIn Insight Tag – B2B marketing analytics [USA (EU Standard Contractual Clauses in place)]

Website hosting provider – HubSpot, Inc. – hosting and infrastructure [Cloudflare London, LLC]

Professional advisors — Legal, accountancy, and insurance services (under confidentiality obligations) [UK]

We do not sell your personal data to any third party, and we do not permit our processors to use your data for their own marketing purposes.



8. International Data Transfers

Several of our technology partners – including HubSpot, Google, Meta, and LinkedIn – process personal data in the United States. As the United Kingdom has not recognised the USA as providing an adequate level of data protection, we ensure appropriate safeguards are in place by relying on Standard Contractual Clauses (SCCs) approved for use in the UK context (known as the UK Addendum to the EU SCCs, published by the ICO).

Where we market to individuals in the European Union, the same SCCs apply under EU GDPR. We do not transfer personal data to any country that we do not believe has an adequate safeguard framework in place.

 

9. How Long We Keep Your Data

We retain personal data only for as long as is necessary for the purpose for which it was collected, or as required by law. Our standard retention periods are:

Enquiry and contact data: 3 years from last interaction, or until you withdraw consent / object

Installer partner account data: Duration of the partnership plus 7 years (to meet financial record-keeping obligations)

Marketing consent records: 5 years from the date of consent (to demonstrate compliance)

Website analytics data: 26 months (Google Analytics default; configurable)

Financial and transactional records: 7 years (Companies Act / HMRC requirements)

Cookie consent records: 180 days (duration of consent cookie) plus 1 year for audit purposes

When data is no longer required, we securely delete or anonymise it.

 

10. Your Rights

Under UK GDPR (and EU GDPR for our EU-based contacts), you have the following rights in relation to your personal data:

Right of access — You may request a copy of the personal data we hold about you (a Subject Access Request). We will respond within one calendar month.

Right to rectification — You may ask us to correct inaccurate or incomplete data without undue delay.

Right to erasure ("right to be forgotten") — You may ask us to delete your personal data where we no longer have a legitimate reason to retain it, subject to our legal obligations.

Right to restriction of processing — You may ask us to limit how we use your data in certain circumstances, for example whilst a complaint is being investigated.

Right to data portability — Where processing is based on consent or contract and is carried out by automated means, you may ask us to provide your data in a structured, machine-readable format.

Right to object — You may object at any time to processing based on legitimate interests. We will cease processing unless we can demonstrate compelling legitimate grounds.

Right to withdraw consent — Where we rely on consent, you may withdraw it at any time. Withdrawal does not affect the lawfulness of processing prior to withdrawal.

Rights related to automated decision-making — We do not carry out solely automated decision-making (including profiling) that produces legal or similarly significant effects.

To exercise any of these rights, please contact us at info@origin-aqua.com or in writing to our registered address. We may need to verify your identity before processing your request.

 

11. How to Make a Complaint

If you have concerns about how we handle your personal data, we encourage you to contact us first at info@origin-aqua.com. We aim to resolve all privacy complaints within 30 days.

If you remain unsatisfied, you have the right to lodge a complaint with the relevant supervisory authority.

 

12. How We Protect Your Data

We implement appropriate technical and organisational security measures to protect your personal data against unauthorised access, accidental loss, destruction, or disclosure. These measures include:

  • Encrypted data transmission (TLS/HTTPS) across all Origin Aqua web properties
  • Access controls limiting data access to personnel who require it for their role
  • Regular review of our third-party processor agreements and security certifications
  • Staff awareness of data protection obligations

Notwithstanding these measures, no internet transmission is entirely secure. If you believe your data has been compromised, please contact us immediately at privacy@origin-aqua.com.

 

13. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our processing activities, legal requirements, or business operations. When we make material changes, we will update the effective date at the top of this document and, where appropriate, notify you by email or via a prominent notice on our website.

We encourage you to review this policy periodically. Your continued use of our website or services after a policy update constitutes acceptance of the revised terms.

 

14. Contact Us

For any questions, requests, or concerns relating to this Privacy Policy or our data practices, please contact:

Data Controller: Hydrolize Limited t/a Origin Aqua

Email: info@origin-aqua.com

Address: Newminster House, Baldwin Street, Bristol, England, BS1 1LT

 

Hydrolize Limited t/a Origin Aqua – Privacy Policy Version 1.0 – Effective 20.04.2026 – www.origin-aqua.com