Business IT Services | UK-IT Group Ltd

Effective date: 1st October 2025
Last reviewed: 1st October 2025

Data Controller: UK-IT Group Limited
Address: 29 Flash Lane, Mirfield, West Yorkshire WF14 0PJ
ICO registration number: ZB941694
Contact: privacy@ukitgroup.co.uk

Accountable Person under DUAA 2025: Mr Rob Dean, Director

Who We Are and How to Contact Us

UK-IT Group Limited is committed to protecting your personal data. For privacy enquiries, contact privacy@ukitgroup.co.uk or write to our registered address above.

Summary (Plain English)

You have rights over your personal data. We collect, use, and protect data in line with strict regulations. Please don’t be unsure about how we manage your data. You can always ask what data we hold about you and request changes or deletions.

What data we collect

Depending on your relationship with us, we may collect:

Identity and contact details
Business contact details and job role
Contract, billing and payment information
Technical and usage data from our systems and websites
Support tickets, logs and recordings where you contact us
Recruitment information if you apply for a job

We do not routinely collect children’s data. If we ever need to, we will apply additional safeguards and, where consent is relied upon for an online service, we will obtain parental authorisation if the child is under 13.

Special category data (e.g., health or ethnicity) is only processed when necessary, in line with Article 9 UK GDPR and DPA 2018 Schedule 1.

Why We Use Your Data (Purposes of Processing)

We process personal data to:

Provide and support our services
Manage client, supplier, and partner relationships
Administer accounts, payments, and collections
Secure our IT systems and prevent fraud
Meet legal/regulatory obligations
Send service messages and lawful marketing updates

Each processing activity is based on a specific lawful basis under UK GDPR.

Our lawful bases

We rely on one or more of the following:

contract
legal obligation
legitimate interests (we perform a Legitimate Interests Assessment and our interests do not override your rights)
consent (for marketing and where legally required)
vital interests (emergency situations)

Where we process special category data, we will meet an Article 9 condition and applicable DPA 2018 Schedule 1 condition, and record safeguards in our Special Category Data Policy.

Where we get your data

directly from you
your employer or colleagues where we deliver services to your organisation
publicly available sources such as Companies House
service providers that support our operations
our websites and systems when you interact with them

Who we share your data with

trusted processors that host, support and secure our systems under written Data Processing Agreements
professional advisers, insurers and auditors
payment providers and banks
Regulatory/law enforcement authorities as required by law

We require all processors to follow our instructions and to apply appropriate technical and organisational measures.

International transfers

International transfers occur only where a UK adequacy regulation applies, or appropriate safeguards are in place such as the IDTA, the UK Addendum to the EU SCCs, or approved Binding Corporate Rules, supported by a Transfer Risk Assessment. We keep copies of the relevant safeguards available on request. We do not currently export personal data and will tell you if this changes.

How long we keep your data

We keep personal data only for as long as necessary for the purposes set out above. Typical examples are:

client contract records: 24 months after closure
staff and supplier records: 6 years
consent records: 6 years
complaints and breach logs: 6 years

Full details are in our Retention and Disposal Policy. We securely delete or anonymise data at the end of the retention period.

Your rights as a Data Subject

You have the right to:

be informed how your personal data is collected, used, stored
access your data (Subject Access Request – SAR)
correct inaccurate data
erase data in certain cases
restrict or object to processing
data portability
object to processing
challenge automated decisions and request human review

You can Email privacy@ukitgroup.co.uk to exercise these rights. We will respond without undue delay and within one month. We may extend by up to two further months for complex or multiple requests and will let you know if we do.

Marketing

Electronic marketing is governed by the Privacy and Electronic Communications Regulations 2003 (as amended) as well as UK GDPR. We send electronic marketing only with your consent, or under the soft opt-in if you are an existing customer. Business-to-business marketing is permitted in some cases. You can unsubscribe anytime via our emails or by contacting us. Preferences are always respected and recorded.

Our website uses cookies to ensure it functions properly, to improve your browsing experience, and to collect limited anonymous usage data where appropriate.

We review our use of cookies at least once a year, and whenever new tools or services are introduced, to ensure our practices remain accurate and compliant.

We use the following categories of cookies: strictly necessary, functional, analytics and marketing. Non-essential categories are only used if you consent via the banner. You can accept all, reject non-essential, or customise your choices at any time using the Manage Cookies link in our footer.

We do not list every individual cookie in this policy. This is a deliberate and considered decision. The short lifespan and ever-changing nature of cookies means that attempting to maintain an exhaustive list would be inaccurate, misleading, and a poor use of time. Cookie behaviours can change due to third-party updates, browser changes, or minor development adjustments, often without notice.

Instead, we take a practical and compliant approach by giving you control over your preferences. When you visit our website, you will be presented with a cookie banner that allows you to choose which non-essential cookies you would like to accept or reject. Please also see our cookie Policy.

We keep a secure record of cookie consent status for six years in line with our Retention and Disposal Policy.

A full list of cookies currently in use is available on request by contacting privacy@ukitgroup.co.uk

Children’s information

We do not routinely collect children’s data. If we ever need to, For online services, only children aged 13 or over can provide their own consent. Otherwise, we will seek consent from someone with parental responsibility. We apply high privacy settings by default and conduct Data Protection Impact Assessments where risks are high.

Automated decision-making and profiling

We do not make solely automated decisions that have legal or similarly significant effects. Where permitted, we will explain the logic, the significance, consequences, and provide a route for human review.

Security

We apply technical and organisational measures such as:

Access controls
Encryption
Multi-factor authentication
Continuous logging and monitoring

All personal data breaches are recorded and investigated. We notify the ICO within 72 hours when required, and affected individuals without undue delay if there’s a high risk to their rights.

Complaints

Please raise concerns with us first. Contact privacy@ukitgroup.co.uk. Under the DUAA 2025, our internal complaints process acknowledges within 30 days and replies without undue delay.

You may also contact the Information Commissioner’s Office (ICO):

Call 0303 123 1113
Online: www.ico.org.uk/complaints
Post: Information Commissioner’s Office, Wycliffe House, Water Lane,

Wilmslow, Cheshire, SK9 5AF

Changes to this notice

We will update this notice whenever our processing changes. The latest version will always be published here, with the effective date shown at the top.

Rob Dean

Director UK-IT Group Ltd.

Specializing in Remote IT Services and Solutions

UK-IT GROUP

+44 (0)1953 668239