Privacy Policy

This Privacy Policy explains how Zenith IT Limited (“we”, “us”, “our”) collects, uses, stores, and protects your personal data when you visit this website or enquire about our consulting services. We are committed to handling your data responsibly and in line with UK GDPR and the Data Protection Act 2018.

1. Who We Are

Zenith IT Limited is a UK-based business and technology consultancy. We are the data controller for personal data collected via this website.

• Email: hello@zenith-it.co.uk
• Website: zenith-it.co.uk

2. What Personal Data We Collect

We may collect the following types of personal data:

• Identity data — your name and job title, when provided via our contact form or enquiry process.
• Contact data — your email address, phone number, and company name.
• Message content — the contents of any messages or enquiries you send us.
• Technical data — your IP address, browser type, device type, and pages visited, where analytics cookies are enabled.
• Newsletter data — your email address if you subscribe to our newsletter.
• Correspondence data — records of emails, calls, or messages between you and Zenith IT.

We do not collect sensitive personal data (such as health, financial, or biometric data) through this website.

3. How We Collect Your Data

• Directly from you — when you fill in our contact or newsletter form, email us, or call us.
• Automatically — when you browse this website and analytics cookies are active (with your consent).

4. How We Use Your Personal Data

We only use your personal data for the purposes it was collected or for compatible reasons. Specifically:

• To respond to your enquiry and provide information about our services.
• To deliver, manage, and improve consultancy services if you become a client.
• To send you our newsletter if you have subscribed (with your consent).
• To analyse website usage and improve our online content (analytics cookies, with consent).
• To manage contracts, invoices, and business relationships.
• To comply with legal, regulatory, and accounting obligations.

5. Legal Basis for Processing

We process your personal data under the following legal bases as applicable:

• Consent — for newsletter subscriptions and analytics cookies.
• Contract — where processing is necessary to perform a contract with you (e.g. delivering services).
• Legitimate interests — for responding to business enquiries, improving our services, and website security.
• Legal obligation — where we are required to process data to comply with law.

6. Data Sharing

We do not sell, rent, or trade your personal data. We may share data in limited circumstances:

• Service providers — trusted third parties that help us operate the website or deliver services (e.g. hosting providers, email platforms). These processors are contractually bound to protect your data.
• Professional advisers — lawyers, accountants, and insurers, where necessary.
• Authorities — where we are required to do so by law or regulatory obligation.

7. Data Retention

We retain personal data only as long as necessary for the purpose it was collected, including any applicable legal, accounting, or reporting requirements. When data is no longer needed, it is securely deleted or anonymised.

• Enquiry data: up to 2 years, unless an engagement follows.
• Client data: for the duration of the engagement and up to 7 years thereafter for legal and accounting purposes.
• Newsletter data: until you unsubscribe.
• Analytics data: as governed by the applicable analytics tool's retention settings.

8. Your Rights

Under UK GDPR, you have the following rights regarding your personal data:

• Access — request a copy of the personal data we hold about you.
• Rectification — ask us to correct inaccurate or incomplete data.
• Erasure — request deletion of your personal data in certain circumstances.
• Restriction — ask us to limit how we use your data.
• Portability — receive your data in a machine-readable format where applicable.
• Object — object to processing based on legitimate interests.
• Withdraw consent — withdraw consent at any time where processing is based on consent (this will not affect processing already carried out).

To exercise any of these rights, contact us at hello@zenith-it.co.uk. We will respond within one calendar month.

9. Security

We implement appropriate technical and organisational measures to protect your personal data from unauthorised access, loss, alteration, or disclosure. This includes using HTTPS, access controls, and regular reviews of our security practices.

10. International Transfers

Where any of our service providers transfer data outside the United Kingdom, we ensure appropriate safeguards are in place (such as standard contractual clauses or adequacy decisions) to protect your data in line with UK data protection law.

11. Cookies

This website uses cookies. For full details of the cookies we use and how to manage your preferences, see our Cookie Policy.

12. Children

This website is not directed at children under 13. We do not knowingly collect personal data from children. If you believe we have inadvertently collected such data, please contact us and we will delete it promptly.

13. Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be published on this page with a revised effective date. We encourage you to check this page periodically.

14. How to Complain

If you are not satisfied with how we handle your data, you have the right to lodge a complaint with the UK Information Commissioner’s Office:

• ico.org.uk/make-a-complaint
• ICO Helpline: 0303 123 1113

15. Contact

For any data protection enquiries, please contact us at hello@zenith-it.co.uk or via our contact page.