Last updated: January 2026

Privacy Policy

1. Introduction 

This Privacy Policy explains how IT WORKHOUSE Ltd (“ITW”, “we”, “us”, “our”) collects, uses, stores, and protects your personal data when you use our website, engage our services, or interact with us as a customer, prospective customer, supplier, or business contact. 

We are committed to protecting your privacy and handling your personal data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. 

2. Data Controller 

IT WORKHOUSE Ltd is the data controller responsible for your personal data. 

3. Information We Collect 

We may collect and process the following types of personal data: 

3.1 Information You Provide 

• Contact details: name, email address, telephone number, postal address 

• Business information: company name, job title, employer organisation 

• Account credentials for systems we manage on your behalf 

• Payment information for processing invoices 

• Any other information you provide when corresponding with us or using our services 

3.2 Information Collected Automatically 

• Technical data when you visit our website: IP address, browser type, operating system, pages visited 

• Device information from systems we monitor and support under an IT Support Pack 

• Usage data from our remote monitoring and management tools 

4. How We Use Your Information 

We use your personal data for the following purposes: 

• To provide IT support, managed services, and related technical services 

• To maintain and update customer records and asset inventories 

• To process payments and manage our accounting 

• To communicate with you about our services, support requests, and updates 

• To comply with legal and regulatory obligations 

• To improve our website and services 

• To send you information about our services that may be of interest to you (where you have consented or we have a legitimate interest) 

5. Legal Basis for Processing 

We process your personal data on the following legal grounds: 

• Contract: Where processing is necessary to perform our contract with you or to take steps at your request before entering into a contract 

• Legitimate interests: Where processing is necessary for our legitimate business interests, such as managing our customer relationships and improving our services 

• Legal obligation: Where processing is necessary to comply with a legal obligation 

• Consent: Where you have given explicit consent to the processing, such as for marketing communications 

6. Who We Share Your Data With 

We will never sell your personal data to third parties. However, we may share your data with the following categories of recipients: 

• Third party service providers who assist us in delivering our services (see Section 7) 

• Professional advisers such as accountants and lawyers 

• Regulatory authorities, law enforcement, or other parties where required by law 

• Auditors or certification bodies for compliance purposes 

7. Third Party Service Providers (Sub-processors) 

We use the following third party services in the delivery of our business operations. These providers may process personal data on our behalf: 

All third party providers are required to maintain appropriate security measures and process data only in accordance with our instructions and applicable data protection law. Some providers may transfer data outside the UK; where this occurs, we ensure appropriate safeguards are in place. 

8. International Data Transfers 

Some of our third party service providers are based outside the UK or European Economic Area. Where we transfer personal data internationally, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses approved by the UK Government, or transfers to countries deemed adequate by the UK. Please contact us if you require more information about specific safeguards. 

9. Data Retention 

We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, or as required by law. Our standard retention periods are: 

• Active customer data: For the duration of our business relationship plus 31 days 

• Financial records: 7 years (as required by UK tax law) 

• Marketing contacts: Until consent is withdrawn or 3 years of inactivity 

• Website analytics data: 26 months (Google Analytics default) 

10. Your Rights 

Under data protection law, you have the following rights: 

• Right of access: You may request a copy of the personal data we hold about you 

• Right to rectification: You may request correction of inaccurate or incomplete data 

• Right to erasure: You may request deletion of your data in certain circumstances 

• Right to restrict processing: You may request that we limit how we use your data 

• Right to data portability: You may request a copy of your data in a structured, machine-readable format 

• Right to object: You may object to processing based on legitimate interests or for direct marketing 

• Right to withdraw consent: Where we rely on consent, you may withdraw it at any time 

To exercise any of these rights, please contact Alex Robertson at alex@itworkhouse.co.uk. We will respond to your request within one month. 

11. Cookies 

Our website uses cookies to enhance your browsing experience and analyse website traffic. 

11.1 What Are Cookies 

Cookies are small text files stored on your device when you visit a website. They help websites function properly and provide information to website owners. 

11.2 Cookies We Use 

• Essential cookies: Required for the website to function (e.g., session management, security) 

• Analytics cookies: We use Google Analytics to understand how visitors use our website. These cookies collect anonymised data about page visits and user behaviour 

• Preference cookies: Remember your choices such as language preference 

11.3 Managing Cookies 

When you first visit our website, you will see a cookie banner allowing you to accept or decline non-essential cookies. You can change your preferences at any time through your browser settings. Please note that disabling certain cookies may affect website functionality. 

For more information about Google Analytics and how to opt out, visit: https://tools.google.com/dlpage/gaoptout 

12. Data Security 

We take appropriate technical and organisational measures to protect your personal data against unauthorised access, loss, or destruction. These measures include: 

• Encryption of data in transit and at rest 

• Multi-factor authentication on all systems 

• Regular security assessments and updates 

• Staff training on data protection 

• Cyber Essentials certification 

IT WORKHOUSE Ltd is Cyber Essentials certified, demonstrating our commitment to cyber security best practices. 

13. Your Data Protection Obligations 

If you send us personal data about anyone other than yourself (for example, employee details for setting up accounts), you must ensure you have the appropriate consents and legal basis to share that data with us for the purposes described in this policy. 

14. Complaints 

If you have concerns about how we handle your personal data, please contact us first at alex@itworkhouse.co.uk. We will do our best to resolve any issues. 

You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO), the UK’s supervisory authority for data protection: 

• Website: https://ico.org.uk 

• Telephone: 0303 123 1113 

• Address: Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF 

15. Changes to This Policy 

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. The current version will always be available on our website. We encourage you to review this policy periodically. 

16. Contact Us 

If you have any questions about this Privacy Policy or our data protection practices, please contact: 

Alex Robertson, Managing Director 

IT WORKHOUSE Ltd 

The Old Workhouse, Higher Union Road 

Kingsbridge, Devon, TQ7 1EQ 

Email: alex@itworkhouse.co.uk