Privacy Policy

Small Business IT Support London Ltd  |  Last updated: April 2026

Summary

We are committed to protecting your personal data and handling it responsibly in compliance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. This policy explains what data we collect, why, and how you can exercise your rights.

1. Who We Are

Small Business IT Support London Ltd (“we”, “us”, “our”) is an IT support and managed services provider based in London. We provide IT support, cybersecurity services, network support, cloud services, and related technology solutions to small and medium-sized businesses.

We are the data controller of the personal information you provide to us. Our registered address is 4 Montpelier Street, London SW7 1EE.

2. Information We Collect

We collect and process personal data when you interact with our website, contact us, or engage our services. The types of data we may collect include:

Identity data: name, job title, company name

Contact data: email address, phone number, business address

Technical data: IP address, browser type, device information, pages visited, and time spent on our website (collected via cookies and analytics tools)

Communication data: messages you send us via our contact form, email, or phone

Service data: information needed to deliver IT support, such as system configurations, network details, or account credentials (shared securely under a service agreement)

Billing data: invoicing and payment information (we do not store full payment card details)

We do not knowingly collect personal data from individuals under the age of 18.

3. How We Use Your Information

We use your personal data for the following purposes:

-To respond to enquiries and provide you with information about our services

-To provide, manage, and improve the IT support and managed services we deliver to you

-To process bookings for free consultations and service agreements

-To send you relevant communications, including service updates and occasional marketing (where you have consented)

-To invoice you and manage payments for our services

-To comply with legal and regulatory obligations

-To analyse website usage and improve our online presence

-To maintain the security and integrity of our own systems and those of our clients

4. Legal Basis for Processing

Under UK GDPR, we process your personal data on the following legal grounds:

Contract: Processing is necessary to fulfil our service agreement with you or to take steps before entering into one

Legitimate interests: To operate and improve our business, respond to enquiries, and protect our systems, where these interests are not overridden by your rights

Legal obligation: Where processing is required to comply with applicable UK law

Consent: For marketing emails and non-essential cookies, where you have given explicit consent (which you may withdraw at any time)

5. Data Sharing & Third Parties

We do not sell your personal data. We may share it only in the following limited circumstances:

Technology partners & suppliers: We work with trusted vendors such as Microsoft, Sophos, Fortinet, Cisco Meraki, and cloud platform providers to deliver our services. These parties act as data processors under our instruction and are bound by appropriate data processing agreements

Business operations: We may use third-party software for accounting, CRM, or project management (e.g. hosted in the UK or EEA)

Legal requirements: We may disclose data to authorities or regulators where required by law

Business transfer: In the unlikely event of a business sale or merger, your data may transfer as part of that transaction, subject to the same protections

We do not transfer your personal data outside the UK or EEA without appropriate safeguards in place.

6. Data Retention

We retain personal data only as long as is necessary for the purposes set out in this policy, or as required by law. Our general retention periods are:

Client service data: Retained for the duration of the contract and up to 6 years after it ends (for legal and tax purposes)

Enquiry & contact data: Up to 4 years if no contract is formed

Website analytics data: Typically 26 months (in line with standard analytics tools)

Marketing consent records: Until consent is withdrawn plus a reasonable record-keeping period

When data is no longer required, it is securely deleted or anonymised.

7. Your Rights

Under UK GDPR, you have the following rights in relation to your personal data:

Right of access: Request a copy of the personal data we hold about you

Right to rectification: Ask us to correct inaccurate or incomplete data

Right to erasure: Request deletion of your data where there is no overriding legal reason to retain it

Right to restrict processing: Ask us to pause processing of your data in certain circumstances

Right to data portability: Receive your data in a structured, commonly used format

Right to object: Object to processing based on legitimate interests or for direct marketing purposes

Right to withdraw consent: Where processing is based on consent, you may withdraw it at any time without affecting prior processing

To exercise any of these rights, please contact us at the details in Section 12. We will respond within 30 days. You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO) at ico.org.uk.

8. Cookies

Our website uses cookies to improve your browsing experience and help us understand how visitors use the site. We use the following types of cookies:

Essential cookies: Required for the website to function correctly

Analytics cookies: Help us understand visitor behaviour (e.g. Google Analytics). These are only set with your consent

Marketing cookies: Used to deliver relevant content and track enquiries. Set only with your consent

You can manage your cookie preferences via our cookie banner when you first visit the site, or through your browser settings. Withdrawing consent for non-essential cookies does not affect your ability to use the site.

9. Security

As an IT support and cybersecurity provider, we take data security very seriously. We apply appropriate technical and organisational measures to protect your personal data against unauthorised access, loss, or disclosure. These include:

-Encryption of data in transit and at rest

-Access controls and role-based permissions

-Regular security reviews and patching

-Staff awareness of data protection obligations

-Secure handling of any client credentials or system access information

In the event of a data breach that affects your rights and freedoms, we will notify you and the ICO as required by law.

10. Third-Party Links

Our website may contain links to third-party websites, including those of our technology partners (Microsoft, Sophos, Fortinet, etc.). This privacy policy applies only to our website and services. We are not responsible for the privacy practices or content of external websites and encourage you to review their own privacy policies.

11. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, services, or applicable law. The date at the top of this page indicates when the policy was last revised. Where changes are significant, we will take reasonable steps to notify you.

We encourage you to review this page periodically.

12. Contact Us

If you have any questions about this Privacy Policy, wish to exercise your data rights, or want to raise a concern, please get in touch:

Small Business IT Support London Ltd

4 Montpelier Street, London SW7 1EE

Tel: 0203 393 9714

Web: small-business-itsupport-london.co.uk

Contact: small-business-itsupport-london.co.uk/contact-us/

If you are not satisfied with our response, you have the right to complain to the Information Commissioner’s Office (ICO):

ico.org.uk/make-a-complaint

Helpline: 0303 123 1113