Privacy Policy

Last Updated: January 2024

This Privacy Policy explains how ByteWorks UK Ltd collects, uses, stores, and protects personal data. ByteWorks UK Ltd is committed to complying with the Data Protection Act 2018 and UK GDPR regulations regarding personal data handling. This policy applies to all personal data collected through this website, during service provision, and through other business communications.

1. Data Controller Information

ByteWorks UK Ltd is the data controller responsible for personal data processing under UK GDPR. Our contact details are:

ByteWorks UK Ltd
The Tea Factory
17 Lower Regent Street
Leeds
LS1 5DL
United Kingdom

Email:

The Tea Factory
17 Lower Regent Street
Leeds
LS1 5DL
United Kingdom

Email:
Telephone: Contact Information: Name, email address, telephone number, and company name submitted through contact forms or enquiries

Technical Data: IP address, browser type, operating system, referring website, pages visited, and time spent on website (collected through website analytics)

Cookie Data: Information stored in cookies including user preferences, session information, and analytics identifiers

Service Provision Data

Client Information: Full name, job title, company details, telephone numbers, email addresses, and billing information for clients engaging our services
Service Delivery Data: Records of services provided, support tickets, technical issues, system configurations, and communications related to service delivery
Business Systems Data: Information accessed during provision of managed IT support including user account names, system configurations, network information, and technical data (limited to information necessary for service provision)
Payment Information: Billing details, payment method information, and transaction records

Employee and Contact Information

Staff Information: Names, job titles, contact information, qualifications, and employment records for employees and contractors
Third-Party Contact Information: Names and contact details of third-party personnel (accountants, legal advisors, contractors) with whom ByteWorks UK conducts business

3. Legal Basis for Data Processing

ByteWorks UK Ltd processes personal data according to the following lawful bases under Article 6 of UK GDPR:

Consent (Article 6(1)(a))

We process personal data based on explicit consent where individuals have chosen to provide information through contact forms or service enquiries. Individuals may withdraw consent at any time by contacting us at .

Contract Performance (Article 6(1)(b))

We process client personal data to perform service contracts including delivery of IT services, support, and billing. Processing is necessary to execute agreed services.

Legal Obligation (Article 6(1)(c))

We process personal data to comply with legal and regulatory obligations including tax legislation, employment law, and data protection regulations.

Legitimate Interests (Article 6(1)(f))

We process certain personal data for legitimate business purposes including business communications, service improvement, marketing communications (where appropriate), and fraud prevention. We balance business interests against individual privacy rights and only process data where legitimate interests outweigh privacy concerns.

4. Purpose of Data Processing

ByteWorks UK Ltd processes personal data for the following purposes:

Service Delivery

Providing contracted IT services and technical support
Responding to service requests and support inquiries
System monitoring, maintenance, and infrastructure management
Billing and payment processing
Service quality monitoring and improvement

Communication

Responding to enquiries and contact form submissions
Providing service updates and notifications
Technical support communications
Account management communications

Business Operations

Compliance with legal obligations and regulatory requirements
Verification of business identity and accountability
Financial management, invoicing, and payment processing
Employment administration and staff management
Dispute resolution and legal proceedings

Service Improvement

Analysing website usage and service delivery patterns
Identifying service improvement opportunities
Conducting service satisfaction surveys and feedback
Security incident investigation and prevention

5. Data Retention and Storage

ByteWorks UK Ltd retains personal data only for as long as necessary to fulfil the purposes for which it was collected or as required by law.

Retention Periods

Data Category	Retention Period	Justification
Website Contact Enquiries	12 months	Service response and follow-up purposes
Website Analytics Data	24 months	Service improvement and usage analysis
Service Client Data	6 years after service termination	Legal and tax compliance requirements
Support Ticket Records	3 years after resolution	Service history and dispute resolution
Payment and Billing Records	6 years	Tax legislation and audit requirements
Employment Records	6 years after employment termination	Legal and employment law compliance
Security Incident Records	3 years	Security monitoring and breach investigation

After retention periods expire, personal data is securely deleted or anonymised to prevent identification. Data may be retained longer where required by law or for legitimate legal purposes.

Data Storage and Security

Personal data is stored securely using encryption, access controls, and secure infrastructure. Data is stored on servers located in the United Kingdom and European Union with appropriate security certifications. Access to personal data is restricted to authorised personnel with defined roles and responsibilities. Unauthorised access is prevented through authentication controls, encryption, and regular security monitoring.

6. Data Sharing and Third Parties

ByteWorks UK Ltd does not share personal data with third parties for marketing or commercial purposes without explicit consent. Personal data is shared only where necessary for service delivery or compliance with legal obligations.

Third-Party Service Providers

We engage third-party service providers who process personal data on our behalf including:

Cloud Infrastructure Providers: Amazon Web Services, Microsoft Azure for data storage and backup
Helpdesk and CRM Systems: Third-party platforms for service delivery and support management
Email and Communications: Email service providers and communication platforms
Accounting and Finance: Accounting software and financial services providers
Legal and Compliance: Solicitors and compliance advisors for legal and regulatory matters

All third-party processors are required to maintain appropriate data protection standards through Data Processing Agreements specifying security requirements, permitted uses, and confidentiality obligations. We do not permit third parties to use personal data for their own purposes or share data with further third parties without explicit authorisation.

Legal Obligations and Authorities

We may disclose personal data where required by law or court order including disclosure to:

Tax authorities regarding tax compliance
Law enforcement and regulatory authorities investigating crimes or violations
Courts and legal proceedings where data disclosure is ordered
Data protection authorities investigating compliance matters

International Data Transfers

Personal data is primarily stored within the United Kingdom and European Union. Where data is transferred outside UK/EU jurisdiction, transfers occur only to countries with UK GDPR adequacy decisions or with appropriate safeguards including Standard Contractual Clauses.

7. Data Subject Rights Under UK GDPR

Individuals have the following rights regarding their personal data under UK GDPR:

Right of Access (Article 15)

Individuals may request access to their personal data held by ByteWorks UK Ltd including details of processing purposes, storage duration, and recipient organisations. We provide information free of charge in response to access requests within 30 days of receipt.

Right to Rectification (Article 16)

Individuals may request correction of inaccurate personal data. Where data is incomplete, individuals may request addition of supplementary information to ensure accuracy and completeness.

Right to Erasure (Article 17)

Individuals may request deletion of personal data where processing is no longer necessary, consent is withdrawn, or data is unlawfully processed. Erasure requests are subject to legal retention obligations and legitimate business interests.

Right to Restrict Processing (Article 18)

Individuals may request restriction of data processing during data accuracy disputes, investigations of processing legality, or where processing is no longer necessary but data is required for legal claims.

Right to Data Portability (Article 20)

Individuals may request a copy of their personal data in structured, machine-readable format and transfer to another controller. This right applies where processing is based on consent or contract and is technically feasible.

Right to Object (Article 21)

Individuals may object to processing based on legitimate interests including marketing communications. Following objection, we cease processing unless we demonstrate compelling legal grounds for continued processing.

Rights Related to Automated Decision-Making (Article 22)

ByteWorks UK Ltd does not use automated decision-making systems for decisions with significant effects on individuals. All significant business decisions involving personal data are made by humans with appropriate oversight.

Exercising Rights

Data subject rights are exercised by contacting us at with the subject line "Data Subject Rights Request". Requests must include sufficient information to identify the individual and specify which right is being exercised. We verify requestor identity before providing information and respond within 30 days of receipt. No fees apply except where requests are manifestly unfounded or excessive.

8. Cookies and Tracking Technologies

ByteWorks UK Ltd uses cookies and similar tracking technologies on this website to improve user experience and analyse website usage. Users can control cookie settings through browser preferences. See our Cookie Policy for detailed information.

9. Children's Privacy

ByteWorks UK Ltd does not intentionally collect personal data from individuals under 18 years of age. Parents or guardians who believe their child's data has been collected are requested to contact us immediately at . We will take appropriate steps to delete such data.

10. Changes to This Privacy Policy

ByteWorks UK Ltd may update this Privacy Policy to reflect regulatory changes, business developments, or improved data protection practices. The updated policy will be published on this website with the updated date. Significant changes will be communicated to affected individuals via email or website notification.

11. Data Protection Impact Assessments

For high-risk data processing activities, ByteWorks UK Ltd conducts Data Protection Impact Assessments identifying privacy risks and mitigation measures. Impact assessments are documented and available on request to data subjects or regulatory authorities.

12. Data Breach Notification

In the event of a personal data breach, ByteWorks UK Ltd will:

Investigate the breach promptly to determine scope and impact
Notify affected individuals and regulatory authorities where required under UK GDPR Article 33 (within 72 hours for authority notification)
Provide clear information regarding breach nature, data affected, and recommended protective actions
Implement remedial measures to prevent future incidents
Maintain detailed breach records for regulatory review

13. Contact Information for Privacy Enquiries

For questions regarding this Privacy Policy, data protection practices, or to exercise data subject rights, please contact:

Data Protection Enquiries

The Tea Factory
17 Lower Regent Street
Leeds
LS1 5DL
United Kingdom

Email:
Telephone:

Supervisory Authority

Individuals have the right to lodge complaints with the Information Commissioner's Office (ICO), the independent UK data protection authority:

Information Commissioner's Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
United Kingdom

Website: www.ico.org.uk
Email: casework@ico.org.uk
Telephone: 0303 123 1113

                Privacy Policy Acknowledgement

                By using this website or engaging ByteWorks UK Ltd services, you acknowledge that you have read and understood this Privacy Policy. Continued use of the website or services constitutes acceptance of data processing practices described herein.