Privacy Policy

Privacy Policy
Last updated: 12 February 2026
This Privacy Policy explains how we collect, use, disclose and safeguard personal information when you visit our website (the “Site”) or contact us. It is intended to help you understand your rights and our obligations under applicable data protection laws, including the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

Quick summary: We only collect what we need, keep it secure, don’t keep it longer than necessary, and you can exercise your privacy rights at any time.

 

1) Who we are (Data Controller)
Controller name: [Your organisation name]
Trading name (if any): [e.g., “Techhaven Club” or “PC Paramedics”]
Registered office / postal address: [Address]
Company number (if applicable): [Company number]
Contact for privacy matters: [Name / Role]
Email: [privacy@yourdomain.co.uk]
Telephone: [01234 567890]
Data Protection Officer (if appointed): [Name/Email]

2) What personal data we collect
We collect and process the following categories of personal data:

Identification and contact data – name, email address, phone number, postal address.
Technical and usage data – IP address, device type, browser type and version, pages viewed, time and date of visits, referral source, and similar diagnostic data (collected via cookies or similar technologies).
Communication data – messages you send through contact forms, email, chat, or when you call us.
Account data (if you create an account/portal) – username, password, preferences.
Marketing preferences – your opt‑in/opt‑out choices and communication settings.
Payment data (if applicable) – limited billing details. We use third‑party payment processors, so card details are processed by them and not stored on our systems.
We do not intentionally collect special category data (e.g., health, ethnicity) through the Site. Please avoid submitting such information unless we specifically request it and provide a lawful basis.

3) How we collect your data

Direct interactions – when you submit forms, send emails, call us, create an account, or subscribe to updates.
Automated technologies – via cookies, pixels, and similar tools that record Site usage.
Third parties – analytics providers (e.g., Google Analytics), payment processors, and referral partners, where lawful.

4) Why we use your data (purposes) & legal bases
We only process personal data when we have a lawful basis to do so. Depending on the context, that may be:

Contract – to provide information, products or services you request; to manage payments and fulfil orders; to provide customer support.
Legitimate interests – to operate and improve the Site, keep it secure, prevent fraud, understand usage, and communicate with you about relevant updates (where not requiring consent). We balance these interests against your rights and freedoms.
Consent – for certain cookies/analytics/marketing communications. You can withdraw consent at any time (see Your rights and Cookies below).
Legal obligation – to keep necessary records and comply with applicable laws.

5) Cookies and similar technologies
We use cookies and similar technologies to make the Site work, measure performance and improve user experience. You can manage your preferences via our Cookie Banner/Settings and through your browser.
Categories we use:

Strictly necessary – essential for core functionality (cannot be switched off).
Performance/analytics – help us understand how visitors use the Site.
Functionality – remember choices to personalise content.
Advertising (if used) – deliver and measure ads.
See our separate Cookie Policy for details of specific cookies, lifespans and providers. If you block cookies, parts of the Site may not function properly.

6) Sharing your data
We may share personal data with:

Service providers / processors – e.g., hosting, IT support, analytics, email service, CRM, payment processing. They are bound by contracts to protect your data and only act on our instructions.
Professional advisers – lawyers, accountants, insurers (where necessary).
Authorities – where required by law or to protect rights, safety, and security.
Business transfers – in connection with a merger, acquisition, or sale of assets, where permitted by law.
We do not sell your personal data.

7) International transfers
Some providers may process data outside the UK. Where this occurs, we ensure appropriate safeguards are in place, such as UK adequacy regulations, International Data Transfer Agreements (IDTAs), or standard contractual clauses, along with supplementary measures where needed.

8) Data retention
We only keep personal data for as long as necessary to fulfil the purposes described in this Policy and to comply with legal, accounting, or reporting requirements. Typical retention periods are:

Enquiries and routine correspondence: up to 24 months from last contact.
Customer records and contracts: 6 years after the end of the relationship.
Marketing preference records: retained while you remain subscribed or until you opt out.
Analytics data: as defined by our analytics provider settings (see Cookie Policy).
When retention periods expire, we securely delete or anonymise data.

9) Security
We implement technical and organisational measures appropriate to the risk, including access controls, encryption in transit, least‑privilege access, regular updates/patching, and staff awareness. No method of transmission or storage is completely secure; we cannot guarantee absolute security.

10) Your rights (UK residents)
Subject to conditions and exemptions, you may have the right to:

Access – request a copy of your personal data.
Rectification – correct inaccurate or incomplete data.
Erasure – request deletion of your data where there’s no good reason for us to keep it.
Restriction – limit how we process your data.
Portability – receive data you provided in a structured, commonly used, machine‑readable format and/or ask us to transmit it to another controller.
Object – to processing based on legitimate interests and to direct marketing.
Withdraw consent – where processing is based on consent.
To exercise these rights, contact us using the details above. We may need to verify your identity. We aim to respond within one month.
Complaints
If you have concerns, please contact us first. You also have the right to complain to the Information Commissioner’s Office (ICO) at ico.org.uk or by calling 0303 123 1113.

11) Children
Our Site is not intended for children under 13. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us so we can delete it.

12) Marketing communications
Where permitted by law, we may send you updates about news, services or events. You can opt out at any time by using the unsubscribe link in our emails or contacting us. We will honour your choice promptly.

13) Links to other websites
Our Site may contain links to third‑party websites. We are not responsible for their privacy practices. We encourage you to read the privacy notices of every website you visit.

14) Changes to this Policy
We may update this Policy from time to time. The “Last updated” date at the top tells you when it was last revised. Significant changes will be notified via the Site or by email where appropriate.

15) Contact us
If you have questions about this Policy or our data practices, please contact:
Email: [privacy@yourdomain.co.uk]
Postal: [Your organisation name], [Address]
Phone: [01234 567890]

Optional add‑ons (include if relevant)

User accounts / portals: describe additional data collected, verification steps, and retention.
Online bookings: name the booking provider and link to their privacy notice.
Live chat: provider name and data handling.
Payments: name the payment processor(s) and link to their privacy notices.
CCTV: if you operate cameras at premises mentioned on the Site, add a CCTV section.
Recruitment: if you process candidate data via the Site, add a Recruitment Privacy Notice or link to it.