Zenith IT

Legal

Privacy Policy

Effective date: 29 April 2026 — Zenith IT Limited

This Privacy Policy explains how Zenith IT Limited (“we”, “us”, “our”) collects, uses, stores, and protects your personal data when you visit this website, use our client portal, or enquire about our consulting services. We are committed to handling your data responsibly and in line with UK GDPR and the Data Protection Act 2018.

For the client portal, this includes account registration, login, profile updates, and account administration for authorised users.

1. Who We Are

Zenith IT Limited is a UK-based business and technology consultancy. We are the data controller for personal data collected via this website.

2. What Personal Data We Collect

We may collect the following types of personal data:

  • Identity data — your name and job title, when provided via our contact form or enquiry process.
  • Contact data — your email address, phone number, and company name.
  • Portal account data — your login email, full name, company name, role, account status, and profile details you provide when registering for or updating your portal account.
  • Portal security data — login attempts, password reset events, session identifiers, and related access logs.
  • Message content — the contents of any messages or enquiries you send us.
  • Technical data — your IP address, browser type, device type, and pages visited, where analytics cookies are enabled.
  • Newsletter data — your email address if you subscribe to our newsletter.
  • Correspondence data — records of emails, calls, or messages between you and Zenith IT.

We do not collect sensitive personal data (such as health, financial, or biometric data) through this website.

3. How We Collect Your Data

  • Directly from you — when you fill in our contact, newsletter, or portal forms, create or update a portal account, sign in, email us, or call us.
  • Automatically — when you browse this website or use the client portal and analytics cookies are active (with your consent).

4. How We Use Your Personal Data

We only use your personal data for the purposes it was collected or for compatible reasons. Specifically:

  • To respond to your enquiry and provide information about our services.
  • To deliver, manage, and improve consultancy services if you become a client.
  • To create, authenticate, maintain, and secure client portal accounts.
  • To administer portal access, profile updates, and support requests.
  • To send you our newsletter if you have subscribed (with your consent).
  • To analyse website usage and improve our online content (analytics cookies, with consent).
  • To manage contracts, invoices, and business relationships.
  • To monitor login activity, detect abuse, and protect the website and portal from unauthorised access.
  • To comply with legal, regulatory, and accounting obligations.

5. Legal Basis for Processing

We process your personal data under the following legal bases as applicable:

  • Consent — for newsletter subscriptions and analytics cookies.
  • Contract — where processing is necessary to perform a contract with you or provide portal access and service delivery.
  • Legitimate interests — for responding to business enquiries, improving our services, portal security, fraud prevention, and website security.
  • Legal obligation — where we are required to process data to comply with law.

6. Data Sharing

We do not sell, rent, or trade your personal data. We may share data in limited circumstances:

  • Service providers — trusted third parties that help us operate the website or deliver services (e.g. hosting providers, email platforms). These processors are contractually bound to protect your data.
  • Portal infrastructure providers — hosting, authentication, and database services used to run the client portal.
  • Professional advisers — lawyers, accountants, and insurers, where necessary.
  • Authorities — where we are required to do so by law or regulatory obligation.

7. Data Retention

We retain personal data only as long as necessary for the purpose it was collected, including any applicable legal, accounting, or reporting requirements. When data is no longer needed, it is securely deleted or anonymised.

  • Enquiry data: up to 2 years, unless an engagement follows.
  • Client data: for the duration of the engagement and up to 7 years thereafter for legal and accounting purposes.
  • Portal account data: for as long as your account remains active and for a reasonable period afterwards to manage support, security, and legal obligations.
  • Portal login and access logs: retained for security and audit purposes for a limited period only.
  • Newsletter data: until you unsubscribe.
  • Analytics data: as governed by the applicable analytics tool's retention settings.

8. Your Rights

Under UK GDPR, you have the following rights regarding your personal data:

  • Access — request a copy of the personal data we hold about you.
  • Rectification — ask us to correct inaccurate or incomplete data.
  • Erasure — request deletion of your personal data in certain circumstances.
  • Restriction — ask us to limit how we use your data.
  • Portability — receive your data in a machine-readable format where applicable.
  • Object — object to processing based on legitimate interests.
  • Withdraw consent — withdraw consent at any time where processing is based on consent (this will not affect processing already carried out).

To exercise any of these rights, contact us at hello@zenith-it.co.uk. We will respond within one calendar month.

9. Security

We implement appropriate technical and organisational measures to protect your personal data from unauthorised access, loss, alteration, or disclosure. This includes using HTTPS, access controls, hashed passwords, secure session cookies, and regular reviews of our security practices.

10. International Transfers

Where any of our service providers transfer data outside the United Kingdom, we ensure appropriate safeguards are in place (such as standard contractual clauses or adequacy decisions) to protect your data in line with UK data protection law.

11. Cookies

This website and client portal use cookies and related session mechanisms. For full details of the cookies we use and how to manage your preferences, see our Cookie Policy.

12. Children

This website is not directed at children under 13. We do not knowingly collect personal data from children. If you believe we have inadvertently collected such data, please contact us and we will delete it promptly.

13. Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be published on this page with a revised effective date. We encourage you to check this page periodically.

14. How to Complain

If you are not satisfied with how we handle your data, you have the right to lodge a complaint with the UK Information Commissioner’s Office:

15. Contact

For any data protection enquiries, please contact us at hello@zenith-it.co.uk or via our contact page.