Legal · Last updated 27 April 2026
Privacy notice
We're a small business. We hold your data carefully, only use it for what we said we'd use it for, and we'll tell you straight if anything ever goes wrong.
Who we are
Inology IT Ltd is the data controller for personal data collected through this website and provided to us as part of our managed-IT and cyber-security services.
- Legal name: Inology IT Ltd
- Company number: 11676549 (England & Wales)
- Registered office: 90-92 High Street West, Glossop, SK13 8BB
- Trading address (where we actually work from): Office 11, The Forum, 2 Tameside Business Park, Windmill Lane, Denton, Manchester, M34 3QS
- ICO registration: we are registered with the Information Commissioner's Office as a data controller. Email us if you need our reference number.
We don't have a formal Data Protection Officer — we're not big enough to require one under UK GDPR. Brett Casterton (director) is the person responsible for data-protection decisions. You can reach him on the email below.
What data we collect
We try to collect as little as we sensibly can. Concretely:
From the website
- Contact-form submissions — your name, email, phone (if you provide one), company, and what you wrote in the message field. Stored in our email system.
- Server access logs — IP address, browser type, page requested, timestamp. Kept short-term to investigate problems and abuse.
- No third-party analytics or tracking pixels at the time of writing. If we add any (e.g. Plausible, Google Analytics 4) we'll update this page first and add a cookie banner.
From our managed-services relationship
- Contact details for users we support — name, work email, work phone, role.
- Device and account telemetry — device names, OS versions, security posture, sign-in events. This is how we keep you secure and patched.
- Support ticket content — what you sent us, what we did, screenshots if you attached them.
- Billing and contract data — company name, billing address, purchase order references, invoices.
What we don't collect
We don't read your email. We don't routinely look at the contents of files in your tenancy. We have administrative access where needed to do our job (a tier of admin roles in your Microsoft 365 tenant), and that access is logged on Microsoft's side as well as ours.
Why we use it (lawful basis)
UK GDPR requires us to tell you what lawful basis we rely on for each use. Here's our honest mapping:
- To respond to enquiries from the website contact form — legitimate interests (you wrote to us, you want a reply).
- To deliver the service we agreed — contract (it's in the Master Services Agreement we signed with your business).
- To keep your systems secure and patched — contract + legitimate interests (we have a duty to keep your environment safe).
- To bill you and meet our accounting obligations — legal obligation (HMRC, Companies Act).
- To send service notices (renewals, change windows, security alerts) — contract.
- To send the occasional newsletter — legitimate interests if you're already a client; consent if you're not. Either way you can unsubscribe in one click.
We don't sell or rent your data to anyone. Ever.
How long we keep it
- Website enquiries you didn't take further — 12 months, then deleted.
- Active client data — for the life of the contract.
- After a contract ends — 6 years for billing and tax records (HMRC requirement); user account data deleted within 90 days unless you ask us to keep it for longer for handover.
- Support ticket history — 3 years, then archived to a separate cold store; deleted at 7 years.
- Server access logs — 90 days.
International transfers
Most of your data stays in the UK or EU. Some of our sub-processors (notably Microsoft) operate globally — where data leaves the UK we rely on the UK Addendum to the EU Standard Contractual Clauses, plus the underlying provider's adequacy or transfer-impact assessment.
If you need a specific transfer mapping for a tender or audit, ask us — we'll write you a one-pager.
Your rights
Under UK GDPR you have the right to:
- Be told what personal data we hold about you (a Subject Access Request).
- Have inaccurate data corrected.
- Have your data deleted in certain circumstances (the ‘right to be forgotten’).
- Restrict or object to certain processing.
- Have your data ported to another provider in a portable format.
- Withdraw consent at any time, where we relied on consent.
- Not be subject to a decision based solely on automated processing — we don't do automated decision-making about people anyway.
To exercise any of these, email Contact us with the subject line ‘Data rights request’. We'll respond within one calendar month, usually a lot sooner. We don't charge a fee unless your request is manifestly excessive.
Cookies
This website currently sets no third-party cookies. We may set a small first-party cookie if you submit a form (to prevent double submission). See our cookie policy for the full picture.
Complaints
If you think we've mishandled your data, please tell us first — we'll investigate properly and get back to you. Email Contact us.
If you're not satisfied with our response, you have the right to complain to the Information Commissioner's Office:
- Web: ico.org.uk/concerns
- Phone: 0303 123 1113
- Post: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, SK9 5AF
Changes to this notice
We'll update this page when we change something material. The ‘last updated’ date at the top will tell you when. For substantial changes (new sub-processor, new processing purpose), we'll email clients directly.
How to contact us
- Email: Contact us
- Phone: 0161 503 3535
- Post: Office 11, The Forum, 2 Tameside Business Park, Windmill Lane, Denton, Manchester, M34 3QS