Privacy Policy - GDPR Compliant Data Protection for Flitzen Technologies UK Limited

We collect information you provide directly to us, such as when you contact us, request a quote, subscribe to our newsletter, or use our services. This may include your name, email address, phone number, company name, job title, project details, budget information, and any other information you choose to share with us.

We use your information for the following purposes: to respond to enquiries and provide quotations, deliver our IT consultancy and development services, process payments and manage contracts, send relevant business communications and updates, improve our website and services through analytics, comply with legal and regulatory obligations, protect our legal rights and prevent fraud, and for marketing purposes (where you have consented). We retain your data only for as long as necessary to fulfil these purposes or as required by UK law.

Under UK GDPR and the Data Protection Act 2018, you have the following rights: the right to be informed (this policy), the right of access to your personal data, the right to rectification of inaccurate data, the right to erasure ("right to be forgotten") where applicable, the right to restrict processing, the right to data portability, the right to object to processing, and rights related to automated decision-making. To exercise any of these rights, please contact us at [email protected] with your request. We will respond within one month. You may also lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk or by calling 0303 123 1113 if you believe we have not handled your data properly.

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction, in accordance with UK GDPR Article 32. This includes SSL/TLS encryption for data in transit, encryption at rest for sensitive data, access controls and authentication mechanisms, regular security audits and vulnerability assessments, secure hosting with UK/EU-based providers, staff training on data protection, and incident response procedures. In the event of a data breach that poses a risk to your rights and freedoms, we will notify the ICO within 72 hours and inform affected individuals without undue delay. We do not sell your personal information to third parties.

We may disclose your information to trusted third parties who assist us in operating our business, including cloud hosting providers (such as AWS, Google Cloud, or Microsoft Azure), payment processors (such as Stripe or PayPal), email service providers, analytics services (such as Google Analytics), CRM systems, legal and accounting advisers, and other service providers necessary for our operations. All third parties are bound by strict confidentiality obligations and data processing agreements compliant with UK GDPR. We may also disclose data where required by law, court order, or regulatory authority, or to protect our legal rights, property, or safety, or that of our clients or others.

Data may be processed within the UK and the European Economic Area (EEA). Where we transfer data outside these regions (for example, to service providers in the United States), we ensure appropriate safeguards are in place, such as Standard Contractual Clauses (SCCs) approved by the European Commission, or adequacy decisions. We do not transfer personal data to countries without adequate data protection laws unless appropriate safeguards are implemented. This policy may be updated from time to time to reflect changes in our practices or legal requirements; the revised version will be posted on this page with an updated date. We encourage you to review this policy periodically. For any questions about this Privacy Policy or to exercise your data protection rights, contact us at [email protected] or write to us at Suite 1, Cochrane House, Admirals Way, Canary Wharf, London, E14 9UD, United Kingdom. Our Data Protection Officer can be reached at the same contact details.