Privacy Policy

We may collect and process personal data when you contact us, request a quotation, use our services, visit our website or communicate with us.

• Contact and enquiry data: name, email address, telephone number, business name, job title, message content and project requirements.
• Client and project data: service requirements, project documentation, correspondence, billing details and service history.
• Technical and website usage data: IP address, browser type, device type, operating system, pages visited, date and time of visit, cookie preferences and analytics data where applicable.
• IT support and remote access data: device information, system information, network information, support tickets, remote access session information and data visible during support work where necessary and authorised.
• Supplier and business contact data: business contact details, role, payment details, correspondence and contract information.

We only process personal data where we have a lawful basis to do so. Depending on the circumstances, we may rely on contract, legitimate interests, legal obligation or consent.

• Responding to enquiries: legitimate interests or steps before entering into a contract.
• Providing quotations and proposals: contract and legitimate interests.
• Delivering services: contract and legitimate interests.
• Providing IT support or remote technical assistance: contract and legitimate interests.
• Invoicing, accounting and tax records: legal obligation and contract.
• Website operation and security: legitimate interests.
• Website analytics: consent or legitimate interests, depending on the technology used and applicable rules.
• Future marketing communications: consent or legitimate interests, depending on the communication and recipient type.
• Legal compliance and dispute management: legal obligation and legitimate interests.

Where we rely on legitimate interests, our interests include operating our business, responding to enquiries, delivering services, maintaining website and systems security, managing client relationships, improving our services and promoting relevant B2B services.

We carry out a legitimate interests assessment (LIA) to balance these interests against your rights. Where we rely on consent, you may withdraw it at any time. For further information, contact us at info@promediait.co.uk.

We keep personal data only for as long as necessary for the purposes described in this Privacy Policy.
We may retain information for longer where required for legal, regulatory, tax, accounting, security or dispute-resolution purposes.

• General enquiries: up to 24 months where the enquiry does not become a client relationship.
• Client and project records: up to 7 years after the end of the client relationship.
• Accounting, invoice and tax records: 6 years plus the current tax year, or longer if required by law.
• Marketing consent and opt-out records: for as long as needed to evidence preferences and respect opt-outs.
• Website analytics data: according to the analytics provider settings and cookie configuration.
• Website hosting logs and technical logs: for as long as needed for website operation, security, troubleshooting and legal or technical purposes.
• IT support logs and technical records: for as long as needed to provide support, manage security, evidence work performed and handle disputes.
• Supplier and contractor records: up to 7 years after the end of the relationship.
• Legal claims or dispute records: for as long as necessary to manage the claim or comply with legal obligations.

If we do not have a fixed retention period for a particular type of data, we decide how long to keep it based on the nature of the data, the purpose of processing, legal requirements, risk, contractual obligations, security needs and legitimate business requirements.

Our website hosting and related technical infrastructure may be supported by EUKHOST LTD / eUKhost. eUKhost may provide website hosting, server infrastructure, email hosting where used, backups, security tools, technical hosting support and related services.

Where eUKhost or another hosting provider processes personal data on our behalf, this may include website visitor data, IP addresses, server logs, contact form submissions, website files, database content, email data where email hosting is used, backup data and technical support information.

We also use the following third-party services which may process personal data on our behalf:

Google LLC (Google Analytics) – website analytics and visitor behaviour data. Analytics cookies are only activated after your consent via our cookie banner.

Contact form plugin (WPForms Lite) – processing of enquiry data submitted via our website contact form.

Where any of the above providers act as processors, we have in place appropriate data processing terms. Where they act as independent controllers, their own privacy policies apply.

International Transfers. Some of our service providers, or their group companies and sub-processors, may process personal data outside the United Kingdom. This may include providers of website analytics, hosting, email, security, cloud, support or business software services.

Where personal data is transferred outside the UK, we will take steps to ensure that an appropriate level of protection is in place in accordance with UK data protection law. This may include using UK adequacy regulations, the UK International Data Transfer Agreement, the UK Addendum to the EU Standard Contractual Clauses, the UK-US Data Bridge where applicable, or another lawful transfer mechanism.

For further information about international transfers relevant to your personal data, you can contact us at info@promediait.co.uk.

We take the security of personal data seriously and implement appropriate technical and organisational measures to protect it against unauthorised access, loss, alteration, disclosure or destruction.
These measures include:

Use of TLS/SSL encryption for data transmitted via this website
Access controls limiting who can access personal data within our organisation
Password policies and, where appropriate, multi-factor authentication
Secure backups of website and business data
Careful management of remote access sessions, including use of secure remote access tools
Vetting of third-party service providers before sharing personal data with them

In the event of a personal data breach, we will assess the risk and, where required by law, notify the Information Commissioner’s Office (ICO) within 72 hours of becoming aware of the breach. Where a breach is likely to result in a high risk to your rights and freedoms, we will also notify you directly without undue delay.
No system can be entirely secure. If you have concerns about the security of your data, please contact us at info@promediait.co.uk

Our commitment to safeguarding personal data extends to ensuring that our audience is appropriately informed about our data practices. If you believe that a child has provided us with personal information without appropriate consent, please contact us immediately. We are dedicated to maintaining a secure environment for all users and adhering to the highest standards of data protection.

We periodically review and update our Privacy Policy to reflect changes in our services, legal obligations, or industry practices. The most recent version will always be available on this page, ensuring transparency and keeping you informed about how we handle your personal data. We encourage you to check back regularly to stay updated on any modifications.