Privacy Policy
1. Who we are
Adigiit Ltd is a software development company registered in England and Wales. We are the data controller for personal data collected through our website (adigiit.com) and in the course of providing our services.
Our registered address and contact details are provided in Section 12 of this policy. We are not currently required to appoint a Data Protection Officer, but your privacy questions will always be handled by a responsible person within our leadership team.
2. Data we collect
2.1 Information you give us directly
When you contact us via our website, email, or phone, we may collect:
- Your name and job title
- Your company or organisation name
- Your email address and phone number
- Information about your project, budget, and requirements
- Any other information you choose to provide in your message
2.2 Information collected automatically
When you visit our website, we may automatically collect certain technical information, including:
- Your IP address (anonymised where possible)
- Browser type and version
- Pages visited and time spent on each page
- Referring website or search query
- Device type and operating system
This information is collected only if you consent to analytics cookies. See Section 8 for more detail.
2.3 Information from third parties
We do not purchase or obtain personal data from third-party data brokers. We may receive your details if you are introduced to us by a mutual contact, in which case we will inform you of this at the first opportunity.
3. How we use your data
| Purpose | Data used | Legal basis |
|---|---|---|
| Responding to your enquiry | Name, email, message content | Legitimate interest / Contract |
| Providing our services under a contract | Contact details, project information | Contract performance |
| Sending project-related communications | Name, email | Contract performance |
| Sending marketing communications (if opted in) | Name, email | Consent |
| Improving our website and services | Anonymised analytics data | Legitimate interest |
| Legal compliance and dispute resolution | All relevant data | Legal obligation |
We will never use your data for automated decision-making or profiling that has a significant legal or similarly significant effect on you.
4. Legal basis for processing
Under UK GDPR, we must have a lawful basis to process your personal data. We rely on the following:
- Contract performance — processing necessary to deliver a service you've engaged us for, or to take pre-contractual steps at your request.
- Legitimate interests — where processing is necessary for our legitimate business interests (such as responding to enquiries or improving our website), and those interests are not overridden by your rights and interests.
- Consent — where you have explicitly agreed to a specific use, such as receiving marketing communications or accepting analytics cookies. You may withdraw consent at any time.
- Legal obligation — where processing is required to comply with UK law, including tax, accounting, and fraud prevention requirements.
5. Sharing your data
We do not sell, rent, or trade your personal data. We may share your data with the following categories of third party, strictly as necessary:
- Project delivery team members — where relevant to providing the service you've engaged us for, members of our team (including our globally distributed engineering team) may have access to your contact details and project information. All team members are subject to confidentiality obligations.
- IT and software service providers — including our email platform, CRM, and website hosting providers. These are engaged as data processors and are subject to appropriate data processing agreements.
- Professional advisers — including lawyers and accountants, where necessary for legal and financial compliance.
- Law enforcement and regulatory bodies — where required by law or to protect the rights and safety of others.
We require all third parties to maintain appropriate technical and organisational security measures and to process your data only in accordance with our instructions.
6. Retention periods
We retain personal data only for as long as necessary for the purpose for which it was collected, or as required by law.
| Data type | Retention period |
|---|---|
| Enquiry / contact form submissions (where no contract results) | 12 months from last contact |
| Client contact information (active engagement) | Duration of engagement + 6 years |
| Financial records and invoices | 7 years (legal requirement) |
| Website analytics data | 13 months (anonymised after 6 months) |
| Marketing email list (opt-in) | Until you unsubscribe, then 30 days |
When data is no longer required, we securely delete or anonymise it.
7. Your rights
Under UK GDPR, you have the following rights regarding your personal data. You can exercise any of these rights by contacting us at privacy@adigiit.com. We will respond within one calendar month.
Right of access
You can request a copy of the personal data we hold about you (a Subject Access Request).
Right to rectification
You can ask us to correct inaccurate or incomplete personal data.
Right to erasure
You can ask us to delete your personal data, subject to certain legal exceptions.
Right to restrict processing
You can ask us to pause processing your data in certain circumstances.
Right to data portability
You can request your data in a structured, commonly used machine-readable format.
Right to object
You can object to processing based on legitimate interests, including direct marketing.
Right to withdraw consent
Where processing is based on consent, you can withdraw it at any time without affecting prior lawful processing.
Right to complain
You have the right to complain to the ICO (ico.org.uk) if you believe we have mishandled your data.
We will never charge a fee for exercising your rights in ordinary circumstances. If a request is manifestly unfounded or excessive, we may charge a reasonable fee or decline to act — and will tell you why.
8. Cookies
Cookies are small text files stored on your device when you visit our website. We use the following categories of cookie:
| Category | Purpose | Consent required? |
|---|---|---|
| Strictly necessary | Essential for the website to function (e.g. remembering your cookie preference). Cannot be disabled. | No |
| Analytics | Help us understand how visitors use our website (e.g. pages visited, session duration). Data is anonymised where possible. | Yes |
| Marketing | Track visits across websites to show relevant advertising. We do not currently use marketing cookies. | Yes (N/A currently) |
You can manage your cookie preferences at any time by clicking the "Cookie settings" link in the footer, or by adjusting your browser settings. Withdrawing consent for analytics cookies will not affect your use of the website.
For more information on cookies, visit ico.org.uk.
9. International data transfers
As a UK-managed business with a globally distributed engineering team, some of your personal data may be accessed by team members located outside the UK and EEA in the course of delivering our services — specifically, project-related communications and documentation shared with engineers.
Where this occurs, we ensure that appropriate safeguards are in place in accordance with UK GDPR Article 46, including:
- Binding contractual obligations on all team members and subprocessors regarding data handling and confidentiality
- Limiting access to personal data to only what is strictly necessary for the delivery of services
- Using encrypted communication and storage tools
We do not transfer data to countries without an adequate level of protection without implementing appropriate safeguards. If you have questions about international transfers, please contact us.
10. Security
We take the security of your personal data seriously and implement appropriate technical and organisational measures to protect it against unauthorised access, loss, destruction, or alteration. These include:
- Encryption of data in transit (TLS/HTTPS) and at rest where appropriate
- Access controls limiting data access to those who need it to perform their role
- Regular review of our security practices and third-party service providers
- Staff awareness of data protection obligations
No method of transmission over the internet is 100% secure. If you believe your personal data has been compromised, please notify us immediately at privacy@adigiit.com.
In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the ICO within 72 hours and, where required, notify affected individuals without undue delay.
11. Changes to this policy
We may update this Privacy Policy from time to time to reflect changes in our practices, services, or legal requirements. The "Last updated" date at the top of this policy will always reflect the most recent revision.
For material changes that affect how we process your personal data, we will notify you by email (if we hold your contact details) or by posting a prominent notice on our website.
We encourage you to review this policy periodically. Continued use of our website or services after a change constitutes your acknowledgement of the updated policy.
12. Contact us
If you have any questions about this Privacy Policy, wish to exercise your data rights, or want to raise a concern about how we handle your personal data, please contact us:
Adigiit Ltd — Privacy team
Email: privacy@adigiit.com
Postal address: Adigiit Ltd, 1 Tower Business Park, Wilmslow Road, Manchester, England, United Kingdom
We aim to respond to all privacy-related enquiries within 5 working days and all Subject Access Requests within one calendar month.
If you are not satisfied with our response, you have the right to complain to the Information Commissioner's Office (ICO) at ico.org.uk or by calling 0303 123 1113.