1. Introduction
Zafrax Limited ("we", "our", "us") is committed to protecting and respecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website, use our services, or otherwise engage with us.
We are registered as a data controller with the Information Commissioner's Office (ICO). Our company details are:
- Company Name: Zafrax Limited
- Company Number: 08742591
- Registered Address: The Hive, Lever Street, Manchester, M1 1FN
- Email: privacy@zafrax.co.uk
2. Information We Collect
2.1 Information You Provide
We collect information you voluntarily provide when you:
- Complete forms on our website (contact forms, quote requests, support tickets)
- Subscribe to our newsletter
- Enter into a service agreement with us
- Communicate with us via email, phone, or other channels
- Provide feedback or participate in surveys
This information may include:
- Name and job title
- Company name and address
- Email address and telephone number
- Payment and billing information
- Technical information about your IT systems (when providing support)
2.2 Information Collected Automatically
When you visit our website, we automatically collect certain information, including:
- IP address
- Browser type and version
- Operating system
- Referring website
- Pages viewed and time spent on pages
- Date and time of visits
2.3 Cookies and Tracking Technologies
We use cookies and similar technologies to enhance your experience on our website. For detailed information, please see our Cookie Policy.
3. How We Use Your Information
We use the information we collect for the following purposes:
3.1 Service Delivery
- To provide IT support and managed services
- To deliver software development projects
- To conduct IT consultancy and assessments
- To respond to your enquiries and support requests
3.2 Business Operations
- To process payments and manage accounts
- To send service communications (invoices, updates, service changes)
- To maintain accurate records
- To comply with legal and regulatory requirements
3.3 Marketing (with consent)
- To send newsletters and IT tips
- To inform you of new services or promotions
- To invite you to events or webinars
3.4 Website Improvement
- To analyse website usage and improve user experience
- To diagnose technical issues
- To ensure website security
4. Legal Basis for Processing
Under the UK GDPR, we process your personal data based on the following legal grounds:
- Contract: Processing necessary to perform a contract with you or take pre-contractual steps at your request
- Legitimate Interests: Processing necessary for our legitimate business interests, such as improving our services and marketing to existing clients
- Consent: Where you have given explicit consent, such as for marketing communications
- Legal Obligation: Processing necessary to comply with legal requirements
5. Data Sharing and Disclosure
We may share your information with:
- Service Providers: Third parties who assist us in providing services (cloud providers, payment processors, IT tools)
- Professional Advisors: Accountants, lawyers, and insurers as needed
- Business Transfers: In connection with any merger, sale, or acquisition
- Legal Requirements: When required by law, court order, or regulatory authority
We do not sell your personal data to third parties. All third-party processors are contractually obligated to protect your data and use it only for specified purposes.
6. International Transfers
Your information may be transferred to and processed in countries outside the UK. When this occurs, we ensure appropriate safeguards are in place, such as:
- Standard Contractual Clauses approved by the UK Information Commissioner
- Transfers to countries with an adequacy decision
- Other legally recognised transfer mechanisms
7. Data Retention
We retain personal data only for as long as necessary to fulfil the purposes for which it was collected:
- Client Data: Duration of the business relationship plus 7 years for legal and accounting purposes
- Marketing Data: Until you unsubscribe or request deletion
- Website Analytics: Up to 26 months
- Support Tickets: 3 years from resolution for quality and continuity purposes
8. Your Rights
Under the UK GDPR, you have the following rights:
- Right of Access: Request a copy of the personal data we hold about you
- Right to Rectification: Request correction of inaccurate data
- Right to Erasure: Request deletion of your data in certain circumstances
- Right to Restrict Processing: Request limitation of how we use your data
- Right to Data Portability: Request your data in a structured, machine-readable format
- Right to Object: Object to processing based on legitimate interests or for marketing
- Right to Withdraw Consent: Withdraw consent at any time where processing is based on consent
To exercise these rights, contact us at privacy@zafrax.co.uk. We will respond within one month.
9. Data Security
We implement appropriate technical and organisational measures to protect your personal data, including:
- Encryption of data in transit and at rest
- Access controls and authentication
- Regular security assessments
- Staff training on data protection
- Incident response procedures
10. Children's Privacy
Our services are not directed at individuals under 18 years of age. We do not knowingly collect personal data from children. If you believe we have collected data from a child, please contact us immediately.
11. Changes to This Policy
We may update this Privacy Policy periodically. Changes will be posted on this page with an updated "Last Updated" date. We encourage you to review this policy regularly.
12. Contact Us
If you have questions about this Privacy Policy or our data practices, contact us:
- Email: privacy@zafrax.co.uk
- Post: Data Protection Officer, Zafrax Limited, The Hive, Lever Street, Manchester, M1 1FN
- Phone: 0161 504 7890
13. Complaints
If you are not satisfied with how we handle your personal data, you have the right to lodge a complaint with the Information Commissioner's Office (ICO):