Privacy Policy

Last updated: 7 October 2025

Who we are (data controller)

IT Done Right is the data controller for the personal information collected via this website. To contact us about privacy, email [email protected] or use our contact page.

The information we collect

• Contact details — name, email, phone, and the message you send via our contact form.
• Booking details — name, email, phone, device, notes, preferred date/time (when you use “Book a Repair”).
• Technical data — IP address, pages viewed, browser/OS, and basic diagnostics for security and performance (via our hosting and any CDN).
• Cookies — essential cookies for site operation; optional analytics only if enabled (see Cookies section).

How we use your information (purposes & lawful bases)

• Replying to enquiries (contact form): Legitimate interests — to respond to messages you send.
• Managing bookings & providing repairs: Contract — to take steps at your request and deliver the service.
• Sending service updates (e.g., appointment confirmations): Contract/Legitimate interests.
• Website operation, security & performance: Legitimate interests — keep the site fast and secure.
• Legal obligations: where we must keep records for tax, accounting or consumer law.
• Marketing (if you opt in): Consent — you can withdraw at any time.

Sharing your information

We don’t sell your data. We may share it with trusted providers who help us run the business, for example:

• Website hosting / email (your web host’s mail/SMTP, server provider).
• Content delivery / security (e.g., a CDN like Cloudflare, if enabled).
• Analytics (only if you enable it — see Cookies).
• IT tools used to manage bookings and customer support.

These providers act as processors and only handle data under our instructions and contracts. We’ll disclose data if required by law.

International transfers

If any provider stores data outside the UK, we use appropriate safeguards such as the UK Addendum to the EU Standard Contractual Clauses or other recognised mechanisms.

How long we keep information (retention)

• Enquiries: up to 12 months from last contact, unless you request deletion sooner.
• Bookings & invoices: generally 6 years for accounting/legal record keeping.
• Technical logs: typically 30–180 days, unless needed for security investigations.

Your rights

Under UK GDPR you have rights to:

• Access a copy of your data, and request correction of inaccuracies.
• Request deletion, restriction, or to object to certain processing.
• Request data portability (where applicable).
• Withdraw consent where processing is based on consent.

To exercise these rights, email [email protected]. You also have the right to complain to the Information Commissioner’s Office (ICO).

Security

We take reasonable technical and organisational measures to protect personal data (HTTPS, access controls, updates, least-privilege access). No system is perfectly secure, but we work to reduce risks.

Cookies & similar technologies

We use essential cookies for core site features (e.g., session security on forms). Optional analytics (e.g., Google Analytics) will only run with your consent.

You can control cookies in your browser and change your consent at any time.

Children

Our services are aimed at adults and not intended for children under 13. We don’t knowingly collect children’s data.

Links to other sites

Our site may link to other websites. Their privacy practices are their own—please check their policies.

Changes to this policy

We may update this policy from time to time. We’ll post the new version here with the date above.