Privacy Policy

Last updated: April 2026 • Effective from: January 2027

1. Who We Are

Inclusive IT Solutions ("we", "us", "our") is a SaaS licensing aggregator and broker based at 1386 London Road, Leigh-on-Sea, Essex, SS9 2UJ, England. We are the data controller for personal data collected via this website (inclusiveitsolutions.co.uk).

We are registered with the Information Commissioner's Office (ICO) under registration number [Pending — to be confirmed on company registration].

Contact us regarding privacy matters: david.kirkman@inclusiveitsolutions.co.uk

2. What Personal Data We Collect

We collect personal data through the following means:

Contact and quote forms

  • Name and company name
  • Email address and phone number
  • Business details (company size, sector, approximate seat count)
  • Message content and pain point descriptions

Client portal (when live)

  • Email address and login credentials (password stored as a salted hash — never in plaintext)
  • Account activity logs (for security monitoring)
  • Licence and subscription information

Automatically collected

  • IP address (stored as a one-way hash — not the raw address)
  • Browser type and operating system (via server logs)
  • Pages visited and time of visit (if analytics cookies accepted)

We do not collect sensitive personal data (as defined under UK GDPR Article 9).

3. Legal Basis for Processing

We process your personal data under the following lawful bases (UK GDPR Article 6):

  • Contract (Art. 6(1)(b)) — processing necessary to deliver our services to you as a customer
  • Legitimate interests (Art. 6(1)(f)) — responding to enquiries, preventing fraud, and securing our systems
  • Consent (Art. 6(1)(a)) — analytics cookies (where you have accepted them via our cookie banner)
  • Legal obligation (Art. 6(1)(c)) — retaining financial records for 7 years as required by UK law

4. How We Use Your Data

  • To respond to your enquiry or prepare a quote
  • To provide and manage our licensing services
  • To send invoices and manage billing
  • To send service notifications (licence renewals, account alerts)
  • To improve this website (where analytics consent is given)
  • To detect and prevent fraud and abuse

We do not use your data for profiling, automated decision-making, or targeted advertising. We do not sell your data to any third party.

5. Who We Share Data With

We share data with the following categories of third parties, only as necessary to deliver our service:

  • Stripe — payment processing (PCI-DSS compliant; they handle card data directly)
  • Xero — invoicing and accounting
  • Pax8 — licence distribution and provisioning
  • SendGrid — transactional email delivery
  • Freshdesk — customer support ticketing
  • Amazon Web Services — hosting infrastructure (EU West 2 — London region)

All third parties are required to process data in accordance with applicable data protection law and are covered by appropriate data transfer mechanisms (Standard Contractual Clauses where applicable).

6. Data Retention

  • Enquiry / contact form data: 2 years from last contact
  • Customer account data: Duration of contract + 7 years (UK tax record obligation)
  • Financial records (invoices): 7 years (UK Companies Act)
  • Support tickets: 2 years from resolution
  • Security logs: 12 months
  • Cookie consent records: 1 year

When retention periods expire, data is securely deleted or irreversibly anonymised.

7. Your Rights

Under UK GDPR, you have the following rights:

  • Right of access (Art. 15) — request a copy of the personal data we hold about you
  • Right to rectification (Art. 16) — ask us to correct inaccurate data
  • Right to erasure (Art. 17) — ask us to delete your data (subject to legal retention obligations)
  • Right to restriction (Art. 18) — ask us to restrict processing in certain circumstances
  • Right to data portability (Art. 20) — receive your data in a machine-readable format
  • Right to object (Art. 21) — object to processing based on legitimate interests
  • Rights related to automated decision-making (Art. 22) — we do not conduct automated decision-making

To exercise any of these rights, contact us at david.kirkman@inclusiveitsolutions.co.uk. We will respond within one calendar month.

You also have the right to lodge a complaint with the ICO: ico.org.uk/make-a-complaint

8. Security

We take data security seriously. Our measures include: encryption of data in transit (HTTPS/TLS) and at rest (AES-256); access controls and multi-factor authentication for administrative systems; regular security assessments; and structured logging without personal data in log output.

In the event of a data breach affecting your rights and freedoms, we will notify the ICO within 72 hours and affected individuals without undue delay.

9. Cookies

We use cookies as described in our Cookie Policy. Analytics cookies are only set with your consent.

10. Changes to This Policy

We may update this policy periodically. Significant changes will be communicated via our website or, for customers, by email. The date at the top of this page reflects the most recent update.

11. Contact

For any privacy-related queries:
Inclusive IT Solutions
1386 London Road, Leigh-on-Sea, Essex, SS9 2UJ
david.kirkman@inclusiveitsolutions.co.uk