Privacy Policy

Last updated: March 2026

1. Who We Are

Underwood IT is a trading name of Paul Underwood, providing IT consultancy, project delivery, and support services to small UK businesses. We are the data controller for personal data collected through this website and our services.

Contact: info@underwoodit.co.uk

2. What Data We Collect

We may collect the following personal data:

• Contact information — name, email address, phone number, company name, provided when you contact us or book a call.
• Engagement data — information you share during consultations, IT audits, or project work, which may include details about your systems, accounts, and suppliers.
• Website analytics — anonymised, cookie-free usage data collected via Cloudflare Web Analytics (if enabled). This does not identify individual visitors and does not use cookies or trackers.

3. How We Use Your Data

We use personal data for the following purposes:

• To respond to enquiries and provide quotes.
• To deliver agreed consultancy, project, and support services.
• To manage invoicing and payments.
• To communicate about ongoing engagements.
• To improve our website and services.

4. Legal Basis for Processing

We process personal data under the following lawful bases (UK GDPR):

• Contract — processing necessary to deliver services you have engaged us for.
• Legitimate interest — responding to enquiries, managing our business, and improving our services.
• Legal obligation — where required for tax, accounting, or regulatory purposes.

5. Data Sharing

We do not sell your personal data. We may share data with:

• Third-party suppliers — only where necessary to deliver agreed services (e.g. a hosting provider or software vendor), and only with your knowledge.
• Professional advisors — accountants or legal advisors, where required.
• Legal authorities — if required by law or regulation.

6. Data Retention

We retain personal data only for as long as necessary:

• Enquiries — deleted within 12 months if no engagement follows.
• Client engagement data — retained for the duration of the engagement plus 6 years for legal and accounting purposes.
• Invoicing records — retained for 6 years as required by HMRC.

7. Cookies and Tracking

This website does not use cookies or tracking scripts that identify individual visitors. If Cloudflare Web Analytics is enabled, it collects anonymised, aggregated data only. No consent banner is required.

8. Data Security

We take reasonable technical and organisational measures to protect your personal data, including:

• Encrypted email and file transfer where appropriate.
• Multi-factor authentication on accounts used to process client data.
• Access restricted to those who need it to deliver the service.
• Regular review of security practices.

9. International Transfers

We primarily process data within the UK. Where data is processed outside the UK (for example, through cloud services), we ensure appropriate safeguards are in place in accordance with UK GDPR requirements.

10. Your Rights

Under UK data protection law, you have the right to:

• Access — request a copy of the personal data we hold about you.
• Rectification — request correction of inaccurate data.
• Erasure — request deletion of your data where there is no ongoing lawful reason to retain it.
• Restriction — request that we limit how we use your data.
• Portability — request your data in a structured, machine-readable format.
• Objection — object to processing based on legitimate interest.

To exercise any of these rights, contact us at info@underwoodit.co.uk. We will respond within 30 days.

11. Complaints

If you are unhappy with how we handle your data, you have the right to lodge a complaint with the Information Commissioner's Office (ICO):

ico.org.uk — Helpline: 0303 123 1113

12. Changes to This Policy

We may update this policy from time to time. The current version will always be available on our website.