Privacy & Cookie Policy
We take your privacy seriously. This policy explains how ITWizrd Ltd collects, uses and protects your personal data in line with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
1. Who We Are
ITWizrd Ltd is the data controller responsible for your personal data. We are a digital agency providing bespoke web design, digital solutions and corporate identity services to businesses across the UK.
Company name: ITWizrd Ltd
Registered address: Renfrewshire, Scotland, United Kingdom
Email: support@itwizrd.co.uk
Phone / WhatsApp: +44 7460 786396
2. Data We Collect
We collect personal data only where it is necessary and with a lawful basis under UK GDPR. The types of data we may collect include:
Contact & Identity Data
Your name, email address, phone number and company name when you fill in a contact or booking form on our site.
Communications Data
Any messages, enquiries or requests you send to us via our website, email or WhatsApp.
Usage & Technical Data
IP address, browser type, device type, pages visited, time on site and referring URL — collected automatically via cookies and analytics tools.
Booking Data
Name, email and preferred appointment time when you book a free consultation via our calendar.
We do not collect sensitive personal data (e.g. health information, racial or ethnic origin) and we do not knowingly collect data from children under 16.
3. How We Use Your Data
We process personal data under the following lawful bases (Article 6 UK GDPR):
| Purpose | Lawful Basis |
|---|---|
| Responding to enquiries and contact form submissions | Legitimate interests / Contract |
| Booking and managing free consultations | Contract (pre-contractual steps) |
| Sending quotes, proposals or project updates | Contract |
| Improving website performance and user experience | Consent (analytics cookies) |
| Serving relevant advertising | Consent (marketing cookies) |
| Complying with legal obligations | Legal obligation |
We will never sell, rent or share your personal data with third parties for their own marketing purposes.
5. Third-Party Services
We use a small number of trusted third-party services to run our website and business. Each is GDPR-compliant and processes data only as described below:
Google Analytics
Website usage analytics (anonymised)
Microsoft Bookings
Free consultation scheduling
WhatsApp (Meta)
Direct customer communication
Readdy.ai (Hosting)
Website hosting and delivery
We ensure that any third party we use has appropriate data processing agreements and technical safeguards in place.
6. Data Retention
We only keep your personal data for as long as necessary for its original purpose or as required by law:
| Data Type | Retention Period |
|---|---|
| Contact form enquiries (no contract) | 12 months |
| Client project data and communications | 7 years (legal / tax obligation) |
| Booking / consultation records | 12 months |
| Analytics data (anonymised) | 26 months (Google default) |
| Cookie consent records | 12 months |
After these periods, data is securely deleted or anonymised.
7. Your Rights Under UK GDPR
As a UK data subject, you have the following rights. You can exercise any of them by contacting us at support@itwizrd.co.uk. We will respond within one calendar month.
Right of Access
Request a copy of all personal data we hold about you (Subject Access Request).
Right to Rectification
Ask us to correct any inaccurate or incomplete data we hold.
Right to Erasure
Request deletion of your data where there is no compelling reason for us to keep it.
Right to Restrict
Ask us to pause processing your data in certain circumstances.
Right to Portability
Receive your data in a structured, machine-readable format to transfer to another service.
Right to Object
Object to processing based on legitimate interests or for direct marketing purposes.
Right to Complain: If you are unhappy with how we handle your data, you have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk or by calling 0303 123 1113.
8. Data Security
We take reasonable technical and organisational measures to protect your personal data from unauthorised access, loss, or disclosure. These include:
- HTTPS encryption on all pages of our website
- Secure, access-controlled email and communication tools
- Limited staff access to personal data on a need-to-know basis
- Regular review of data handling practices and vendor security
- Secure deletion of data at end of retention period
In the unlikely event of a data breach that poses a risk to your rights, we will notify the ICO within 72 hours and affected individuals without undue delay.
9. Changes to This Policy
We may update this Privacy & Cookie Policy from time to time to reflect changes in our practices, legal obligations or services. When we do, we will update the "Last updated" date at the top of this page.
We encourage you to review this policy periodically. Continued use of our website after changes are published constitutes your acceptance of the updated policy.
Current version last updated: 21 March 2026
10. Contact Us
If you have any questions about this policy or wish to exercise any of your data rights, please contact us using the details below. We aim to respond to all requests within one calendar month.
If you wish to make a complaint to the UK data protection regulator, please visit ico.org.uk.