Last Updated: Sunday 15th February 2026

Privacy Policy

Zanetify IT Solutions Ltd (“Zanetify”, “we”, “us”, “our”) is committed to protecting personal data and respecting privacy.

This Privacy Notice explains how we collect, use, store, and protect personal data in accordance with:

  • UK General Data Protection Regulation (UK GDPR)
  • UK Data Protection Act 2018
  • EU General Data Protection Regulation (EU GDPR), where applicable

1. Data Controller

Zanetify acts as a data controller for personal data processed through its website and business communications.

Where personal data is accessed solely for the purpose of delivering services on behalf of clients, Zanetify acts as a data processor and does not retain such data beyond what is necessary to complete the engagement or meet legal obligations.
General Inquries: info@zanetify.com
Security Matters: security@zanetify.com

2. Scope and Applicability

This Privacy Notice applies to:

  • Visitors to our website
  • Individuals contacting us or booking consultations
  • Clients and prospective clients

Where services involve individuals located in the European Union, Zanetify complies with the EU GDPR in addition to UK GDPR.

3. Personal Data We Collect

  1. Data You Provide
    • Name
    • Business or organisation name.
    • Email address.
    • Telephone number.
    • Information submitted via contact forms, consultation bookings, or email correspondence.
  2. Automatically Collected Data
    • IP address.
    • Browser type
    • Device information
    • Pages visited and usage data

    Under UK GDPR and EU GDPR, IP addresses are considered personal data. This information is processed strictly for security monitoring, fraud prevention, performance optimisation, and system administration purposes. It is not used for advertising, profiling, or behavioural tracking.

4. How We Use Personal Data

We process personal data to:

  • Respond to enquiries and consultation requests
  • Deliver Cyber Risk & Exposure Assessments and advisory services
  • Communicate regarding our services
  • Improve website performance and security
  • Comply with legal and regulatory obligations

We do not sell personal data or use it for advertising or profiling.

5. Lawful Bases for Processing

We rely on the following lawful bases under UK GDPR and EU GDPR:

  • Consent: where you submit an enquiry or request contact
  • Contract: where processing is necessary to deliver services
  • Legitimate Interests: for business communications and website analytics
  • Legal Obligation: where required by law

6. Data Sharing & International Transfers

Personal data may be shared only with:

  • Trusted service providers (e.g. secure hosting or analytics)
  • Professional advisers where legally required

Where personal data is transferred outside the UK or EU, appropriate safeguards are applied, including:

  • UK adequacy regulations
  • EU adequacy decisions
  • Standard Contractual Clauses where applicable

7. Data Retention

Personal data is retained only as long as necessary:

  • Enquiry data: up to 12 months
  • Client data: for the duration of the engagement and applicable legal or regulatory periods

Data is securely deleted when no longer required.

8. Data Security

Zanetify applies risk based technical and organisational measures designed to protect personal data against unauthorised access, loss, alteration, or disclosure.

Our website is hosted using secure cloud infrastructure provided by reputable third-party hosting providers. Security controls include:

  • Role-based access controls (RBAC) for administrative accounts
  • Mandatory multi-factor authentication (MFA) for hosting, domain, and email administration
  • Encryption in transit using TLS 1.2 or higher
  • Secure configuration management aligned with ISO/IEC 27001 principles
  • Logging and monitoring of systems containing personal data
  • Regular review of access permissions and administrative privileges
  • Secure backup and recovery controls

Where personal data is processed through third-party providers (such as hosting or form-processing services), those providers implement their own security safeguards, including encryption and access controls.

Security arrangements are reviewed periodically to ensure continued effectiveness and proportionality to risk.

9. Your Rights

Under UK GDPR and EU GDPR, you have the right to:

  • Access your personal data
  • Rectify inaccurate data
  • Request erasure
  • Restrict or object to processing
  • Request data portability
  • Withdraw consent at any time

Requests can be made by contacting: info@zanetify.com

10. Incident Response & Breach Notification

Zanetify IT Solutions Ltd. maintains an incident response process aligned with UK GDPR requirements.

In the event of a confirmed personal data breach:

  • We will promptly assess scope, risk, and impact.
  • Where required by law, we will notify the UK Information Commissioner’s Office (ICO) within 72 hours of becoming aware of the breach.
  • Affected clients or individuals will be informed without undue delay where there is a high risk to their rights and freedoms.
  • Corrective and preventive measures will be implemented and documented.

All incidents are recorded and reviewed to improve security posture.

11. Complaints

You may raise concerns with:

  • UK ICO (Information Commissioners Office) – www.ico.org.uk
  • Your local EU supervisory authority (where EU GDPR applies)

12. Updates

This Privacy Notice may be updated periodically.
The latest version will always be available on our website.