top of page

Privacy Policy

Data Controller: Guadit 

Contact: info@guadit.com

1. Introduction

Guadit Ltd ("Guadit", "we", "us", "our") is committed to protecting your personal data and respecting your privacy. This Privacy Policy explains how we collect, use, store, and share personal data when you interact with us through our website, services, or communications.

This policy complies with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018 (DPA 2018), and the Privacy and Electronic Communications Regulations 2003 (PECR).

2. Who We Are (Data Controller)

Guadit Ltd is the data controller for personal data collected via this website. We are registered with the Information Commissioner's Office (ICO) under registration number [ICO Registration Number].

If you have any data protection concerns, please contact our Data Protection Lead at: legal@guadit.com

3. What Personal Data We Collect

3.1 Data you provide to us directly:

  • Name, job title, and company name

  • Email address and telephone number

  • Business address and billing information

  • Information provided in contact forms, enquiry submissions, or support tickets

  • Content of correspondence and communications with us

 

3.2 Data we collect automatically:

  • IP addresses and browser type

  • Pages visited, time spent on pages, and referral URLs

  • Device and operating system information

  • Cookie and tracking data (see our Cookie Policy)

3.3 Data we receive from third parties:

  • Business contact information from CRM platforms or professional networks (e.g. LinkedIn)

  • Analytics data from tools such as Google Analytics

  • Information from payment processors (e.g. PayPal)

4. Lawful Bases for Processing

Under UK GDPR, we rely on the following lawful bases for processing your personal data:

Contract (Article 6(1)(b)): To perform a contract with you or take steps at your request before entering a contract — for example, processing service enquiries or delivering IT services.

 

Legitimate Interests (Article 6(1)(f)): For marketing to existing clients, website analytics, fraud prevention, and network security. We always balance our interests against your rights before relying on this basis.

 

Consent (Article 6(1)(a)): For marketing emails to prospective clients and for non-essential cookies. You may withdraw consent at any time.

 

Legal Obligation (Article 6(1)(c)): Where required to comply with law — for example, retaining financial records under UK tax legislation.

5. How We Use Your Personal Data

We use personal data for the following purposes:

  • To respond to enquiries and provide requested information about our services

  • To deliver, manage, and improve our IT services

  • To send service-related communications and updates

  • To send marketing communications where you have consented or we have a legitimate interest

  • To process payments and maintain financial records

  • To comply with legal and regulatory obligations

  • To detect and prevent fraud, cybersecurity threats, or misuse of our systems

  • To improve our website and service offering through analytics

6. Marketing Communications

We may send you information about our products and services by email or other electronic means. For existing clients, we rely on legitimate interests. For new contacts, we will only send marketing communications where you have given explicit consent.

You may opt out of marketing communications at any time by clicking 'Unsubscribe' in any email, or by contacting us at legal@guadit.com. Opting out will not affect our ability to send you service-related communications.

7. Data Sharing and Disclosure

We do not sell, rent, or trade your personal data. We may share your data with:

  • IT service sub-contractors and suppliers acting as data processors on our behalf, bound by appropriate data processing agreements

  • Cloud hosting and infrastructure providers (e.g. AWS, Microsoft Azure, Google Cloud)

  • Professional advisers including lawyers, accountants, and auditors

  • HMRC or other regulatory authorities where required by law

  • Law enforcement agencies where required or permitted by law

Where we share data with third parties acting as processors, we ensure appropriate contractual safeguards are in place in accordance with UK GDPR Article 28.

8. International Data Transfers

Some of our third-party service providers may process data outside the UK or EEA. Where this occurs, we ensure adequate safeguards are in place, such as UK International Data Transfer Agreements (IDTAs), adequacy decisions, or Standard Contractual Clauses approved by the ICO.

9. Data Retention

We retain personal data only for as long as necessary to fulfil the purposes described in this policy, or as required by law. Our general retention periods are:

  • Client contact data: for the duration of the business relationship and 7 years thereafter (in accordance with UK tax law)

  • Prospect and marketing data: 2 years from last interaction, or until withdrawal of consent

  • Website analytics: 26 months (in line with Google Analytics default settings)

  • Security and access logs: 12 months

10. Your Rights Under UK GDPR

You have the following rights in relation to your personal data:

  • Right to access: obtain a copy of the personal data we hold about you

  • Right to rectification: request correction of inaccurate or incomplete data

  • Right to erasure: request deletion of your data in certain circumstances ('right to be forgotten')

  • Right to restrict processing: request that we limit how we use your data

  • Right to data portability: receive your data in a structured, machine-readable format

  • Right to object: object to processing based on legitimate interests or for direct marketing

  • Rights in relation to automated decision-making: not to be subject to solely automated decisions that have a legal or significant effect on you

To exercise any of these rights, please contact us at info@guadit.com. We will respond within one month. You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) at www.ico.org.uk or by calling 0303 123 1113.

11. Data Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, accidental loss, destruction, or damage. These include:

  • Encryption of data in transit (TLS/HTTPS) and at rest

  • Access controls and role-based permissions

  • Regular security assessments and penetration testing

  • Staff training on data protection and information security

  • Incident response procedures in line with UK GDPR breach notification requirements

12. Automated Decision-Making and Profiling

We do not currently carry out automated decision-making or profiling that produces legal or similarly significant effects on individuals.

13. Changes to This Policy

We may update this Privacy Policy from time to time. The current version will always be available on our website at www.guadit.com/privacy-policy. We will notify you of material changes via email or a prominent notice on our website.

14. Contact Us

Data Protection Lead: info@guadit.com

Postal address: Guadit, Swansea, United Kingdom

  • Facebook
  • Linkedin
bottom of page