Privacy Policy

1. Who We Are

Ashford Technologies Limited is the data controller for personal data collected through our website and in connection with our services.

• Company name: Ashford Technologies Limited
• Company number: 06437199
• Registered address: Poplar House, 5 The Poplars, Colchester, England, CO3 9DS
• Email: info@ashfordtech.co.uk
• Website: https://www.ashfordtech.co.uk

As a data controller, we determine the purposes and means by which personal data is processed. Where we process personal data on behalf of our clients, we act as a data processor and are bound by appropriate contractual obligations.

2. What Personal Data We Collect

Depending on how you interact with us, we may collect the following categories of personal data:

2.1 Identity and Contact Data

• Full name and job title
• Business name and registered address
• Email address and telephone number

2.2 Communication Data

• Messages, enquiries, and correspondence sent to us
• Records of meetings, calls, and project discussions

2.3 Financial Data

• Invoicing details and payment records (we do not store payment card details)

2.4 Technical and Usage Data

• IP address, browser type and version, operating system
• Pages visited, time spent on pages, referring URLs
• Cookie identifiers (see our Cookie Policy)

2.5 Marketing Data

• Your preferences regarding receiving marketing communications from us

3. How We Collect Your Data

We collect personal data through the following means:

• Direct interactions: When you complete our contact form, send us an email, call us, or engage us to provide services.
• Website usage: Automatically, when you browse our website, through cookies and similar technologies.
• Third parties: Occasionally from publicly available sources such as LinkedIn or Companies House, in connection with prospective business relationships.
• WhatsApp: If you contact us via WhatsApp, your message content and contact details are received through that platform.

4. Why We Use Your Data (Legal Bases)

Under UK GDPR, we must have a lawful basis for processing your personal data. We rely on the following bases:

• Contract: Processing is necessary to perform a contract with you or to take steps at your request before entering a contract (e.g., responding to an enquiry, delivering a project).
• Legitimate interests: Processing is necessary for our legitimate business interests, such as improving our services, managing our business, and communicating with existing clients — provided those interests are not overridden by your rights.
• Legal obligation: Processing is necessary to comply with a legal obligation, such as financial record-keeping.
• Consent: Where you have given us explicit consent, such as subscribing to marketing communications. You can withdraw consent at any time.

5. How We Use Your Data

We use the personal data we collect for the following purposes:

• Responding to enquiries and providing quotations
• Delivering the services you have engaged us to provide
• Managing our contractual relationship with you
• Sending invoices and processing payments
• Providing ongoing support and maintenance
• Improving our website and services
• Sending relevant service updates or information (where you have a legitimate interest or have consented)
• Complying with our legal and regulatory obligations
• Defending or pursuing legal claims where necessary

We will never sell your personal data to third parties. We do not use your data for automated decision-making or profiling.

6. Who We Share Your Data With

We only share your personal data with third parties where necessary and appropriate. These include:

• IT and cloud service providers who host our systems (e.g., email providers, CRM, cloud infrastructure), bound by data processing agreements.
• Accounting and finance software used to generate and manage invoices.
• Professional advisers such as solicitors and accountants, where confidentiality obligations apply.
• Regulatory or law enforcement bodies where we are legally required to do so.

We do not share your data with third parties for their own marketing purposes.

7. International Transfers

Where any of our service providers or subprocessors are based outside the UK or European Economic Area, we ensure appropriate safeguards are in place, such as UK adequacy decisions, Standard Contractual Clauses, or other lawful transfer mechanisms, in accordance with UK GDPR requirements.

8. How Long We Keep Your Data

We retain personal data only for as long as necessary for the purposes for which it was collected, and in accordance with our legal obligations. Our standard retention periods are:

• Client project records and correspondence: 7 years after the end of the engagement (for tax and legal compliance).
• Financial records: 7 years from the end of the relevant financial year.
• Website enquiries not resulting in an engagement: 12 months.
• Marketing consent records: Until you withdraw consent, plus 3 years.
• Website analytics data: Up to 26 months (anonymised thereafter).

After the applicable retention period, data is securely deleted or anonymised.

9. Your Rights

Under UK GDPR, you have the following rights in relation to your personal data:

• Right of access: To request a copy of the personal data we hold about you.
• Right to rectification: To request correction of inaccurate or incomplete data.
• Right to erasure: To request deletion of your data in certain circumstances.
• Right to restrict processing: To request that we limit how we use your data in certain circumstances.
• Right to data portability: To receive your data in a structured, machine-readable format where technically feasible.
• Right to object: To object to processing based on legitimate interests or for direct marketing purposes.
• Rights related to automated decision-making: We do not carry out automated decision-making, but you have the right to raise concerns if this changes.

To exercise any of these rights, please contact us at info@ashfordtech.co.uk. We will respond within one calendar month. There is no charge for reasonable requests.

10. Cookies

Our website uses cookies and similar tracking technologies. For full details of the cookies we use and how to manage them, please see our Cookie Policy.

11. Security

We take the security of your personal data seriously and implement appropriate technical and organisational measures to protect it against unauthorised access, loss, destruction, or alteration. These measures include:

• Encrypted data transmission (HTTPS/TLS)
• Access controls limiting who can access personal data
• Regular security reviews and updates
• Staff awareness of data protection obligations

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the ICO within 72 hours and notify affected individuals without undue delay, as required by UK GDPR.

12. Children

Our services are directed at businesses and business professionals. We do not knowingly collect personal data from individuals under the age of 16. If you believe we have inadvertently collected data about a child, please contact us immediately at info@ashfordtech.co.uk and we will delete it promptly.

13. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in law, our services, or our data practices. When we make material changes, we will update the “last updated” date at the top of this page. We encourage you to review this policy periodically. Continued use of our services following any changes constitutes acceptance of the updated policy.

14. Contact and Complaints

For any questions, requests, or concerns about this Privacy Policy or our data practices, please contact us: