Privacy Policy

Northbridge IT Ltd (company trading as Northbridge IT) is committed to protecting the privacy of our website visitors, clients and contacts. Our registered address is Unit 48 King Street, Manchester, M2 4LQ, United Kingdom. You can contact our data controller at [email protected] or by phone on +44 161 555 0123. This Privacy Policy describes the types of personal data we collect, why we collect it, how long we keep it, and your rights in relation to that data. We only process data that is necessary for the services we provide or to comply with legal obligations. If you are a visitor from outside the UK, please be aware that your data may be processed within the UK where we are based, and appropriate safeguards are applied where required.

Data we collect and how

We collect personal data when you interact with our website and services. Typical categories include contact details (name, company, email, phone), project information you voluntarily provide, technical data (IP address, browser, device details), and cookies or similar tracking technologies where you consent. When you submit a contact or review request we store the data needed to respond and to provide the service - for example, the details required to carry out a technical review or to prepare a quote. We also process limited payment data when acting as an e-commerce integrator for clients, but we do not store full card details on our systems; payment tokens and gateway records are handled by the payment provider in line with PCI-DSS standards. We minimise collection to what is necessary and avoid processing special category data unless explicitly required and lawful to do so.

Why we process personal data and lawful bases

We process personal data for several legitimate purposes: to respond to enquiries and deliver services, to perform contracts (such as building and hosting websites), to comply with legal obligations, and for our legitimate interests - for example maintaining security, improving services and managing client relationships. Where required by law or good practice we rely on consent - for example for analytics or marketing communications. You may withdraw consent at any time for optional processing like marketing. For marketing messages we provide clear unsubscribe options and we do not share personal contact lists with third parties for marketing without explicit consent. For client projects data processing may include storing backups, logs and metadata needed for operations and security; such processing is part of contract performance and operational necessity.

Data retention, security and sharing

We retain personal data only as long as necessary for the purpose collected and to meet legal or contractual obligations. Typical retention periods are: enquiry records and quotes - 3 years, client project records - during the engagement and for 6 years after completion for contract and tax purposes, and logs/backups - up to 90 days for monitoring plus longer retained backups where required by service agreements. We implement appropriate technical and organisational measures to protect data including encrypted backups, access controls, secure hosting and regular security reviews. We may share data with trusted third-party processors (hosting providers, payment gateways, analytics providers) under written agreements that require GDPR-level protections. We do not sell personal data. Where data is transferred outside the UK, we use approved transfer mechanisms or rely on adequacy decisions and suitable safeguards as needed.

Your rights and how to exercise them

You have rights under data protection laws including the right to access personal data we hold about you, to request correction, to request erasure in certain circumstances, to restrict processing or object to processing, and to request data portability where applicable. Where processing is based on consent you can withdraw consent at any time without affecting processing done prior to withdrawal. To exercise any of these rights please contact us at [email protected] or by post at Unit 48 King Street, Manchester, M2 4LQ. We will handle your request in line with legal timeframes and may ask for identity verification to protect privacy. If you remain unhappy after contacting us you can lodge a complaint with the Information Commissioner’s Office (ICO) in the UK.

Contact and updates

For questions about this Privacy Policy or requests regarding personal data contact: Data Controller, Northbridge IT, Unit 48 King Street, Manchester, M2 4LQ, United Kingdom - email [email protected] - phone +44 161 555 0123. We review this policy periodically and will publish updates on this page. Material changes that affect how we use personal data will be communicated where appropriate to those impacted.