PRIVACY POLICY

1. WHAT INFORMATION DO WE COLLECT?

Personal information you provide to us

In Short: We collect personal information that you voluntarily provide when contacting us or engaging with our services.

We collect personal information you provide when you submit an enquiry, use our contact form, or engage with us regarding our services. The personal information we collect may include:

• Full name
• Email address
• Phone number (if provided)
• Company or organisation name
• Job title or role
• The content of your message or enquiry
• Contact preferences

Sensitive Information. We do not collect, request, or process any special category (sensitive) personal data, such as data relating to health, race, religion, political opinions, or biometric identifiers.

All personal information you provide must be true, complete, and accurate. Please notify us of any changes.

Information automatically collected

In Short: Certain technical and usage information is collected automatically when you visit our website.

When you visit our website, we automatically collect certain technical information. This data does not directly identify you as an individual, but may constitute personal data under UK GDPR. It includes:

• Log and Usage Data. IP address (used only to derive approximate country-level location — we do not collect or store precise GPS location data), browser type and version, operating system, referring URLs, pages viewed, date and time of access, and other standard server log data.
• Device Data. Device type (desktop, tablet, mobile), screen resolution, and general hardware characteristics as reported by your browser.
• Analytics Data. Aggregated behavioural data about how visitors interact with our website, collected via Google Analytics 4 (GA4). This data is used solely to understand and improve the performance and usability of our site.

We collect analytics data through cookies and similar technologies. For full details, see our Cookie Notice: teckollab.com/cookie-policy.

2. HOW DO WE PROCESS YOUR INFORMATION?

In Short: We process your information to respond to enquiries, deliver our services, improve our website, send relevant communications, and comply with legal obligations.

We process your personal information for the following specific purposes:

• To respond to your enquiries and provide our services. When you contact us via our website or directly, we use your information to respond, evaluate your requirements, and discuss how we might work together.
• To manage our client and prospect relationships. We may use your information to manage ongoing communications related to our services, project delivery, and business development.
• To send you relevant updates and insights. With your consent or on the basis of our legitimate interests (where you are an existing contact), we may send you information about our services, case studies, industry insights, and company updates. Where communications are directed to individuals acting in a personal capacity (such as sole traders using a personal email address), we rely on prior consent rather than legitimate interests, in accordance with PECR Regulation 22. You can opt out at any time — see 'WHAT ARE YOUR PRIVACY RIGHTS?' below.
• To send administrative communications. We may contact you to confirm receipt of your enquiry, provide service-related updates, or notify you of changes to our terms or policies.
• To analyse and improve our website. We use aggregated analytics data to understand how our website is used, identify issues, and improve the user experience.
• To maintain security and prevent fraud. We process technical data to monitor for suspicious activity, prevent abuse of our contact form, and maintain the integrity of our systems.
• To comply with legal obligations. We may process your information where required by law, including for accounting, tax, or legal compliance purposes.

3. WHAT LEGAL BASES DO WE RELY ON TO PROCESS YOUR PERSONAL INFORMATION?

In Short: We only process your personal information when we have a valid legal basis under UK GDPR to do so.

The UK General Data Protection Regulation (UK GDPR), as supplemented by the Data Protection Act 2018 and the Data (Use and Access) Act 2025, requires us to identify a lawful basis for each processing activity. We rely on the following:

• Consent (Article 6(1)(a)). Where you have given us clear, specific, and informed consent — for example, agreeing to receive marketing communications or accepting non-essential cookies. You may withdraw your consent at any time by contacting us at privacy@teckollab.com or by using the unsubscribe link in any marketing email. Withdrawal of consent does not affect the lawfulness of processing carried out before withdrawal.
• Performance of a Contract (Article 6(1)(b)). Where processing is necessary to perform a contract with you, or to take steps at your request before entering into a contract (such as scoping a project or preparing a proposal).
• Legitimate Interests (Article 6(1)(f)). Where processing is necessary for our legitimate business interests, provided those interests are not overridden by your rights and freedoms. Our legitimate interests include:
  • Responding to enquiries from prospective clients
  • Sending relevant updates and insights to existing contacts in a B2B context
  • Improving our website and services through analytics
  • Maintaining the security and integrity of our systems
  • Managing and growing our business

  We have assessed the balance of our legitimate interests against your rights and freedoms for each relevant processing activity. You have the right to object to processing based on legitimate interests — see Section 12.

• Legal Obligation (Article 6(1)(c)). Where processing is necessary to comply with a legal obligation to which we are subject, such as tax and accounting requirements, or cooperation with law enforcement or regulatory bodies.
• Vital Interests (Article 6(1)(d)). In exceptional circumstances, where processing is necessary to protect someone's life or physical safety. We do not currently process personal data on this basis; it is noted here for completeness.

4. WHEN AND WITH WHOM DO WE SHARE YOUR PERSONAL INFORMATION?

In Short: We share your data only with trusted technology service providers who process it strictly on our behalf, and in specific legal or business circumstances.

Technology Service Providers (Data Processors)

We engage carefully selected third-party technology providers to operate our website and communications infrastructure. These providers act as data processors — they process personal data only on our documented instructions and are prohibited from using it for their own purposes. All processors are bound by appropriate data processing agreements.

Our current service providers include:

• Microsoft Azure — Website and application hosting. Data may be processed in UK/European data centres.
• Google Analytics (Google LLC) — Website analytics and usage data. Data is processed in the United States — see Section 5 (International Data Transfers).
• Mailchimp / Mandrill (Intuit Inc.) — Transactional email delivery (e.g., confirmation emails). Data is processed in the United States — see Section 5 (International Data Transfers).

Other Disclosure Situations

• Legal Requirements. We may disclose your information to courts, law enforcement authorities, regulators, or other public bodies where required by law or to exercise or defend legal rights.
• Business Transfers. If Teckollab Ltd is involved in a merger, acquisition, sale of assets, or restructuring, your personal information may be transferred as part of that transaction. We will notify you if your data is subject to a different privacy notice as a result.
• Professional Advisers. We may share information with our solicitors, accountants, auditors, or insurers where necessary for the provision of professional services.

We do not sell, rent, or trade your personal information to any third party.

5. INTERNATIONAL DATA TRANSFERS

In Short: Some of our service providers are based outside the UK. We ensure appropriate safeguards are in place for all international transfers.

Teckollab Ltd is based in the United Kingdom. However, some of our third-party service providers (including Google LLC and Intuit Inc.) are headquartered in the United States, which means your personal data may be transferred to, stored in, or processed in countries outside the UK.

Where we transfer personal data outside the UK to a country not covered by a UK Adequacy Regulation, we ensure that such transfers are subject to appropriate safeguards in accordance with UK GDPR Chapter V. The safeguards we rely upon include:

• UK International Data Transfer Agreements (IDTAs) or the UK Addendum to the EU Standard Contractual Clauses (SCCs) — binding contractual obligations on the data importer to protect your data to a standard equivalent to UK law.
• Adequacy Regulations — where the UK Government has determined that a country provides an adequate level of data protection.

You may request a copy of the relevant transfer safeguards by contacting us at privacy@teckollab.com.

6. DO WE USE COOKIES AND OTHER TRACKING TECHNOLOGIES?

In Short: We use cookies and similar technologies for essential site functions and, with your consent, for analytics.

We use cookies and similar tracking technologies (such as web beacons and pixels) to operate our website and, where you have consented, to collect analytics data about how you interact with our Services.

We use the following categories of cookies:

• Strictly Necessary Cookies. Essential for the website to function. These cannot be disabled and do not require your consent.
• Analytics Cookies. Used to understand how visitors interact with our website, which pages are most visited, and where improvements can be made. We use Google Analytics 4 (GA4) for this purpose. These cookies are only placed with your prior consent via our cookie banner.

We do not use advertising, retargeting, or profiling cookies. We do not display third-party advertisements on our website.

Google Analytics

We use Google Analytics 4 to analyse usage of our website. Google Analytics collects data such as pages visited, session duration, and general location (derived from IP address — GA4 applies IP anonymisation by default; Google does not store full IP addresses). This data is shared with Google LLC and processed in the United States under appropriate transfer safeguards (see Section 5).

To opt out of Google Analytics tracking across all websites, you may install the Google Analytics Opt-out Browser Add-on. For Google's privacy practices, see the Google Privacy Policy.

Full details of the cookies we use, their purposes, and how to manage your preferences are set out in our Cookie Notice: teckollab.com/cookie-policy.

7. HOW LONG DO WE KEEP YOUR INFORMATION?

In Short: We retain personal information only for as long as necessary for its stated purpose, subject to applicable legal requirements.

We apply specific retention periods to different categories of personal data, in line with the storage limitation principle under UK GDPR Article 5(1)(e):

• Contact and enquiry data (name, email, enquiry content): Retained for 2 years from the date of last contact, after which it is securely deleted or anonymised. If an enquiry results in a client relationship, the data is retained for the duration of that relationship plus 2 years.
• Client and contractual records: Retained for 7 years from the end of the relevant contract or financial year, in accordance with UK statutory accounting and tax obligations (Companies Act 2006, HMRC requirements).
• Marketing contact data: Retained until you withdraw consent or unsubscribe, or for a maximum of 3 years of inactivity, whichever is sooner.
• Website server logs and technical data: Retained for 90 days for security monitoring purposes, then deleted.
• Analytics data (Google Analytics): Retained for 14 months in accordance with our GA4 configuration, after which it is automatically deleted by Google.
• Email delivery logs (database records of contact form submissions and transactional email dispatch): Retained for 90 days for operational and audit purposes, then deleted or anonymised. Email content is not archived beyond this period.

When data reaches the end of its retention period, we will securely delete or anonymise it. Where immediate deletion is not technically possible (e.g., backup archives), the data is isolated from further processing until deletion is feasible.

8. HOW DO WE KEEP YOUR INFORMATION SAFE?

In Short: We apply appropriate technical and organisational security measures to protect your personal information.

We have implemented the following security measures:

• Encryption in transit. All data transmitted between your browser and our website is encrypted using TLS (HTTPS).
• Access controls. Access to personal data is restricted to authorised personnel only, on a need-to-know basis. We apply least-privilege principles to internal systems.
• Secure hosting infrastructure. Our website and application are hosted on enterprise-grade cloud infrastructure with built-in security controls, regular patching, and monitoring.
• Data minimisation. We collect only the personal information that is necessary for the identified purpose and do not retain it beyond the periods set out in Section 7.
• Vendor due diligence. All third-party processors are subject to data processing agreements and are assessed for their security practices before engagement.

Despite these measures, no method of electronic transmission or storage is 100% secure. While we work hard to protect your personal information, we cannot guarantee absolute security. Any transmission of personal data to our website is at your own risk. Please use our Services only within a secure environment and notify us immediately at privacy@teckollab.com if you suspect any unauthorised use of your personal data.

9. DATA BREACHES

In Short: We have procedures in place to detect, report, and address personal data breaches in compliance with UK GDPR.

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the Information Commissioner's Office (ICO) within 72 hours of becoming aware of the breach, in accordance with our obligations under UK GDPR Article 33.

Where a breach is likely to result in a high risk to your rights and freedoms, we will also notify you directly without undue delay, in accordance with UK GDPR Article 34, unless an exemption applies.

If you believe your personal data has been compromised or wish to report a security concern, please contact us immediately at privacy@teckollab.com.

10. DO WE COLLECT INFORMATION FROM MINORS?

In Short: We do not knowingly collect data from or market to persons under 18 years of age.

Our Services are directed exclusively at business professionals and are not intended for use by persons under the age of 18. We do not knowingly collect, solicit, or process personal information from individuals under 18. If we become aware that we have collected personal information from a minor, we will take prompt steps to delete that information from our records. If you believe we may have inadvertently collected information from a minor, please contact us at privacy@teckollab.com.

11. AUTOMATED DECISION-MAKING AND PROFILING

In Short: We do not use automated decision-making or profiling that produces legal or similarly significant effects on individuals.

We do not make decisions about you using solely automated processing (including profiling) that produce legal effects or similarly significantly affect you. All decisions relating to the provision of our services involve human review. The Data (Use and Access) Act 2025 has updated the UK framework for automated decision-making; our current practices do not engage these provisions. If this changes, we will update this notice accordingly and, where required, seek your explicit consent.

12. WHAT ARE YOUR PRIVACY RIGHTS?

In Short: As a UK resident, you have significant rights over your personal information under UK GDPR. If you are resident in the EEA, separate rights under EU GDPR may apply to you; please contact us to discuss your specific position.

Under UK GDPR, you have the following rights:

• Right of Access (Article 15). You may request a copy of the personal data we hold about you and information about how we process it.
• Right to Rectification (Article 16). You may request that we correct any inaccurate or incomplete personal data we hold about you.
• Right to Erasure (Article 17). You may request that we delete your personal data where there is no compelling reason for us to continue processing it (the 'right to be forgotten').
• Right to Restrict Processing (Article 18). You may request that we suspend processing of your personal data in certain circumstances, for example while accuracy is contested.
• Right to Data Portability (Article 20). Where processing is based on consent or contract and carried out by automated means, you may request a copy of your data in a structured, commonly used, machine-readable format.
• Right to Object (Article 21). You have an absolute right to object to the processing of your personal data for direct marketing purposes (including profiling for marketing). You also have the right to object to processing based on legitimate interests — we must then demonstrate compelling legitimate grounds that override your interests. To object, contact us at privacy@teckollab.com.
• Right to Withdraw Consent (Article 7(3)). Where processing is based on your consent, you may withdraw it at any time. This does not affect the lawfulness of processing carried out prior to withdrawal.

How to exercise your rights

To exercise any of the above rights, please contact us at: privacy@teckollab.com or via our contact form at teckollab.com/contact.

We will respond to your request within one calendar month of receipt. This period may be extended by up to two further months where requests are complex or numerous, in which case we will notify you within the initial month and explain the reason for the extension.

Exercising your rights is free of charge. However, we reserve the right to charge a reasonable administrative fee or decline to act on requests that are manifestly unfounded or excessive, particularly where they are repetitive in nature.

We may need to verify your identity before processing your request. We will ask for appropriate information to confirm who you are.

Right to complain to the ICO

If you are dissatisfied with how we have handled your personal data or a rights request, you have the right to lodge a complaint with the UK's supervisory authority:

We would, however, appreciate the opportunity to address your concerns before you approach the ICO. Please contact us first at privacy@teckollab.com.

Marketing opt-out

If you receive marketing communications from us, you may opt out at any time by:

• Clicking the unsubscribe link in any marketing email
• Emailing us at privacy@teckollab.com with the subject line "Unsubscribe"

Please note that we may still send you transactional or service-related communications that are necessary in the context of a business relationship.

Cookie preferences

You may withdraw or update your cookie consent at any time — withdrawal is as easy as giving consent. Visit our Cookie Policy at teckollab.com/cookie-policy to reset your preferences directly using the in-page link, or manage your browser settings. You may also email us at privacy@teckollab.com.

13. CONTROLS FOR DO-NOT-TRACK AND GLOBAL PRIVACY CONTROL

Most web browsers and some mobile operating systems include a Do-Not-Track (‘DNT’) feature that you can activate to signal that you do not wish to have your browsing activity monitored. There is no finalised technical standard for recognising DNT signals and we do not currently respond to them.

The Global Privacy Control (GPC) is an emerging browser signal designed to communicate a user's privacy preferences to websites. GPC is recognised under certain US state laws (including the CCPA) and is gaining broader adoption. We monitor regulatory developments regarding GPC and will update this notice if we implement GPC signal recognition.

14. DO WE MAKE UPDATES TO THIS NOTICE?

In Short: Yes, we will update this notice as necessary to remain compliant with applicable laws and to reflect changes in our practices.

We may update this privacy notice from time to time. The 'Last updated' date at the top of this page indicates when the notice was most recently revised.

Where we make material changes — for example, a new processing purpose, a new category of data collected, a new third-party processor, or a change to the legal basis for processing — we will notify you by:

• Posting a prominent notice on our website, and/or
• Sending you an email notification (where we hold your contact details and the change directly affects you)

We encourage you to review this notice periodically to stay informed of how we are protecting your information.

15. HOW CAN YOU CONTACT US ABOUT THIS NOTICE?

If you have questions, concerns, or comments about this privacy notice or our data practices, please contact us by email or post:

Data Protection Officer: Teckollab Ltd is a small business and is not currently required to appoint a Data Protection Officer under UK GDPR Article 37. Privacy enquiries are handled directly by our management team at privacy@teckollab.com.

ICO Registration: Teckollab Ltd is registered with the Information Commissioner's Office under registration number ZB720635.

Governing law: This privacy notice is governed by the laws of England and Wales. Any disputes arising from it shall be subject to the exclusive jurisdiction of the courts of England and Wales.

16. HOW CAN YOU REVIEW, UPDATE, OR DELETE THE DATA WE COLLECT FROM YOU?

You have the right to request access to the personal information we hold about you, to have inaccuracies corrected, and to request deletion of your personal information, subject to applicable legal exemptions. To submit a request, please email us at privacy@teckollab.com or use our contact form at teckollab.com/contact. We will verify your identity and respond within one calendar month. See Section 12 for full details of your rights and how we handle requests.