Managed IT Support Limited
Privacy and Cookies Policy
Last updated: 29 November 2025
1. Purpose of this policy
This policy explains how Managed IT Support Limited processes personal data when you visit our websites, contact us, receive our services, or interact with us in any other way.
We follow the UK General Data Protection Regulation and the Data Protection Act 2018, which require fair, lawful and transparent use of personal data. (ico.org.uk)
2. Who we are and how to contact us
Managed IT Support Limited
Trading name: Managed IT Support
Email: hello@manageditsupport.net
Telephone: 0333 038 6557
Website: www.manageditsupport.net
You should contact us using the details above for any questions about this policy or about how we handle your personal data.
You also have the right to raise concerns with the Information Commissioner’s Office, which is the UK data protection regulator.
Information Commissioner’s Office
Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
Telephone: 0303 123 1113
Website: ico.org.uk
3. Scope of this policy
This policy covers personal data processed when:
• you visit our websites or digital services
• you contact us by phone, email, contact form or social media
• you receive support from us or enter into a contract with us
• you attend meetings or events with us
• you supply products or services to us
This policy does not cover third party websites and services that link to or from our website. Those services have their own privacy information.
4. What personal data we collect
The personal data we collect depends on how you interact with us.
4.1 Website visitors
• Technical data about your device, browser, operating system and IP address
• Information about how you use our site, including pages viewed, time spent and links clicked
• Cookie identifiers and similar tracking technologies, where you accept these
This information supports security, performance monitoring and service improvement. It often uses analytics cookies that track trends without identifying you directly.
4.2 Prospective customers and customers
• Name and business contact details
• Job title and organisation
• Communication history and notes from calls, meetings and emails
• Service preferences and requirements
• Contract details, orders and records of services provided
• Billing information such as invoicing details and payment status
4.3 Suppliers and partners
• Name and business contact details
• Role, organisation and relationship history
• Contract, performance and billing records
4.4 Support and monitoring data
Where we provide IT support and managed services, we may process:
• User names and business email addresses within customer systems
• Device identifiers, system logs and security alerts
• Records of support tickets, remote sessions and actions taken
We expect our business customers to inform their staff and users about this processing and to provide their own privacy information where they act as controller.
4.5 Marketing contacts
• Name and contact details
• Marketing preferences and communication history
• Information about responses to campaigns, such as email opens or clicks
4.6 Recruitment
• Contact details, CV, covering information and interview notes
• References and right to work information where required by law
Recruitment data is used only for hiring and related administration.
5. Purposes and lawful bases
We only process personal data where a lawful basis under UK GDPR applies.
5.1 Providing our services and managing contracts
Purpose:
• Respond to enquiries and requests
• Set up and manage customer accounts
• Deliver IT support and managed services
• Manage projects, changes and service improvements
• Handle billing, payments and debt recovery
Lawful bases:
• Performance of a contract or steps requested before entering into a contract
• Legitimate interests in running and growing our business and providing services efficiently
5.2 Network and information security
Purpose:
• Monitor systems and services for threats and incidents
• Investigate alerts, suspicious activity and potential vulnerabilities
• Maintain audit logs for security and compliance
Lawful bases:
• Legitimate interests in maintaining secure systems and protecting our customers and our business
• Legal obligations where security laws or regulatory duties apply
Guidance from the ICO recognises security as a common legitimate interest under UK GDPR.
5.3 Business administration
Purpose:
• Supplier management and procurement
• Financial management and accounting
• Business planning, reporting and insurance
• Handling queries, complaints and disputes
Lawful bases:
• Legitimate interests in managing our business
• Legal obligations in relation to tax, accounting and regulatory duties
5.4 Marketing and relationship management
Purpose:
• Send service information to existing customers
• Promote services relevant to your role and organisation
• Invite contacts to events or webinars
• Manage communication preferences and opt outs
Lawful bases:
• Legitimate interests in promoting our services to business contacts where privacy rules permit
• Consent where required for direct electronic marketing under the Privacy and Electronic Communications Regulations
You always have the right to stop direct marketing. Every marketing email includes a clear unsubscribe option.
5.5 Legal obligations and claims
Purpose:
• Meet legal obligations
• Respond to lawful requests from authorities
• Establish, exercise or defend legal claims
Lawful bases:
• Legal obligation
• Legitimate interests in protecting our rights and responding to claims
6. Where we obtain data from
We collect personal data from:
• you directly, for example when you contact us or sign a contract
• your organisation, if you are a user or contact within a customer or supplier
• our own systems and logs during service delivery
• public sources such as business websites, public registers and professional directories
7. Sharing your personal data
We share personal data only where necessary for the purposes set out above. Typical recipients include:
• IT, hosting, security, monitoring and communication providers
• Professional advisers such as accountants, auditors, lawyers and insurers
• Subcontractors or specialist partners engaged to help deliver services
• Payment processors and banks
• Law enforcement bodies, regulators or courts where we must respond to legal requests
We expect recipients to protect personal data and to use it only for agreed purposes, under written terms that reflect UK GDPR requirements.
We do not sell personal data.
8. International transfers
Some suppliers or partners operate outside the United Kingdom. Where this involves transfers of personal data, we follow UK GDPR rules on international transfers and use appropriate safeguards, such as:
• UK adequacy regulations for the destination country
• Standard contractual clauses or equivalent data protection terms
• Technical and organisational controls that protect confidentiality and security
Details of relevant safeguards are available on request.
9. Retention of personal data
We keep personal data only for as long as it is needed for the purposes set out in this policy, and to meet legal, accounting or reporting requirements. (ico.org.uk)
In general:
• Enquiry records stay on file for up to two years after last contact
• Contract and service records stay on file for up to seven years after the end of the relationship, to meet tax and record keeping duties
• Security logs and technical data stay on file for periods linked to security and audit needs
• Recruitment records stay on file for up to one year after the process ends, unless we agree a longer period with you
Where no fixed retention period applies, we use criteria such as the nature of the data, risk of harm, and regulatory guidance to decide retention.
10. How we protect personal data
We use a mixture of organisational and technical measures to protect personal data, including:
• Role based access controls and least privilege principles
• Strong authentication and logging on key systems
• Encryption and secure network design where appropriate
• Staff awareness and confidentiality obligations
• Supplier vetting and security terms in contracts
No system is entirely risk free, but we work to keep risk as low as reasonably possible and to detect and respond to incidents quickly.
11. Your rights
Under UK data protection law you have a number of rights in relation to your personal data.
You have the right to:
• receive clear information about how we use your data
• request access to the personal data we hold about you
• request correction of inaccurate or incomplete data
• request deletion of your data in certain circumstances
• request restriction of processing in certain circumstances
• object to processing based on legitimate interests or direct marketing
• request transfer of your personal data to you or another provider where the law supports this
• withdraw consent where we rely on consent as the lawful basis
These rights do not always apply in the same way in every situation. The law sets out specific conditions and exemptions for some of them.
To exercise your rights, contact us using the contact details in section 2. We will respond without undue delay and within the time limits set by law.
You also have the right to complain to the Information Commissioner’s Office if you are unhappy with how we handle your data.
12. Cookies and similar technologies
Our websites use cookies and similar technologies. Cookies are small text files stored on your device by your browser. They support features of the site, security and analytics.
We group cookies into categories such as:
• Strictly necessary cookies, which support core site features and security
• Performance or analytics cookies, which help us understand usage patterns
• Functionality cookies, which remember choices such as preferences
• Marketing cookies, which support targeted content or advertising where used
Except for strictly necessary cookies, we use cookies only where you give consent through the cookie banner or settings. You can change your cookie choices at any time through your browser settings and any controls on our site. Guidance from the ICO explains these requirements for UK websites.
If you block or delete certain cookies, parts of the site might not work as intended.
13. Children
Our services are directed at business users. We do not knowingly target or provide services to children.
14. Changes to this policy
We review this policy from time to time to reflect changes in our services, our processing, or the law. Updated versions will appear on our website with a new “last updated” date.
Where changes have a significant impact on you, we will take reasonable steps to bring them to your attention, for example by email or by a prominent notice on the site.