Privacy Policy
Last Updated: January 2025
Creative IT (UK) Ltd ("we", "our", or "us") is committed to protecting your privacy. This policy explains how we collect, use, and safeguard your personal information in compliance with the UK GDPR, Data Protection Act 2018, and other applicable privacy laws.
1. Information We Collect
We may collect and process the following types of personal data:
| Data Category | Examples | Purpose |
|---|---|---|
| Contact Information | Name, email, phone, address | Service communication, billing |
| Device Information | Make, model, serial numbers | Recovery assessment, service records |
| Payment Details | Billing address, payment method (no card storage) | Processing transactions |
| Technical Data | IP address, browser type, pages visited | Website analytics, security |
Sensitive Data
During data recovery, we may temporarily process sensitive personal data contained on your storage devices. This data is handled with strict confidentiality and only for the purpose of recovery services.
2. How We Use Your Information
We use your personal data only for legitimate business purposes, including:
- • Providing and managing our data recovery services
- • Processing payments and sending service updates
- • Improving our services and website functionality
- • Complying with legal obligations and preventing fraud
Legal Basis for Processing
We process your data under the following GDPR legal bases:
- ◈ Contractual necessity: To fulfill our service agreement with you
- ◈ Legal obligation: For tax, accounting, and regulatory compliance
- ◈ Legitimate interests: For business operations and service improvement
- ◈ Consent: Where explicitly requested for marketing communications
3. Data Sharing and Disclosure
We do not sell your personal data. Limited sharing may occur with:
- → Service Providers: Payment processors, IT support (under strict confidentiality agreements)
- → Legal Authorities: When required by law or to protect our legal rights
- → Business Transfers: In case of merger or acquisition (with privacy protections)
International Transfers
Your data is processed primarily in the UK. Any international transfers use GDPR-approved safeguards like Standard Contractual Clauses.
4. Data Security
We implement robust technical and organizational measures to protect your data:
- ✓ AES-256 encryption for all recovered data during transfer and storage
- ✓ Secure access controls and multi-factor authentication
- ✓ Regular security audits and penetration testing
- ✓ Confidentiality agreements with all employees
Data Retention
We retain personal data only as long as necessary:
- • Client records: 7 years for tax/legal compliance
- • Recovered data: 30 days post-service (unless otherwise agreed)
- • Marketing data: Until consent withdrawal or 2 years inactive
5. Your Rights
Under UK GDPR, you have the right to:
Access
Request copies of your personal data
Rectification
Correct inaccurate information
Erasure
Request deletion under certain conditions
Restriction
Limit processing of your data
Portability
Receive your data in machine-readable format
Object
Object to certain processing activities
Exercising Your Rights
To make a data subject request or for any privacy concerns:
Email: privacy@physicaldatarecovery.co.uk
Post: Data Protection Officer, Creative IT (UK) Ltd, 80 Willow Walk, London, SE1 5SY
We respond to all valid requests within 30 days. You may also lodge complaints with the UK Information Commissioner's Office.
Contact Our DPO6. Policy Updates
We may update this policy periodically. Significant changes will be notified via email or website notice. The "Last Updated" date at the top indicates the latest revision.