1. Introduction & Overview
AMVIA Limited ("AMVIA", "we", "us", "our") is committed to protecting the personal data of individuals who visit our website, enquire about our services, or whose data we process as part of delivering managed IT services. This Privacy Policy explains what personal data we collect, why we collect it, how we use it, and your rights under UK data protection law.
AMVIA Limited is registered in England and Wales. We act as a data controller in respect of personal data we collect directly from individuals, and as a data processor where we process personal data on behalf of our clients as part of our managed IT services.
This policy applies to all personal data we process in connection with: our website (amvia.co.uk); our marketing and sales activities; our managed IT support, cybersecurity, and connectivity services; and communications with existing clients and prospective clients.
We process personal data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. If you have any questions about this policy or how we handle your data, please contact us at privacy@amvia.co.uk.
2. What Personal Data We Collect
We collect personal data in the following circumstances:
2.1 Data You Provide Directly
- Contact and enquiry forms: Name, job title, company name, email address, telephone number, and the content of your enquiry.
- Quote requests: Contact details, company information, and details about the services you are enquiring about.
- Support requests: Contact details, details of your IT issue, and any information you provide in connection with resolving it.
- Event or webinar registrations: Name, company, and contact details.
- Job applications: CV, cover letter, contact details, and employment history.
2.2 Data Collected Automatically
- Website analytics: IP address, browser type and version, operating system, pages visited, time on site, referral source, and device type. This is collected via Google Analytics and our own web analytics tooling.
- Cookies: See Section 6 for full details of the cookies we use.
2.3 Data We Receive from Third Parties
- Technology partners and referrers: We may receive contact details from technology partners or referral sources who have your permission to share your information with us.
- Publicly available sources: We may collect publicly available professional information (such as LinkedIn profiles) for legitimate business development purposes, where we have a lawful basis for doing so.
2.4 Data Processed in the Course of Service Delivery
When we provide managed IT services, we may access or process personal data held within client systems. This is governed by the Data Processing Agreement (DPA) between AMVIA and the relevant client, rather than by this Privacy Policy.
3. How We Use Your Personal Data
We use personal data only where we have a lawful basis to do so under UK GDPR. The lawful bases we rely on are:
- Legitimate interests — for business development, website analytics, and direct marketing to business contacts where there is a reasonable expectation of receiving relevant communications.
- Performance of a contract — to deliver services you have engaged us to provide, including support, onboarding, and account management.
- Compliance with a legal obligation — where we are required to process data to meet regulatory or legal requirements.
- Consent — where you have given explicit consent, for example for optional marketing communications.
Specific Uses
| Purpose | Lawful Basis |
|---|---|
| Responding to enquiries and quote requests | Legitimate interests / Pre-contractual |
| Delivering managed IT services | Performance of a contract |
| Sending service communications (updates, alerts) | Performance of a contract |
| Sending marketing communications to business contacts | Legitimate interests |
| Website analytics and performance improvement | Legitimate interests |
| Processing job applications | Legitimate interests / Pre-contractual |
| Complying with legal or regulatory obligations | Legal obligation |
We do not use personal data for automated decision-making or profiling in a manner that produces legal or similarly significant effects.
4. Your Rights Under UK GDPR
Under UK GDPR, you have the following rights in relation to your personal data:
- Right of access: You can request a copy of the personal data we hold about you (a Subject Access Request).
- Right to rectification: You can ask us to correct inaccurate or incomplete personal data.
- Right to erasure: You can ask us to delete your personal data where we no longer have a lawful basis to hold it.
- Right to restrict processing: You can ask us to limit how we use your data in certain circumstances.
- Right to data portability: Where processing is based on consent or a contract, you can ask us to provide your data in a structured, machine-readable format.
- Right to object: You can object to processing based on legitimate interests, including direct marketing. Where you object to direct marketing, we will always stop.
- Rights related to automated decision-making: You have the right not to be subject to solely automated decisions that significantly affect you.
To exercise any of these rights, please contact us at privacy@amvia.co.uk. We will respond within one calendar month. You will not normally be charged for making a request, though we may charge a reasonable fee for manifestly unfounded or excessive requests.
If you are not satisfied with how we have handled your data, you have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk or by calling 0303 123 1113.
6. How Long We Keep Your Data
We retain personal data only for as long as necessary for the purposes for which it was collected, taking into account legal, regulatory, and operational requirements.
| Data Type | Retention Period |
|---|---|
| Enquiry and contact form data (no contract formed) | 12 months from last contact |
| Client contact data (contracted client) | Duration of contract + 6 years |
| Support ticket records | 3 years from ticket closure |
| Invoice and payment records | 7 years (statutory requirement) |
| Marketing consent records | Until consent is withdrawn or 3 years of inactivity |
| Job application data (unsuccessful) | 6 months from decision |
| Website analytics data | 26 months (Google Analytics default) |
When data is no longer required, it is securely deleted or anonymised. Where we rely on third-party data processors, those processors are required to apply equivalent retention and deletion standards under the terms of our data processing agreements.
7. Sharing Data with Third Parties
We do not sell personal data to third parties. We share personal data only in the following circumstances:
Service Providers (Data Processors)
We engage third-party service providers who process personal data on our behalf and under our instructions. These include:
- Microsoft (Microsoft 365, Azure): Our core business applications and infrastructure are hosted on Microsoft's cloud platform. Microsoft acts as a data processor under our agreement with them.
- CRM and helpdesk tooling: We use cloud-based CRM and service desk platforms to manage client records and support tickets. These providers are bound by data processing agreements.
- Google Analytics: Website analytics (with IP anonymisation enabled).
- Email marketing platforms: Where used for outbound communications to business contacts who have not opted out.
Sub-contractors and Partners
Where we engage third-party engineers or sub-contractors in the delivery of services, they are bound by confidentiality obligations and data protection requirements.
Legal and Regulatory Disclosures
We may disclose personal data where required to do so by law, by a court order, or by a regulatory authority. We will notify individuals of such disclosures where legally permitted to do so.
Business Transfers
In the event of a merger, acquisition, or sale of all or part of AMVIA's business, personal data may be transferred to the relevant third party, subject to appropriate safeguards and notification to affected individuals where required.
All third-party processors are required to have appropriate technical and organisational measures in place, and we conduct due diligence on their data protection practices before engagement.
8. How to Contact Us
If you have any questions about this Privacy Policy, wish to exercise your rights, or want to raise a concern about how we have handled your personal data, please contact us using the details below:
AMVIA Limited
Data Protection Enquiries
Email: privacy@amvia.co.uk
We will acknowledge your enquiry promptly and respond in full within one calendar month. For complex requests, we may extend this period by up to two further months, in which case we will notify you.
If you are not satisfied with our response, or believe we are processing your personal data unlawfully, you have the right to complain to the Information Commissioner's Office (ICO):
Information Commissioner's Office
Wycliffe House, Water Lane
Wilmslow, Cheshire, SK9 5AF
Website: ico.org.uk
Helpline: 0303 123 1113
Changes to This Policy
We review this Privacy Policy periodically and update it when our practices change or when required to do so by law. When we make material changes, we will update the "Last Updated" date shown at the top of this page. We encourage you to review this policy from time to time to stay informed about how we protect your data.