Legal

Privacy Policy

Last updated: 1 March 2025  ·  Baycop Technologies Ltd

Summary: We collect only what we need, use it only for the purpose stated, never sell your data, and give you full control over it. Read on for full details.

1. Who We Are

Baycop Technologies Ltd ("Baycop", "we", "us", "our") is a company registered in England and Wales. Our registered office is at 376 Essex Road, London N1 3PF, United Kingdom.

We are the Data Controller for personal data collected through this website and in connection with our managed IT and managed security services. Our operations centre is located at 21, 17th Lane, Colombo 3, Sri Lanka.

If you have any privacy-related questions, contact us at [email protected].

2. What Data We Collect

We collect personal data in the following ways:

a) Data you provide directly

  • Name, email address, phone number and company name when you submit a contact or enquiry form
  • Message content and any attachments you send us
  • Information provided during a free IT assessment or security review request

b) Data collected automatically

  • IP address and browser type (for security and analytics)
  • Pages visited, referrer URL and session duration via analytics tools
  • Cookie identifiers (see our Cookie Policy)

c) Data from client relationships

  • Contact details of authorised users within client organisations
  • Support ticket contents and system diagnostic information necessary to deliver our services

3. How We Use Your Data

We process your personal data for the following purposes and legal bases:

Purpose Legal Basis
Responding to your enquiriesLegitimate interests / Pre-contractual steps
Delivering managed IT and security servicesContract performance
Sending service updates and renewal noticesContract performance / Legitimate interests
Marketing communications (where opted in)Consent
Website analytics and performance monitoringLegitimate interests / Consent
Compliance with legal obligationsLegal obligation

4. How Long We Keep Your Data

  • Enquiry / contact form data: 2 years from the date of last contact
  • Client service data: Duration of the contract plus 7 years (for legal and financial record-keeping)
  • Marketing preferences: Until you withdraw consent
  • Website analytics: Up to 26 months (anonymised thereafter)

When data is no longer required we securely delete or anonymise it.

5. Who We Share Your Data With

We do not sell, rent or trade your personal data. We may share data with:

  • Service delivery partners — our Sri Lanka operations centre (Baycop Technologies Pvt Ltd) processes data on our behalf under a formal data processing agreement
  • Technology vendors — including Microsoft (M365, Azure, Sentinel), CrowdStrike, and our PSA/RMM platform vendors, all bound by data processing agreements
  • Professional advisors — solicitors, accountants and auditors under confidentiality obligations
  • Regulatory authorities — where required by law (e.g. the ICO, HMRC)

Where data is transferred outside the UK/EEA, we ensure appropriate safeguards are in place (such as Standard Contractual Clauses or an adequacy decision).

6. Your Rights

Under UK GDPR you have the right to:

  • Access — request a copy of the personal data we hold about you
  • Rectification — ask us to correct inaccurate or incomplete data
  • Erasure — ask us to delete your data where there is no compelling reason to retain it
  • Restriction — ask us to restrict processing of your data
  • Portability — receive your data in a structured, machine-readable format
  • Object — object to processing based on legitimate interests
  • Withdraw consent — at any time, where processing is based on consent

To exercise any of these rights, email [email protected]. We will respond within 30 days. You also have the right to lodge a complaint with the Information Commissioner's Office (ICO).

7. Data Security

We implement enterprise-grade security measures to protect your personal data, including:

  • Encryption in transit (TLS 1.2+) and at rest
  • Role-based access controls and multi-factor authentication
  • 24/7 SOC monitoring of our own systems
  • Regular vulnerability assessments and penetration testing
  • Staff data protection training

In the unlikely event of a data breach that affects your rights and freedoms, we will notify you and the ICO within 72 hours of becoming aware, as required by law.

8. Cookies

We use cookies and similar technologies on our website. For full details, please read our Cookie Policy.

9. Changes to This Policy

We may update this Privacy Policy from time to time. The "last updated" date at the top of this page will reflect any changes. We encourage you to review this policy periodically. Where changes are material, we will notify active clients by email.

10. Contact Us

If you have any questions about this Privacy Policy or how we handle your data, please contact:

Baycop Technologies Ltd
376 Essex Road, London N1 3PF, United Kingdom
Email: [email protected]
Phone: +44 7537 171273