Privacy Policy

Who we are

ITHealth U.K. Ltd (“ITHealth”, “we”, “us”, “our”) is a UK-based provider of cyber security, identity and access management, and managed security services. Our primary customers are NHS organisations, alongside other healthcare, public sector, and commercial organisations.

For the purposes of UK data protection law, ITHealth U.K. Ltd is the data controller for personal data collected through our website, marketing activities, and general business operations, unless otherwise stated.

Where we process personal data on behalf of customers as part of delivering contracted services, we act as a data processor in accordance with their instructions.

We are committed to protecting personal data and handling it responsibly and transparently. This Privacy Policy explains how we collect, use, store, and safeguard personal information.

We comply with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

What data we collect and why

We collect and process personal data to enable us to deliver our services effectively, communicate with you, and provide a relevant and efficient experience.

This data may include your name, job title, organisation, and business contact details such as your business email address and business telephone number. We collect this information when you interact with us directly, for example through enquiries, event registrations, or other communications.

We may also obtain limited professional contact details from publicly available sources or reputable third-party providers where this is relevant to our business activities. This allows us to identify and engage with organisations that may benefit from our services and to develop B2B relationships.

This processing is carried out for the purposes of developing and maintaining B2B relationships and delivering IT services. It is limited to business-related contact data and is undertaken on the basis of our legitimate interests. We ensure these interests are appropriately balanced against the rights and freedoms of individuals and are not overridden.

When you use our website, we may automatically collect technical information such as your IP address, browser type, device information, and details of how you interact with our site. This helps us understand usage patterns, improve performance, and maintain the security of our systems.

Where we provide services to customers, we may also process account information and service-related communications where this is necessary to deliver, maintain, and support those services.

How we use your data

We use personal data to operate our business and deliver services effectively. This includes responding to enquiries, managing customer relationships, delivering contracted services, and maintaining communication with relevant business contacts.

We also use personal data to ensure the security of our systems and services, including monitoring, investigating, and preventing unauthorised access, misuse, or technical issues.

Where appropriate and permitted, we may use professional contact details to share information about our services, updates, and events that may be relevant to your organisation or role. Where required under applicable law, we rely on consent or, where an existing customer relationship applies, the “soft opt-in” exemption under PECR (Privacy and Electronic Communications Regulations) for electronic marketing communications. You can opt out of marketing communications at any time.

Lawful basis for processing

We process personal data in accordance with UK data protection law and rely on the following lawful bases depending on the purpose of processing:

Where processing is necessary for the performance of a contract, we use personal data to deliver services, manage accounts, and take steps prior to entering into a contract.

We also rely on legitimate interests, including managing and developing B2B relationships, delivering and improving our services, and ensuring the security of our systems. We carefully consider and balance these interests against the rights and freedoms of individuals.

We process personal data to comply with legal obligations where required. We also rely on consent where it is the appropriate lawful basis, including for certain marketing communications and cookie preferences.

Data sharing

We may share personal data with trusted third-party service providers who support our business operations. These may include providers of IT infrastructure, hosting services, customer relationship management systems, analytics platforms, and professional advisors such as legal or financial consultants.

All third parties are required to process personal data only in accordance with our instructions and to implement appropriate security measures.
We do not sell personal data to third parties.

International data transfers

Where personal data is transferred outside the UK, we ensure appropriate safeguards are in place in accordance with UK data protection law. These may include the UK International Data Transfer Agreement (IDTA), Standard Contractual Clauses (SCCs), or transfers to countries recognised as providing an adequate level of protection.

Data Retention

We retain personal data only for as long as necessary for the purposes for which it was collected and to meet legal, regulatory, and contractual obligations.

Retention periods vary depending on the type of data and purpose of processing. For example, enquiry data may be retained for a limited period to allow follow-up, while customer and contractual data may be retained for the duration of the contract and for a period thereafter to meet legal and accounting requirements.

Where data is no longer required, it is securely deleted or anonymised.

Data Security

We implement appropriate technical and organisational measures to protect personal data against unauthorised access, loss, misuse, or alteration.

As a cyber security provider, we place particular importance on maintaining strong information security controls, including access management, secure system design, monitoring, and regular security reviews.

Your rights

Under UK data protection law, you have several rights in relation to your personal data. These include the right to access, correct, or request deletion of your personal data in certain circumstances.

You may also have the right to restrict or object to certain processing activities, and to request data portability where applicable. Where processing is based on consent, you may withdraw that consent at any time.

To exercise your rights, please contact us using the details below.

You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO) if you believe your personal data has not been handled appropriately.

Cookies

We use cookies and similar technologies to operate and improve our website, understand usage patterns, and support security and functionality.

You can control or disable cookies through your browser settings or any cookie preference tools we provide.

Contact Us

If you have any questions about this Privacy Policy or how we handle personal data, you can contact us at:
ITHealth U.K. Ltd
10 Churchill Park, Private Road No 2
Colwick, Nottingham
NG4 2HF

Email: support@ithealth.co.uk
Telephone: 0115 987 6339

Changes to this policy

We may update this Privacy Policy from time to time to reflect changes in our practices, services, or legal requirements. Any updates will be posted on this page.

Policy last reviewed: 16th April 2026