This privacy notice tells you what to expect us to do with your personal information.
Contact Details
General Contact Details
You can email us with general enquiries at the following email address:
· Hello@InfiniteCloudIT.com (or click "Get In Touch" at the bottom of this page).
Post
You can write to us with general enquiries at the following address:
Infinite Cloud IT
Flat 14, 11 Downsman Court
Hangleton Way
Hove
East Sussex
BN3 8ES
Data Privacy Specific Enquiries, or Complaints
To submit an enquiry specific to how we use or handle your personal information (such as a Subject Access Request) or to make a complaint to us regarding how we have handled your personal information, please use the following contact details:
You can email us with data privacy enquiries at the following email address:
Post
You can write to us with data privacy enquiries at the following address:
Data Privacy Officer
Infinite Cloud IT
Flat 14, 11 Downsman Court
Hangleton Way
Hove
East Sussex
BN3 8ES
What Information We Collect, Use and Why
Provide and Improve Products and Services for Clients
We collect or use the following information to provide and improve products and services for clients:
· Names and contact details.
· Addresses.
· Gender.
· Payment details (including card or bank information for transfers and direct debits).
· Transaction data (including details about payments to and from you and details of products and services you have purchased).
· Usage data (including information about how you interact with and use our website, products and services).
· Employment details (including salary, sick pay and length of service).
· Information relating to compliments or complaints.
· Video recordings (e.g. online meetings).
· Audio recordings (e.g. calls).
· Records of meetings and decisions.
· Account access information.
· Website user information.
Operation of Client or Customer Accounts
We collect or use the following personal information for the operation of client or customer accounts:
· Names and contact details.
· Addresses.
· Purchase or service history.
· Account information, including registration details.
· Information used for security purposes.
· Marketing preferences.
· Technical data, including information about device/computer web browser and operating systems.
Information Updates and Marketing
We collect or use the following personal information for information updates or marketing purposes:
· Names and contact details.
· Addresses.
· Profile information.
· Marketing preferences.
· Purchase or account history.
· Website and app user journey information.
· IP addresses.
Legal Compliance
We collect or use the following personal information to comply with legal requirements:
· Name.
· Contact information.
· Identification documents.
· Client account information.
· Any other personal information required to comply with legal obligations.
Recruitment
We collect or use the following personal information for recruitment purposes:
· Contact details (e.g. name, address, telephone number or personal email address).
· Date of birth.
· National Insurance number.
· Copies of passports or other recognised photo ID.
· Employment history (e.g. job application, employment references or secondary employment).
· Education history (e.g. qualifications).
· Right to work information.
· Details of any criminal convictions (e.g. Disclosure Barring Service (DBS), Access NI or Disclosure Scotland Checks).
· Security clearance details (e.g. basic checks and higher security clearance).
Special Category Information
For recruitment purposes, we also collect or use the following special category information. This information is subject to additional protection due to its sensitive nature:
· Racial or ethnic origin.
· Religious or philosophical beliefs.
· Health information.
Queries, Compliments, Complaints and Claims
We collect or use the following personal information for dealing with queries, complaints or claims:
· Names and contact details.
· Addresses.
· Account information.
· Purchase or service history.
· Video recordings of private or staff only areas.
· Audio recordings of private or staff only areas.
· Call recordings.
· Photographs.
· Relevant information from previous investigations.
· Customer or client accounts and records.
· Financial transaction information.
· Information relating to health and safety (including incident investigation details and reports and accident book records).
· Correspondence.
Credit Checks and Financial Vetting
In certain circumstances, we may collect or receive personal information from credit reference agencies. This may occur when assessing the financial standing of prospective clients prior to entering into a service agreement, or when evaluating candidates for roles that require financial vetting, particularly where our clients operate in regulated sectors. Any such processing is carried out in accordance with applicable data protection laws and is limited to what is necessary for the specific purpose. Individuals will be informed where such checks are undertaken and will have the opportunity to exercise their rights under data protection legislation.
Children's Data
While our services are not directed at children, we may occasionally collect and process personal information relating to individuals under the age of 18, for example, if we employ apprentices or interns, or if our clients do. In such cases, we ensure that all personal information is handled in accordance with applicable data protection laws and with appropriate safeguards in place to protect the privacy and rights of young people.
Lawful Bases and Data Protection Rights
Under UK data protection law, we must have a “lawful basis” for collecting and using your personal information. There is a list of possible lawful bases in the UK GDPR. You can find out more about lawful bases on the ICO’s website.
Which lawful basis we rely on may affect your data protection rights which are set out in brief below. You can find out more about your data protection rights and the exemptions which may apply on the ICO’s website:
Your Right of Access
You have the right to ask us for copies of your personal information. You can request other information such as details about where we get personal information from and who we share personal information with. There are some exemptions which means you may not receive all of the information you ask for. Read more about the right of access.
Your Right to Rectification
You have the right to ask us to correct or delete personal information you think is inaccurate or incomplete. Read more about the right to rectification.
Your Right to Erasure
You have the right to ask us to delete your personal information. Read more about the right to erasure.
Your Right to Restriction of Processing
You have the right to ask us to limit how we use your personal information. Read more about the right to restriction of processing.
Your Right to Object to Processing
You have the right to object to the processing of your personal data. Read more about the right to object to processing.
Your Right to Data Portability
We collect or use the following personal information for dealing with queries, complaints or claims:
You have the right to ask that we transfer the personal information you gave us to another organisation, or to you. Read more about the right to data portability.
Your Right to Withdraw Consent
When we use consent as our lawful basis, you have the right to withdraw your consent at any time. Read more about the right to withdraw consent.
If you make a request, we must respond to you without undue delay and in any event within one month.
To make a data protection rights request, please contact us using the contact details at the top of this privacy notice.
Lawful Bases for the Collection and Use of your Data
Provide and Improve Products and Services for Clients
Our lawful bases for collecting or using personal information to provide and improve products and services for clients are:
Contract
We have to collect or use the information so we can enter into or carry out a contract with you. All of your data protection rights may apply except the right to object.
Legitimate Interests
We are collecting or using your information because it benefits you, our organisation, or someone else, without causing an undue risk of harm to anyone. All of your data protection rights may apply, except the right to portability. Our legitimate interests are:
· We process personal information to deliver and enhance the IT services we provide our clients. This includes managing service requests, monitoring usage, and improving the performance and reliability of our, or our clients’ systems. This processing benefits both our clients and our organisation by ensuring services are delivered efficiently and securely. The data we use is limited to what is necessary for these purposes and does not override the rights or freedoms of individuals.
· We also process usage and performance data from client environments to identify opportunities for service improvement, modernisation, and increased operational efficiency. This supports our ability to proactively recommend enhancements that benefit our clients. The processing is limited to what is necessary for these insights and does not involve intrusive profiling or decision-making that would negatively impact individuals.
For more information on our use of legitimate interests as a lawful basis, you can contact us using the contact details set out above.
Operation of Client or Customer Accounts
Our lawful bases for collecting or using personal information for the operation of client or customer accounts are:
Contract
We have to collect or use the information so we can enter into or carry out a contract with you. All of your data protection rights may apply except the right to object.
Legitimate Interests
We are collecting or using your information because it benefits you, our organisation, or someone else, without causing an undue risk of harm to anyone. All of your data protection rights may apply, except the right to portability. Our legitimate interests are:
· We process personal information to manage client accounts, including user access, billing, and service configuration. This is necessary to ensure continuity of service, maintain accurate records, and support secure access to our systems. The processing is proportionate, limited to business contact and account data, and does not adversely impact individuals’ rights.
For more information on our use of legitimate interests as a lawful basis, you can contact us using the contact details set out above.
Information updates or Marketing Purposes
Our lawful bases for collecting or using personal information for information updates or marketing purposes are:
Consent
We have permission from you after we gave you all the relevant information. All of your data protection rights may apply, except the right to object. To be clear, you do have the right to withdraw your consent at any time.
Legitimate Interests
We are collecting or using your information because it benefits you, our organisation, or someone else, without causing an undue risk of harm to anyone. All of your data protection rights may apply, except the right to portability. Our legitimate interests are:
· We process business contact information to send relevant service updates and marketing communications to our clients and prospective clients. This supports our business growth and helps clients stay informed about services that may benefit them. We ensure that individuals can opt out at any time and that our communications are targeted, relevant, and respectful of privacy.
For more information on our use of legitimate interests as a lawful basis, you can contact us using the contact details set out above.
Legal Compliance
Our lawful bases for collecting or using personal information to comply with legal requirements are:
Legal Obligation
We have to collect or use your information so we can comply with the law. All of your data protection rights may apply, except the right to erasure, the right to object and the right to data portability.
Recruitment
Our lawful bases for collecting or using personal information for recruitment purposes are:
Consent
We have permission from you after we gave you all the relevant information. All of your data protection rights may apply, except the right to object. To be clear, you do have the right to withdraw your consent at any time.
Contract
We have to collect or use the information so we can enter into or carry out a contract with you. All of your data protection rights may apply except the right to object.
Legal Obligation
We have to collect or use your information so we can comply with the law. All of your data protection rights may apply, except the right to erasure, the right to object, and the right to data portability.
Queries, Compliments, Complaints and Claims
Our lawful bases for collecting or using personal information for dealing with queries, complaints or claims are:
Contract
We have to collect or use the information so we can enter into or carry out a contract with you. All of your data protection rights may apply except the right to object.
Legal Obligation
We have to collect or use your information so we can comply with the law. All of your data protection rights may apply, except the right to erasure, the right to object and the right to data portability.
Legitimate Interests
We are collecting or using your information because it benefits you, our organisation, or someone else, without causing an undue risk of harm to anyone. All of your data protection rights may apply, except the right to portability. Our legitimate interests are:
· We process personal information to investigate and resolve queries, complaints, or claims raised by clients or users. This helps us improve our services, resolve issues efficiently, and maintain strong client relationships. The data processed is limited to what is necessary for the specific issue and is handled securely and confidentially.
For more information on our use of legitimate interests as a lawful basis, you can contact us using the contact details set out above.
Where We Get Personal Information From
We obtain your personal information from the following places:
· Directly from you.
· Publicly available sources.
· Previous employment.
· Credit reference agencies.
· Providers of marketing lists and other personal information.
· Suppliers and service providers.
Third Parties
We may receive personal information from third parties including:
· Client organisations who provide user details as part of onboarding or ongoing service management (e.g. through joiners/movers/leavers processes).
· Recruitment agencies who submit candidate CVs and references.
· Technology partners and service providers (e.g. Microsoft, Mailchimp, Apollo .io) who facilitate service delivery or marketing.
· Public platforms such as LinkedIn or Companies House, where individuals have made their information publicly available.
How Long We Keep Information
Data Retention Schedule
Data Category
Description
Retention Period
Reason for Retention
Action After Retention Period
Client Contact Data
Names, email addresses, phone numbers, job titles
6 years after contract end
Legal record-keeping, potential disputes
Secure Deletion
Service Usage Data
Logs, monitoring data, endpoint activity
12 months
Operational analysis, service improvement
Anonymisation or deletion
Support Ticket Data
Ticket content, user contact info, resolution notes
3 years
Service history, audit trail
Secure deletion
Marketing Contact Data
B2B contact info from Apollo .io, Mailchimp forms
Until opt-out or 2 years of inactivity
Marketing outreach, lead nurturing
Deletion upon opt-out or inactivity
Recruitment Data (Candidates)
CVs, references, interview notes
12 months after recruitment cycle
Legal compliance, future opportunities
Secure deletion
Employee Data
Contracts, payroll, performance records
6 years after employment ends
Legal obligations (e.g. HMRC)
Secure deletion
Meeting Recordings & Transcriptions
Audio/video files, AI transcripts
12 months
Internal documentation, service quality
Secure deletion
Client Directory Sync Data
Usernames, email addresses, job titles
Duration of service contract
Service delivery
Deleted upon contract termination
Financial Records (Invoices, Payments)
Billing info, transaction history
6 years
HMRC compliance
Secure deletion
Incident & Complaint Records
Investigation notes, correspondence
3 years
Service improvement, legal defence
Secure deletion
Who We Share Information With
We share information with the following data processors and third-parties:
Data Processors
Microsoft
This data processor performs the following activities, or provides the following services, for us:
· Provides directory, access & authentication.
· Email.
· Collaboration.
· File storage.
· Records management.
· Endpoint security.
· Endpoint management & compliance enforcement.
· Data Loss Prevention (DLP).
· AI chatbot services.
HaloPSA - ITSM Platform Provider
This data processor performs the following activities, or provides the following services, for us:
· Manages support ticketing.
· Service reporting.
· Customer billing and invoice automation.
· IT process automation.
NinjaOne - Remote Monitoring and Management (RMM) Platform Provider
This data processor performs the following activities, or provides the following services, for us:
· Provides remote monitoring and management of client endpoints and IT infrastructure.
· Enables remote support, patch management, software deployment, and device health monitoring.
· Integrates with other platforms (e.g. HaloPSA) to support service delivery and incident response.
Mailchimp - Email Marketing Platform
This data processor performs the following activities, or provides the following services, for us:
· Email marketing.
· Lead capture.
· Campaign management services.
· Stores and processes contact data for marketing communications and lead generation.
Others We Share Personal Information With
We will also share personal information with the following third-parties where required in order to facilitate service delivery or the operation of our organisation:
· Professional or legal advisors.
· Organisations we are legally obliged to share personal information with.
· Suppliers and service providers.
Third Parties
Raw Accounting Ltd – Accountancy firm (Reading, UK).
What they do:
· Process business accounts.
· Company payroll.
HMRC – UK Government Tax Authority
What they do:
· Receives required business data for tax reporting & collection (including Corporation Tax, VAT, PAYE and National Insurance).
Sharing Information Outside the UK
Third-Party Data Housing (Outside UK)
We store personal data within the United Kingdom wherever possible. However, some of our third-party service providers may process data outside the UK. In such cases, we ensure that appropriate safeguards are in place, such as Standard Contractual Clauses or equivalent mechanisms approved under UK data protection law.
Use of AI Services
While the use of AI in our organisation is covered in more detail in our AI policy, in-line with our policy regarding the storage of data by our organisation and our vendors, suppliers and necessary associated third-parties, where generative AI is used to enable our business, we commit to ensuring that all services do not make use of ours, or our clients’, personal or corporate information for the training of AI models.
AI services are vetted to ensure they meet the requirements of UK GDPR.
Infinite Cloud IT
Where necessary, we may transfer personal information outside of the UK. When doing so, we comply with the UK GDPR, making sure appropriate safeguards are in place.
For further information or to obtain a copy of the appropriate safeguard for any of the transfers below, please contact us using the contact information provided above.
Mailchimp
· Category of Recipient: Email Marketing and Lead Capture tool.
· Country the personal information is sent to: United States.
· How the transfer complies with UK data protection law: Addendum to the EU Standard Contractual Clause (SCCs).
NinjaOne
· Category of Recipient: Remote Monitoring and Management Platform Provider.
· Country the personal information is sent to: United States and other jurisdictions as required.
· How the transfer complies with UK data protection law: Standard Contractual Clauses (SCCs) or equivalent safeguards.
Xero
· Category of Recipient: Cloud-based Accounts Software.
· Country the personal information is sent to: New Zealand, Australia and the United States.
· How the transfer complies with UK data protection law: Addendum to the EU Standard Contractual Clause (SCCs).
Third Parties
Where necessary, our data processors will share personal information outside of the UK. When doing so, they comply with the UK GDPR, making sure appropriate safeguards are in place.
For further information, or to obtain a copy of the appropriate safeguard for any of the transfers below, please contact us using the contact information provided above.
Xero
· Category of Recipient: Cloud-based Accounts Software.
· Country the personal information is sent to: New Zealand, Australia and the United States.
· How the transfer complies with UK data protection law: Addendum to the EU Standard Contractual Clause (SCCs).
Mailchimp
· Category of Recipient: Email Marketing and Lead Capture tool.
· Country the personal information is sent to: United States.
· How the transfer complies with UK data protection law: Addendum to the EU Standard Contractual Clause (SCCs).
How to Complain
If you have any concerns about our use of your personal data, you can make a complaint to us using the contact details at the top of this privacy notice.
If you remain unhappy with how we have used your personal data after raising a complaint with us, you can also complain to the ICO.
The ICO’s address:
Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
Helpline Number: 0303 123 1113
Website: https://www.ico.org.uk/make-a-complaint
©️ 2025 Infinite Cloud IT, Brighton, U.K.