Privacy Policy

1. Who we are

iCentric Agency Ltd ("iCentric", "we", "us", "our") is a bespoke software development and AI automation company registered in England and Wales.

• Website: https://icentric.co.uk
• Email: hello@icentric.co.uk
• Telephone: 01234 292200
• R&D HQ: Colworth House, Colworth Science Park, Sharnbrook, Bedfordshire, MK44 1LQ
• London office: 85 Great Portland Street, First Floor, London, W1W 7LT

We are the data controller for personal information collected through this website. We are committed to protecting your personal data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

2. Data we collect

We may collect and process the following categories of personal data:

Information you provide to us

• Contact form submissions — your name, email address, phone number, and the content of your message.
• Booking enquiries — your name, email address, phone number, and company name when you book a call through our website.
• Email correspondence — any personal information contained in emails you send to us.

Information collected automatically

• Usage data — pages visited, time spent on pages, links clicked, and referring URLs, collected via Google Analytics (only with your consent).
• Technical data — IP address, browser type and version, device type, operating system, and screen resolution.
• Cookie data — information stored in cookies on your device. See Section 7 for full details.

We do not collect any special category data (such as health information, racial or ethnic origin, political opinions, or biometric data) through this website.

3. How we use your data

We use the personal data we collect for the following purposes:

Purpose	Legal basis
Responding to enquiries and contact form submissions	Legitimate interests / Contract
Scheduling and managing call bookings	Contract / Legitimate interests
Sending you information you have requested	Consent / Contract
Improving our website and understanding how visitors use it	Consent (analytics cookies)
Complying with our legal obligations	Legal obligation
Protecting our legitimate business interests	Legitimate interests

We will never sell your personal data to third parties, nor use it for automated decision-making or profiling.

4. Legal basis for processing

Under the UK GDPR, we rely on the following lawful bases for processing your personal data:

• Consent — where you have given us clear, informed consent, such as accepting analytics cookies or signing up for communications.
• Contract — where processing is necessary for the performance of a contract with you, or to take steps at your request before entering into a contract.
• Legitimate interests — where processing is necessary for our legitimate business interests, such as responding to enquiries and improving our services, provided those interests are not overridden by your rights and interests.
• Legal obligation — where processing is necessary for us to comply with a legal or regulatory obligation.

Where we rely on consent, you have the right to withdraw it at any time without affecting the lawfulness of processing before withdrawal.

5. Sharing your data

We do not sell or rent your personal data. We may share it with the following categories of third party only where necessary:

• Zoho CRM — we use Zoho to manage our client relationships and calendar bookings. Data may be stored on Zoho's servers.
• Google (Analytics & Tag Manager) — with your consent, we use Google Analytics (via Google Tag Manager) to understand website usage. Google may process data in the USA under Standard Contractual Clauses.
• LinkedIn — with your consent, we may use LinkedIn Insight Tag for advertising measurement. LinkedIn may process data in the USA under Standard Contractual Clauses.
• Resend — we use Resend to deliver email notifications from contact form submissions. Your data passes through Resend's infrastructure when you submit a form.
• Netlify — our website is hosted on Netlify. Netlify processes server logs and may temporarily store request data in line with their privacy policy.
• Professional advisers — lawyers, accountants, and insurers where necessary in the course of professional services they provide to us.
• Regulatory authorities — HMRC, ICO, or other competent authorities where required by law.

All third parties we work with are required to respect the security of your personal data and to treat it in accordance with the law. We do not allow them to use your data for their own purposes and only permit them to process your data for specified purposes in accordance with our instructions.

6. International transfers

Some of our third-party service providers are based outside the UK or EEA. Where we transfer personal data internationally, we ensure it is protected by appropriate safeguards, including:

• Standard Contractual Clauses approved by the UK Information Commissioner's Office (ICO), or
• Adequacy decisions made by the UK Secretary of State.

You may request further information about international transfer safeguards by contacting us at hello@icentric.co.uk.

7. Cookies

Our website uses cookies — small text files placed on your device. We use the following categories:

Strictly necessary cookies

These cookies are required for the website to function. They cannot be disabled. They do not store any personally identifiable information.

Analytics cookies

With your consent, we use Google Analytics (via Google Tag Manager) and LinkedIn Insight Tag to collect aggregated information about how visitors use our website. This helps us improve its content and performance.

Cookie	Provider	Purpose	Duration
_ga, _ga_*	Google	Distinguishes unique users for Google Analytics	2 years
_gid	Google	Stores page view data for Google Analytics	24 hours
li_gc	LinkedIn	Stores cookie consent status for LinkedIn cookies	2 years
lidc	LinkedIn	Facilitates data centre selection	24 hours
UserMatchHistory	LinkedIn	LinkedIn Ads ID syncing	30 days
AnalyticsSyncHistory	LinkedIn	Stores time of analytics sync	30 days
cc_cookie	icentric.co.uk	Stores your cookie consent preferences	6 months

You can update your cookie preferences at any time by clicking Cookie settings.

8. Data retention

We retain personal data only for as long as is necessary for the purposes set out in this policy, or as required by law. Our standard retention periods are:

Data type	Retention period
Enquiry and contact form data	3 years from last contact
Client project data	7 years from project completion (legal requirement)
Call booking data	2 years from the date of the booking
Website analytics data	26 months (Google Analytics default)
Financial records	7 years (HMRC requirement)

When personal data is no longer required, we securely delete or anonymise it.

9. Your rights

Under the UK GDPR, you have the following rights in relation to your personal data:

• Right of access — you may request a copy of the personal data we hold about you (a Subject Access Request).
• Right to rectification — you may ask us to correct inaccurate or incomplete data.
• Right to erasure — you may ask us to delete your personal data where there is no compelling reason for its continued processing.
• Right to restrict processing — you may ask us to pause the processing of your data in certain circumstances.
• Right to data portability — you may request that we transfer your data to you or another organisation in a structured, machine-readable format.
• Right to object — you may object to processing based on legitimate interests or direct marketing.
• Rights related to automated decision-making — we do not use automated decision-making or profiling, but you have the right not to be subject to such processing.
• Right to withdraw consent — where we rely on consent, you can withdraw it at any time.

To exercise any of these rights, please contact us at hello@icentric.co.uk. We will respond within one calendar month. There is no charge for making a request, although we may charge a reasonable fee for manifestly unfounded or excessive requests.

You also have the right to lodge a complaint with the Information Commissioner's Office (ICO):

• Website: ico.org.uk/make-a-complaint
• Telephone: 0303 123 1113

10. Security

We take appropriate technical and organisational measures to protect your personal data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure, or access. These measures include:

• HTTPS encryption for all data in transit
• Access controls limiting who can access personal data internally
• Regular security reviews of our systems and processes
• Contractual requirements on third-party processors to maintain appropriate security standards

No method of transmission over the internet is entirely secure. While we strive to protect your personal data, we cannot guarantee absolute security. In the event of a data breach that is likely to result in a risk to your rights and freedoms, we will notify you and the ICO as required by law.

11. Third-party links

Our website may contain links to third-party websites. We have no control over and accept no responsibility for the privacy practices or content of those sites. We encourage you to read the privacy policy of any third-party website you visit.

12. Changes to this policy

We may update this privacy policy from time to time to reflect changes in our practices, services, or legal requirements. When we make material changes, we will update the "Last updated" date at the top of this page. We encourage you to review this policy periodically.

Continued use of our website after changes have been posted constitutes your acceptance of the revised policy.

13. Contact us

If you have any questions about this privacy policy or the way we handle your personal data, please contact us:

• Email: hello@icentric.co.uk
• Telephone: 01234 292200
• Post: iCentric Agency Ltd, Colworth House, Colworth Science Park, Sharnbrook, Bedfordshire, MK44 1LQ

We aim to respond to all enquiries within 5 working days.