Legal
Privacy Policy
Effective date: 1 May 2026
Last reviewed: May 2026
ICO Registration No. ZC151035
This policy explains how exhale IT Limited collects, uses and protects personal data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. We take your privacy seriously and will only use your personal information in the ways described here.
1. Who we are
exhale IT Limited is a company registered in England and Wales.
Company number: 17143104
Registered office: Crown House, 27 Old Gloucester Street, London, WC1N 3AX
Trading as: exhale IT
Website: exhaleIT.co.uk
Contact: hello@exhaleIT.co.uk
exhale IT Limited is the data controller for personal data collected through this website and through our client and business development activities.
2. What personal data we collect
We collect personal data in the following circumstances:
When you contact us
- Your name and job title
- Your business email address and telephone number
- The organisation you work for
- The content of your message or enquiry
When you book a meeting
- Your name and email address
- Your calendar availability (processed by Microsoft Bookings)
- Any information you provide in advance of the meeting
When you visit our website
- Technical data including your IP address, browser type and version, device type, pages visited and time spent on the site
- This data is collected automatically and is used only in aggregated, anonymised form
We do not collect sensitive personal data (such as health information, financial data or data revealing political opinions) through this website.
3. How we use your personal data
We use your personal data for the following purposes:
- To respond to your enquiries — when you contact us, we use your details to reply and to follow up where appropriate
- To arrange and conduct meetings — we use your contact details to schedule, confirm and manage appointments
- To fulfil our services — where we are engaged by your organisation, we process relevant contact information to deliver advisory services
- To maintain business records — we retain records of business communications for legal and operational purposes
- To improve our website — anonymised technical data helps us understand how the site is used and where it can be improved
We do not use your personal data for automated decision-making or profiling.
4. Legal basis for processing
We rely on the following legal bases under UK GDPR:
- Legitimate interests (Article 6(1)(f)) — for responding to business enquiries, maintaining professional relationships and improving our services. We have assessed that our legitimate interests are not overridden by your rights and interests.
- Contract (Article 6(1)(b)) — where we are engaged to provide services to your organisation, processing is necessary to perform that contract or to take steps at your request before entering into one.
- Legal obligation (Article 6(1)(c)) — where we are required to retain or process data to comply with applicable law.
- Consent (Article 6(1)(a)) — where we have specifically asked for and received your consent, for example for any marketing communications. You may withdraw consent at any time.
5. Who we share your data with
We do not sell, rent or trade personal data. We may share data with the following categories of third party only where necessary:
- Technology providers — including Microsoft (for email, calendar and meeting scheduling via Microsoft 365 and Bookings). Microsoft's privacy practices are governed by their own privacy policy.
- Partner organisations — where you have engaged exhale IT in connection with a specific technology solution, we may share relevant contact details with the partner responsible for delivery, strictly for that purpose and with appropriate confidentiality obligations in place.
- Professional advisors — including legal and accountancy professionals, where required.
- Regulatory authorities — where required by law.
Any third parties we engage are required to handle your data securely and in accordance with UK GDPR.
6. International transfers
Where personal data is transferred outside the UK — for example, through the use of cloud-based services hosted in other jurisdictions — we ensure that appropriate safeguards are in place, such as the UK's International Data Transfer Agreement (IDTA) or adequacy decisions made by the UK Secretary of State.
7. How long we keep your data
- Enquiry and contact data — retained for up to 3 years from last contact, or longer if a business relationship develops
- Client engagement records — retained for 7 years from the end of the engagement in accordance with standard business and legal requirements
- Website analytics data — anonymised and aggregated; no retention limit applies
- Meeting booking data — retained in line with Microsoft's data retention policies and deleted from our own records when no longer operationally required
When data is no longer required, it is securely deleted or anonymised.
8. Your rights
Under UK GDPR, you have the following rights in relation to your personal data:
- Right of access — to request a copy of the personal data we hold about you
- Right to rectification — to request correction of inaccurate or incomplete data
- Right to erasure — to request deletion of your data where there is no legitimate reason for us to continue processing it
- Right to restriction — to request that we restrict processing of your data in certain circumstances
- Right to data portability — to receive your data in a structured, machine-readable format where processing is based on consent or contract
- Right to object — to object to processing based on legitimate interests, including for direct marketing
- Rights related to automated decision-making — we do not carry out automated decision-making, so this right is not currently applicable
To exercise any of these rights, please contact us at hello@exhaleIT.co.uk. We will respond within one month. We may need to verify your identity before processing your request.
You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk or by calling 0303 123 1113.
9. Cookies
This website currently uses no third-party tracking cookies and no advertising cookies. We may use essential technical cookies to ensure the site functions correctly. A full cookie policy will be published in due course.
If this changes, we will update this policy and seek consent where required.
10. Security
We take reasonable technical and organisational measures to protect personal data against unauthorised access, loss or disclosure. These include access controls, secure email practices and the use of reputable cloud service providers with appropriate security certifications.
No method of transmission over the internet is entirely secure. If you have concerns about the security of data you have shared with us, please contact us immediately.
11. Children's data
Our services are directed at business professionals and organisations. We do not knowingly collect personal data from individuals under the age of 18. If we become aware that we have done so, we will delete it promptly.
12. Changes to this policy
We may update this privacy policy from time to time to reflect changes in our practices or legal requirements. The effective date at the top of this page will be updated accordingly. We encourage you to review this policy periodically.
Where changes are material, we will take reasonable steps to notify you.
13. Contact us
If you have any questions about this privacy policy or how we handle your personal data, please contact us: