Name: ENVA IT
Address: Wakefield, West Yorkshire, GB
Telephone: 07971594506
Price range: ££

Privacy Policy

ENVA IT is committed to protecting your privacy and handling your personal data transparently. This policy explains what data we collect, why we collect it, how we use it, and your rights under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

1. Who We Are (Data Controller)
ENVA IT is registered in England and Wales as a sole trader. Our registered address is Wakefield, West Yorkshire, UK. We are registered with the Information Commissioner's Office (ICO), registration number: ZA123456.

For any data protection queries, please contact us at hello@envait.co.uk or call 07971594506.

2. What Data We Collect
We may collect the following personal data:
- Contact information: Name, email address, phone number (via contact forms, email, or phone calls)
- Client project data: Business name, branding assets, content provided for website builds
- Billing information: Invoice details, payment records (card payments are processed securely via our payment provider — we do not store card numbers)
- Technical data: IP address, browser type, operating system, pages visited (collected via Google Analytics in anonymised form)
- Communication records: Emails, support tickets, and notes related to your project or account

3. Legal Basis for Processing
Under UK GDPR, we process your data based on the following lawful grounds:
- Contract: To deliver the services you have purchased or requested a quote for
- Legitimate interest: To manage our business, improve our services, and respond to enquiries
- Legal obligation: To comply with tax, accounting, and regulatory requirements
- Consent: Where you have opted in to receive marketing communications (you can withdraw consent at any time)

4. How We Use Your Data
- To respond to enquiries and provide quotes
- To deliver and manage the services you have purchased (website design, hosting, IT support)
- To send service-related updates, such as maintenance notifications or hosting renewals
- To issue invoices and process payments
- To comply with legal and financial obligations (e.g., HMRC tax records)
- To improve our website and services through anonymised analytics
- To send marketing communications, only where you have given explicit consent

5. Data Sharing & Third Parties
We do not sell your personal data. We may share data with trusted third parties who assist us in delivering our services, including:
- Hosting providers — for website and email hosting
- Domain registrars — for domain name registration
- Payment processors — for secure payment handling
- Google Analytics — for anonymised website usage statistics
- Accounting software — for invoicing and financial records
- HMRC — where required by law for tax compliance

All third-party providers are required to handle your data in accordance with applicable data protection laws.

6. Data Security
We take appropriate technical and organisational measures to protect your personal data, including:
- SSL encryption on our website and client portals
- Secure password-protected access to all systems
- Regular software updates and security patching
- Daily backups stored securely for disaster recovery
- Access to personal data is restricted to authorised personnel only

While we take all reasonable precautions, no method of electronic transmission or storage is 100% secure.

7. How Long We Keep Your Data
- Client data: Retained for 7 years after the end of a client relationship, in line with HMRC requirements for financial records
- Enquiry data (non-clients): Deleted after 12 months if no business relationship is established
- Website analytics data: Anonymised and retained in accordance with Google Analytics' data retention settings
- Marketing consent records: Retained for as long as you remain subscribed, plus 12 months after unsubscribing for audit purposes

8. International Data Transfers
Some of the third-party services we use (e.g., Google Analytics) may process data outside the UK. Where this occurs, we ensure that adequate safeguards are in place, such as Standard Contractual Clauses (SCCs) or UK adequacy decisions, in accordance with UK GDPR requirements.

9. Cookies
Our website uses the following types of cookies:
- Essential cookies: Required for the website to function properly (e.g., session management). These do not require consent.
- Analytics cookies: Used via Google Analytics to understand how visitors use our site. These are only set with your consent.

You can manage or withdraw cookie consent at any time via the cookie banner on our site, or by adjusting your browser settings.

10. Your Rights Under UK GDPR
You have the following rights regarding your personal data:
- Right of access: Request a copy of the data we hold about you
- Right to rectification: Request correction of inaccurate or incomplete data
- Right to erasure: Request deletion of your data (subject to legal retention requirements)
- Right to restrict processing: Request that we limit how we use your data
- Right to data portability: Request your data in a structured, machine-readable format
- Right to object: Object to processing based on legitimate interest or for direct marketing
- Right to withdraw consent: Where processing is based on consent, you can withdraw it at any time

To exercise any of these rights, please email hello@envait.co.uk. We will respond within 30 days.

11. Children's Data
Our services are not directed at individuals under the age of 18. We do not knowingly collect personal data from children. If you believe we have inadvertently collected data from a minor, please contact us immediately and we will take steps to delete it.

12. Marketing Communications
We will only send you marketing emails if you have explicitly opted in. Every marketing email includes an unsubscribe link. You can also withdraw consent by emailing hello@envait.co.uk. Service-related communications (e.g., hosting renewal reminders) are not considered marketing and may still be sent.

13. Changes to This Policy
We may update this privacy policy from time to time to reflect changes in our practices or legal requirements. Any material changes will be communicated via email to existing clients. The "Last updated" date at the top of this page will always reflect the most recent revision.

14. Complaints
If you are unhappy with how we have handled your personal data, you have the right to lodge a complaint with the Information Commissioner's Office (ICO):
- Website: ico.org.uk
- Helpline: 0303 123 1113

If you have any questions about this privacy policy, please contact us at hello@envait.co.uk.

Last updated: June 2026