top of page

Privacy and GDPR

Privacy Notice & GDPR Information

Last updated: 2 November 2025
Company: InteliATELtd (Company No. 15514345)
Registered office: London, United Kingdom
Postal contact: 35 Cedars Close, Hendon, London, UK
Privacy contact: contact@InteliATE.com (use subject line: Privacy)

InteliATE builds and installs software on‑premises. We do not host, see, or process client personal data as part of our product or delivery model. This notice explains what (little) data we handle for our own website and customer portal, and your rights under UK GDPR and (where relevant) EU GDPR.

1) Scope

This policy covers:

  • Public website at InteliATE.com (no forms, no analytics, no tracking).

  • Customer portal (password‑protected, used for updates/support coordination; strictly necessary cookies only).

  • Direct communications you choose to send us (e.g., email to contact@InteliATE.com).

It does not cover your own on‑prem environments. For client deployments, you are the data controller of any personal data in your systems; InteliATE does not act as your processor because we design our service so we do not access that data.

2) Key points (TL;DR)

  • No customer data: We never access or process client personal data in production.

  • No tracking: We don’t run Google Analytics, advertising pixels, or third‑party trackers.

  • Cookies: None on the public site; the portal sets only strictly necessary session/auth cookies.

  • Website logs: Minimal security logs (e.g., IP addresses) with short retention.

  • Legal bases: Legitimate interests and (when you email us to request something) contract necessity.

  • ICO: Registered with the UK Information Commissioner’s Office (registration number to be published once issued).

  • ISO 27001: We are preparing for ISO 27001 certification; controls are in place accordingly.

  • Global audience: We honour UK/EU data rights where applicable.

3) How we operate: on‑prem by design

  • We install and support our software on your infrastructure.

  • We do not require copies, extracts, or remote access to any personal data in your systems.

  • Support is delivered using test/synthetic/redacted data and standard operational logs under your control.

  • If a unique situation would ever require access to personal data, we will refuse or—subject to your decision—execute a specific Data Processing Agreement (DPA). Our default stance is no access.

4) Data we handle about you

4.1 Public website

  • We don’t collect personal data via the site (no contact forms, no sign‑ups, no analytics).

  • Security logs: Our web server may record IP address, user‑agent, URL, timestamp, and response codes solely for security and troubleshooting.

    • Retention: typically 30 days, then deletion/rotation unless required for security investigations.

Note: IP addresses can be personal data under GDPR. We keep logs minimal and short‑lived.

4.2 Customer portal (password‑protected)

  • Used only to coordinate updates/support and share operational notes.

  • No “secret” or sensitive personal data is collected.

  • Access uses credentials issued by InteliATEor your organisation.

  • We may process pseudonymous account identifiers and strictly necessary technical data (session tokens, access timestamps) to operate the portal.

    • Cookies: strictly necessary session/auth cookies only (no analytics/advertising).

    • Retention: session cookies expire automatically; access logs retained 90 days for security.

4.3 Direct communications

  • If you email us (e.g., contact@InteliATE.com), we will process the contents of your message and your email address to respond.

    • Retention: up to 24 months after the matter closes, unless legal retention requires longer.

We do not sell, rent, or share your data for marketing. We do not profile or make automated decisions.

5) Legal bases (UK GDPR / EU GDPR)

  • Legitimate interests (Art. 6(1)(f)):

    • Running a secure website and portal (security logging, access control).

    • Handling ordinary business communications you initiate.

  • Contract necessity (Art. 6(1)(b)):

    • Where you ask us to do something pre‑contract or under a contract (e.g., respond to a support request you send via email).

We do not rely on consent because we don’t run optional analytics or marketing cookies.

6) Cookies

  • Public site: No cookies.

  • Portal: Strictly necessary session/auth cookies only. These are essential for login and cannot be disabled without breaking the portal. No analytics or advertising cookies, so no cookie banner is required.

7) Sharing and transfers

  • We do not share your data with third parties except:

    • Service providers we use for core operations (e.g., hosting/email), under confidentiality and data protection terms.

    • Legal or security disclosures when required by law or to investigate abuse.

  • International transfers: Where a provider processes data outside the UK/EEA, we use appropriate safeguards (e.g., UK IDTA/EU SCCs) or equivalent legal mechanisms. Given our minimal processing, such transfers are limited.

8) Security

We apply risk‑appropriate technical and organisational measures aligned with ISO 27001 practices, including: least‑privilege access, MFA for admin systems, encryption in transit, hardening and patching, logging/monitoring, change control, and supplier due diligence. We are preparing for ISO 27001 certification and maintain documentation accordingly.

If we become aware of a personal data breach involving our own systems (e.g., email mailbox), we will assess and notify the ICO and affected individuals when required by law.

9) Retention

  • Website security logs: ~30 days.

  • Portal access logs: ~90 days.

  • Business correspondence: up to 24 months after closure.

  • Longer retention may apply if needed to establish or defend legal claims or meet legal obligations.

  • When retention ends, we delete or irreversibly anonymise.

10) Your rights

Where UK/EU GDPR applies to our limited processing, you may have the right to access, rectify, erase, restrict, object, and port your personal data. You can also complain to your local authority and, in the UK, to the ICO.

  • Contact us: contact@InteliATE.com (subject: Privacy)

  • UK ICO: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF (ico.org.uk)

We respond within one month (extendable by two months for complex requests). Because we deliberately avoid processing personal data, we may explain that we hold no data about you beyond technical logs or correspondence.

11) Children

Our website, portal, and services are for business use only and not directed at children.

12) Controllers, representatives, and ICO

  • Controller: InteliATELtd (Company No. 15514345), London, United Kingdom.

  • ICO: We are registered; registration number will be published here once issued.

  • EU representative: Based on our current model (no regular EU personal‑data processing beyond occasional business correspondence), we believe the Article 27 EU representative requirement does not apply. If this changes, we will appoint a representative and update this notice.

13) Changes to this notice

We will post any updates here and adjust the “Last updated” date.

Contact

InteliATE Ltd
35 Cedars Close, Hendon, London, UK
Email: contact@InteliATE.com (use subject: Privacy)

bottom of page