Privacy Policy

We will only process your data where at least one of the six lawful bases applies:

Consent – Clear, affirmative permission given by the individual.
Contract – Processing necessary to fulfil a contract.
Legal Obligation – Compliance with legal requirements.
Vital Interests – To protect life.
Public Task – In the public interest or by official authority.
Legitimate Interests – Where our legitimate business interests do not override the individual’s rights.

For Legitimate Interest, we apply a three-part test:

You are entitled to the following rights:

Right to be informed: We must provide clear and transparent information about data use.
Right of access: You may request access to your data. This is free of charge and will be processed within one month unless the request is unfounded, excessive, or repetitive, or if previously provided information is requested again. Where applicable, you will be informed of any charges or if your request is refused, with guidance on how to appeal.
Right to rectification: You can ask us to correct any incorrect or incomplete data.
Right to erasure: You may request deletion of your data where there is no legitimate reason to retain it.
Right to restrict processing: You may request processing to be blocked. We may still store the data but not use it further.
Right to data portability: You may obtain and reuse your personal data across different services.
Right to object: You can object to processing for legitimate interests, public interest tasks, direct marketing, or research/statistics purposes. We will always inform you of this right at the point of first communication.

Complaints can be made to the ICO:

Website: ico.org.uk/concerns Phone: 0303 123 1113

Address: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF

Data Subject’s name, address, telephone numbers, and email address(es)
- Purpose: Managing the Data Subject’s relationship with the firm
- Legal Basis: Contractual necessity

Username and passwords (where services are set up)
- Purpose: Managing services for the Data Subject and their employees
- Legal Basis: Contractual necessity

Emergency contact details
- Purpose: Contacting the Data Subject in the event of an emergency
- Legal Basis: Vital interests

CCTV recordings at PK Networks Ltd premises
- Purpose: Security at the premises
- Legal Basis: Security of the business
Gender
- Purpose: Provision of suitable facilities (e.g. toilets, changing rooms)
- Legal Basis: Legitimate interests

Photos and videos of the Data Subject
- Purpose: Promoting the firm via website and marketing activities
- Legal Basis: Consent (explicit, with the option to withdraw at any time)

Call recordings (landline and mobile)
- Purpose: Training and security; ensuring information is accurately retained
- Legal Basis: Security and training of the business

Bank account or payment details
- Purpose: Making and receiving payments or issuing refunds
- Legal Basis: Contractual necessity

Remote access to PCs and servers
- Purpose: Providing support under existing contracts
- Legal Basis: Contractual necessity

Cloud backup of PCs and servers
- Purpose: Delivering backup services under support contracts
- Legal Basis: Contractual necessity

We do not sell or pass on personal data without consent, unless required by law or necessary for fulfilling a service.
Where third-party services are used, data is shared only as necessary and only under strict confidentiality agreements.
We retain data only as long as necessary under the legal basis outlined or as required by law.
Annual reviews will assess whether continued processing is justified.