GDPR & Data Protection Policies
INTELETUS Ltd.
These three concise GDPR and Data Protection policies are prepared for Inteletus Ltd., a UK based service provider. They reflect UK data protection law and ICO guidance as at December 2025. Each policy is editable and intended for use in the stated context. Keep the wording clear, concise and to the point.
Policy 1 – Website Users
Purpose: To explain how we collect and use personal data from visitors and account holders on our website.
Controller: Inteletis Ltd. Contact: dataprotection@inteletus.co.uk.
Lawful bases: We rely on: consent (for marketing and non essential cookies), performance of a contract, legitimate interests (site improvement, security) and legal obligations where applicable.
Personal data collected: Examples: name, email, IP address, usage data, cookies, contact form content.
Cookies and tracking: We use cookies. Users will see a cookie banner and may give or withdraw consent. We comply with PECR on electronic communications and cookies.
Use of data: Provide website services, respond to enquiries, analyse site use, prevent fraud and meet legal obligations.
Retention: We keep personal data only as long as necessary for the purpose and to meet legal or regulatory obligations.
Third party sharing: We may share data with service providers (hosting, analytics, payment processors) under written contracts requiring appropriate protections.
International transfers: Transfers outside the UK will have appropriate safeguards, such as adequacy decisions, standard contractual clauses, or other permitted mechanisms.
Data subject rights: Individuals have rights including access, rectification, erasure, restriction, objection, portability and to withdraw consent. Requests should be sent to the contact above.
Security: We implement appropriate technical and organisational measures proportionate to the risk.
Complaints: If you are unhappy with our handling of personal data you may complain to us or to the Information Commissioner’s Office.
Changes: We may update this policy. Changes are published on the website with the date of last revision.
Policy 2 – Clients (B2B fractional sales services)
Purpose: To explain how we process client and prospective client data while providing fractional sales services.
Controller: Inteletis Ltd. Contact: dataprotection@inteletus.co.uk.
Personal data collected: Company and contact details, contract and billing data, communication records, performance and activity data, any personal data provided by the client for service delivery.
Lawful bases: Performance of contract, legitimate interests (service delivery and improvement), consent where required for specific processing and legal obligations.
Special category data: We do not usually process special category data. If we do, we will identify a lawful basis and put additional safeguards in place, including explicit consent where required.
Use of data: Deliver services, manage the business relationship, invoicing and payments, compliance, security and dispute resolution.
Sharing with subcontractors: We may instruct subcontractors and processors. Contracts require written instructions, confidentiality, security controls and return or deletion on completion.
Data minimisation and retention: We collect only necessary data and retain it according to contractual, tax and regulatory obligations. Retention periods are documented and reviewed.
Data transfers: International transfers will use appropriate safeguards.
Client obligations: Clients must ensure they have the rights to provide personal data to us and to permit the processing described.
Data subject rights and requests: Clients and individuals may exercise their rights. We will assist clients to respond to subject rights requests relating to data processed on their instruction.
Security and incident response: We maintain appropriate security measures and will notify clients and the ICO of personal data breaches where required by law.
Dispute and complaints: Clients may raise concerns with us and with the ICO if unresolved.
Policy 3 – Event Participants, Workshops and Training (payment details supplied)
Purpose: To explain how we process personal and payment data for participants in events, networking sessions, workshops and training.
Controller: Inteletis Ltd. Contact: dataprotection@inteletus.co.uk.
Data collected: Name, contact details, organisation, dietary or accessibility needs if provided, payment card or payment processor details and transaction records.
Lawful bases: Performance of contract (to deliver paid services), legal obligations (accounting and tax), and consent for optional processing such as marketing.
Payments and card data: We do not store full card details unless explicitly agreed. Payment details are processed by PCI DSS compliant payment processors. Transaction records are retained for accounting and legal obligations.
Sharing: Participant data is shared with event venues, payment processors and authorised contractors only as necessary and under contract.
Security: We use technical and organisational measures appropriate to the sensitivity of the data. We only collect payment details when strictly necessary and use secure processors.
Retention: Participant registration and transaction records are retained for legitimate business, tax and audit purposes and deleted when no longer required.
Cancellation and refunds: We will use payment data to process refunds. Payment processors may retain transaction information as required by their policies.
Rights and contact: Participants can exercise their data subject rights. Contact dataprotection@inteletus.co.uk for requests or concerns.
Incident handling: We will notify affected individuals and the ICO where required by law if a breach affects participant personal data or payment details.
Notes: By providing payment details individuals consent to the processing necessary to deliver the purchased service.
Key legal references and notes
UK GDPR and Data Protection Act 2018: We process personal data in line with UK GDPR and the Data Protection Act 2018. These policies reflect ICO guidance and obligations.
Data (Use and Access) Act 2025: These policies take account of changes introduced by the Data (Use and Access) Act 2025 and related ICO guidance which may affect data sharing, digital verification and cookie rules.
PECR: We comply with the Privacy and Electronic Communications Regulations on electronic marketing and cookies.
ICO guidance: We follow ICO codes and guidance on subject access requests, data sharing and data security.
Last review: December 2025. These policies should be reviewed regularly and updated to reflect legislative or guidance changes.