Generated privacy notice – general business 

You can download a Word or ODT version of this generated privacy notice by clicking “Download options” at the top of the page. Alternatively, you can copy and paste it. Both options will allow you to add your own branding or extra text to your new privacy notice, or personalise it by adding your own branding or logo. Remember – you must make sure the content is accurate and complete and easily accessible. 

Please make sure you delete the green, orange and red instruction boxes before you publish your privacy notice. 

IJYI Ltd customer privacy notice 

This privacy notice tells you what to expect us to do with your personal information. 

• Contact details 

• What information we collect, use, and why 

• Lawful bases and data protection rights 

• Where we get personal information from 

• How long we keep information 

• How to complain 

Contact details 

Post 

IP City Centre, 1 Bath Street, , IPSWICH, Suffolk, IP2 8SD, GB 

Telephone 

01473 558748 

Email 

[email protected] 

What information we collect, use, and why 

We collect or use the following information to provide services and goods, including delivery: 

• Names and contact details 

• Addresses 

• Purchase or account history 

• Payment details (including card or bank information for transfers and direct debits) 

• Account information 

• Website user information (including user journeys and cookie tracking) 

• Call recordings 

• Records of meetings and decisions 

We collect or use the following information for the operation of customer accounts and guarantees: 

• Names and contact details 

• Addresses 

• Payment details (including card or bank information for transfers and direct debits) 

• Purchase history 

• Account information, including registration details 

• Information used for security purposes 

• Marketing preferences 

We collect or use the following information to prevent, detect, investigate or prosecute crimes: 

• Names and contact information 

• Customer or client accounts and records 

• Call recordings 

• Financial transaction information 

• Information relating to health and safety 

We collect or use the following information for service updates or marketing purposes: 

• Names and contact details 

• Addresses 

• Marketing preferences 

• Call recordings 

• IP addresses 

• Website and app user journey information 

• Records of consent, where appropriate 

We collect or use the following information for research or archiving purposes: 

• Addresses 

• IP addresses 

• Website and app user journey information 

We collect or use the following information to comply with legal requirements: 

• Name 

• Contact information 

• Identification documents 

• Financial transaction information 

• Any other personal information required to comply with legal obligations 

• Health and safety information 

• Safeguarding information 

We collect or use the following information for recruitment purposes: 

• Contact details (eg name, address, telephone number or personal email address) 

• Date of birth 

• National Insurance number 

• Copies of passports or other photo ID 

• Employment history (eg job application, employment references or secondary employment) 

• Education history (eg qualifications) 

• Right to work information 

• Details of any criminal convictions (eg Disclosure Barring Service (DBS), Access NI or Disclosure Scotland checks) 

• Security clearance details (eg basic checks and higher security clearance) 

We collect or use the following personal information for dealing with queries, complaints or claims: 

• Names and contact details 

• Address 

• Payment details 

• Account information 

• Purchase or service history 

• Call recordings 

• Relevant information from previous investigations 

• Customer or client accounts and records 

• Financial transaction information 

• Information relating to health and safety 

• Correspondence 

Lawful bases and data protection rights 

Under UK data protection law, we must have a “lawful basis” for collecting and using your personal information. There is a list of possible lawful bases in the UK GDPR. You can find out more about lawful bases on the ICO’s website. 

Which lawful basis we rely on may affect your data protection rights which are set out in brief below. You can find out more about your data protection rights and the exemptions which may apply on the ICO’s website: 

• Your right of access – You have the right to ask us for copies of your personal information. You can request other information such as details about where we get personal information from and who we share personal information with. There are some exemptions which means you may not receive all the information you ask for. Read more about the right of access. 

• Your right to rectification - You have the right to ask us to correct or delete personal information you think is inaccurate or incomplete. Read more about the right to rectification. 

• Your right to erasure - You have the right to ask us to delete your personal information. Read more about the right to erasure. 

• Your right to restriction of processing - You have the right to ask us to limit how we can use your personal information. Read more about the right to restriction of processing. 

• Your right to object to processing - You have the right to object to the processing of your personal data. Read more about the right to object to processing. 

• Your right to data portability - You have the right to ask that we transfer the personal information you gave us to another organisation, or to you. Read more about the right to data portability. 

• Your right to withdraw consent – When we use consent as our lawful basis you have the right to withdraw your consent at any time. Read more about the right to withdraw consent. 

If you make a request, we must respond to you without undue delay and in any event within one month. 

To make a data protection rights request, please contact us using the contact details at the top of this privacy notice. 

Our lawful bases for the collection and use of your data 

Our lawful bases for collecting or using personal information to provide services and goods are: 

• Contract – we have to collect or use the information so we can enter into or carry out a contract with you. All of your data protection rights may apply except the right to object. 

• Legal obligation – we have to collect or use your information so we can comply with the law. All of your data protection rights may apply, except the right to erasure, the right to object and the right to data portability. 

• Legitimate interests – we’re collecting or using your information because it benefits you, our organisation or someone else, without causing an undue risk of harm to anyone. All of your data protection rights may apply, except the right to portability. Our legitimate interests are: 

• We process certain personal information under the lawful basis of legitimate interests because it is necessary for us to deliver and support the services our clients expect, while ensuring these interests do not override the rights and freedoms of the individuals involved. Our legitimate interests include: • Managing and maintaining effective business to business relationships with clients, suppliers and partners, ensuring the correct individuals are contacted for project delivery, technical discussions, service updates and operational support. • Ensuring the secure operation of our platforms, systems and development environments, including monitoring access, detecting misuse, and protecting our infrastructure against cybersecurity threats. This benefits our clients by safeguarding their data, environments and projects. • Recording project decisions, technical requirements and communications so that we can deliver services accurately, maintain quality, ensure continuity, resolve issues efficiently and meet contractual expectations. • Improving our services, processes and user experience, including using website analytics and service usage information in a way that does not identify individuals unnecessarily and does not negatively impact their privacy. We have assessed these interests carefully and determined that: • The personal information we use is limited, proportionate, and necessary for providing consultancy and technology services. • The processing poses minimal risk to individuals, as it relates mainly to business contact details and service related interactions. • Individuals would reasonably expect their information to be used in this way during a commercial engagement with us. • Our use of the information does not override the rights or freedoms of the people whose information we process. • We have implemented appropriate safeguards, including access controls, data minimisation and secure storage, to further protect individuals’ information. Overall, using personal information in this way is essential for delivering our services effectively and securely, provides clear benefits to our clients, and does not cause undue risk or harm to any individual.  

For more information on our use of legitimate interests as a lawful basis you can contact us using the contact details set out above. 

Our lawful bases for collecting or using personal information for the operation of customer accounts and guarantees are: 

• Contract – we have to collect or use the information so we can enter into or carry out a contract with you. All of your data protection rights may apply except the right to object. 

• Legal obligation – we have to collect or use your information so we can comply with the law. All of your data protection rights may apply, except the right to erasure, the right to object and the right to data portability. 

• Legitimate interests – we’re collecting or using your information because it benefits you, our organisation or someone else, without causing an undue risk of harm to anyone. All of your data protection rights may apply, except the right to portability. Our legitimate interests are: 

• We process certain personal information under the lawful basis of legitimate interests because it is necessary for us to operate and manage customer accounts in a secure, efficient and reliable way, while ensuring that these interests do not override the rights and freedoms of the individuals whose information we process. Our legitimate interests include: Administering and maintaining customer account access, including user registration, authentication, role management and permissions, so that authorised individuals can use our systems and services effectively. Ensuring the security and integrity of our platforms, including monitoring account activity and access logs to detect misuse, protect against security threats, and maintain the resilience of our environments. This protects both our clients and our organisation. Supporting continuity of service, including recording accountrelated information such as configuration details, support interactions, and projectrelated access requirements, so we can deliver services smoothly across teams and over time. Providing efficient communication and coordination, ensuring we can contact the correct individuals about account usage, technical updates, planned maintenance, or any issues that may affect service delivery. Improving the administration and performance of customer accounts, including reviewing how accounts are used so we can streamline access, reduce friction and enhance the customer experience without impacting individual privacy. We have assessed these interests and determined that: The processing is necessary and proportionate for operating customer accounts and delivering our contracted services. Individuals would reasonably expect their information to be used in this way when they engage with us as part of a business relationship. The processing involves minimal privacy risk, as it relates mainly to professional contact details and account credentials. We apply appropriate safeguards — including access controls, data minimisation and secure storage — to protect individuals’ data and maintain confidentiality. The benefits to clients and IJYI of secure, functional customer accounts outweigh any potential impact on the individuals involved. Overall, the processing is essential for delivering secure, reliable and wellmanaged accountbased services, is in the legitimate interests of both IJYI and its clients, and does not unfairly impact the rights of individuals. 

For more information on our use of legitimate interests as a lawful basis you can contact us using the contact details set out above. 

Our lawful bases for collecting or using personal information to prevent, detect, investigate or prosecute crimes are: 

• Legal obligation – we have to collect or use your information so we can comply with the law. All of your data protection rights may apply, except the right to erasure, the right to object and the right to data portability. 

Our lawful bases for collecting or using personal information for service updates or marketing purposes are: 

• Consent – we have permission from you after we gave you all the relevant information. All of your data protection rights may apply, except the right to object. To be clear, you do have the right to withdraw your consent at any time. 

• Contract – we have to collect or use the information so we can enter into or carry out a contract with you. All of your data protection rights may apply except the right to object. 

• Legitimate interests – we’re collecting or using your information because it benefits you, our organisation or someone else, without causing an undue risk of harm to anyone. All of your data protection rights may apply, except the right to portability. Our legitimate interests are: 

• We process certain personal information under the lawful basis of legitimate interests because it is necessary for us to keep our business contacts informed about relevant service updates, security notices, product improvements and events, and to manage lowrisk B2B marketing in a way that does not override the rights and freedoms of the individuals involved. Our legitimate interests include: Providing service and security updates relevant to the platforms, tools and services our clients use, including maintenance notifications, feature changes and incident advisories, so that customers can plan and operate effectively. Sharing information that supports customers’ use of our services, such as bestpractice guidance, product enhancements and opportunities to learn (e.g., webinars or events) that are closely related to services they already receive. Maintaining professional B2B relationships with clients, prospects and partners by communicating clearly and efficiently with the appropriate contacts at each organisation. Improving the usefulness and relevance of our communications, including measuring engagement at an aggregate level to refine content and reduce unnecessary messages. We have assessed these interests and determined that: The data processed (primarily business contact details and role information) is limited, proportionate and necessary for keeping customers informed and ensuring continuity of service. Individuals reasonably expect to receive servicerelated updates and relevant B2B communications from an existing supplier. We provide simple, immediate optout mechanisms for marketing and honour objections to further communications. We apply appropriate safeguards (data minimisation, secure storage, access controls) and avoid using sensitive or special category data for marketing. The benefits to clients (timely information, secure and reliable services) outweigh any potential impact on individuals, which we keep low through frequency controls and preference management. Overall, this processing helps us deliver timely, relevant updates and maintain effective professional communications, while respecting individuals’ privacy and their right to object at any time. 

For more information on our use of legitimate interests as a lawful basis you can contact us using the contact details set out above. 

Our lawful bases for collecting or using personal information for research or archiving purposes are: 

• Legitimate interests – we’re collecting or using your information because it benefits you, our organisation or someone else, without causing an undue risk of harm to anyone. All of your data protection rights may apply, except the right to portability. Our legitimate interests are: 

• We process limited personal information under the lawful basis of legitimate interests because it is necessary for us to understand how our services are used, improve their performance, and maintain appropriate internal records, while ensuring that these interests do not override the rights and freedoms of the individuals whose information we process. Our legitimate interests include: Maintaining internal records and archives to support service continuity, understand historical project context, and improve the quality and consistency of our services over time. Carrying out internal research and analysis, such as reviewing anonymised or pseudonymised website analytics, usage patterns, and service performance data, to make informed decisions about improving our systems, website and customer experience. Ensuring our services remain reliable, secure and relevant, by analysing technical trends, identifying areas for optimisation, and learning from historical information in a way that benefits our clients and supports longterm service improvement. We have assessed these interests and determined that: The information we use for research or archiving is minimal, proportionate and often anonymised or pseudonymised wherever possible. Individuals would reasonably expect a professional services organisation to maintain internal records and analyse service performance. The processing poses a very low privacy risk, as it does not involve special category data or intrusive profiling. The processing does not override individuals’ rights, and we provide clear mechanisms for people to exercise those rights if they wish. We apply strong safeguards such as access controls, secure storage, and data minimisation to protect any personal information involved. Overall, this processing is necessary for us to maintain accurate internal records, improve our services responsibly, and operate efficiently as a business, while ensuring that individuals’ privacy is fully respected. 

For more information on our use of legitimate interests as a lawful basis you can contact us using the contact details set out above. 

Our lawful bases for collecting or using personal information for legal requirements are: 

• Legal obligation – we have to collect or use your information so we can comply with the law. All of your data protection rights may apply, except the right to erasure, the right to object and the right to data portability. 

Our lawful bases for collecting or using personal information for recruitment purposes are: 

• Contract – we have to collect or use the information so we can enter into or carry out a contract with you. All of your data protection rights may apply except the right to object. 

• Legal obligation – we have to collect or use your information so we can comply with the law. All of your data protection rights may apply, except the right to erasure, the right to object and the right to data portability. 

• Legitimate interests – we’re collecting or using your information because it benefits you, our organisation or someone else, without causing an undue risk of harm to anyone. All of your data protection rights may apply, except the right to portability. Our legitimate interests are: 

• We process certain personal information under the lawful basis of legitimate interests because it is necessary for us to identify, assess and engage suitable candidates for employment and contractor roles, while ensuring these interests do not override the rights and freedoms of the individuals involved. Our legitimate interests include: Running fair and efficient recruitment processes, including reviewing CVs\/applications, assessing skills and experience, and communicating with candidates about roles and selection outcomes. Protecting the integrity of our hiring decisions, by verifying professional history, considering references, and preventing fraudulent applications or misuse of our recruitment channels. Maintaining a limited talent pipeline, where appropriate, by keeping relevant candidate information for a short period to consider them for closely related opportunities that may arise, in line with reasonable expectations. We have assessed these interests and determined that: The personal information used (primarily professional contact details, CV content, and interview notes) is limited, relevant and necessary to make informed hiring decisions. Individuals reasonably expect their information to be processed in this way when they apply for a role with a technology consultancy. The processing poses low privacy risk and does not involve intrusive profiling or special category data, unless a candidate voluntarily provides it (e.g., reasonable adjustments), in which case we apply heightened safeguards or rely on a more appropriate lawful basis. We provide clear routes for candidates to exercise their data protection rights (access, rectification, objection, erasure where applicable). We apply appropriate safeguards, including access controls, secure storage, retention limits, and data minimisation, to protect candidates’ information. Overall, processing candidate information in this way enables us to make fair, timely and wellsupported hiring decisions, which benefits both candidates and IJYI, without causing undue risk or harm to individuals. 

For more information on our use of legitimate interests as a lawful basis you can contact us using the contact details set out above. 

Our lawful bases for collecting or using personal information for dealing with queries, complaints or claims are: 

• Contract – we have to collect or use the information so we can enter into or carry out a contract with you. All of your data protection rights may apply except the right to object. 

• Legal obligation – we have to collect or use your information so we can comply with the law. All of your data protection rights may apply, except the right to erasure, the right to object and the right to data portability. 

• Legitimate interests – we’re collecting or using your information because it benefits you, our organisation or someone else, without causing an undue risk of harm to anyone. All of your data protection rights may apply, except the right to portability. Our legitimate interests are: 

• We process certain personal information under the lawful basis of legitimate interests because it is necessary for us to investigate and respond to queries, complaints or claims in a fair, efficient and secure manner, while ensuring that these interests do not override the rights and freedoms of the individuals involved. Our legitimate interests include: Providing effective customer service and support, ensuring we can properly understand and respond to questions, concerns or issues raised by clients, suppliers or other individuals who interact with us. Investigating and resolving complaints or claims, including reviewing relevant correspondence, account information, service records and technical logs so that we can address problems thoroughly and prevent future issues. Protecting our organisation from fraud, misuse, or disputes, including gathering information needed to verify facts, support decisionmaking, defend against legal claims, or engage with insurers or professional advisers where required. Improving the quality and reliability of our services, using insights from complaints or queries to identify patterns, address root causes and make improvements that benefit our clients and stakeholders. We have assessed these interests and determined that: The personal information processed is limited to what is necessary for handling the specific query, complaint or claim. Individuals reasonably expect us to process their information when they contact us with an issue or raise a concern. The processing poses low privacy risk, as it generally involves professional contact details, service information and correspondence directly provided by the individual. The processing does not override individuals’ rights and freedoms, and we provide clear routes for them to exercise their data protection rights. We use strong safeguards, including restricted access, secure storage, data minimisation and appropriate retention controls, to ensure personal information is handled safely and responsibly. Overall, this processing enables us to respond to people fairly, resolve issues effectively, and maintain the quality and integrity of our services without causing undue risk or harm to individuals. 

For more information on our use of legitimate interests as a lawful basis you can contact us using the contact details set out above. 

Where we get personal information from 

• Directly from you 

• Councils and other public sector organisations 

• Publicly available sources 

• Previous employers 

• Suppliers and service providers 

• Third parties: 

• Microsoft Azure Amazon Web Services (AWS) Google Cloud Platform (GCP) GitHub \/ GitHub Actions Atlassian (Jira, Confluence, Bitbucket) 

How long we keep information 

[Paste your retention schedule here.] 

For more information on how long we store your personal information or the criteria we use to determine this please contact us using the details provided above. 

[You said you had a retention schedule, but it wasn’t available online. You can paste it above – you must not publish the privacy notice without it.] 

How to complain 

If you have any concerns about our use of your personal data, you can make a complaint to us using the contact details at the top of this privacy notice. 

If you remain unhappy with how we’ve used your data after raising a complaint with us, you can also complain to the ICO. 

The ICO’s address:            

Information Commissioner’s Office 
Wycliffe House 
Water Lane 
Wilmslow 
Cheshire 
SK9 5AF 

Helpline number: 0303 123 1113 

Website: https://www.ico.org.uk/make-a-complaint 

Last updated