Switching providers? We’ll migrate your website, email & VoIP for free — zero downtime. Get in touch →

Privacy Policy

Last updated: 24 April 2026

This Privacy Policy explains how KRLIT (“we”, “us”, “our”) collects, uses, stores, and protects personal data. We are committed to handling your data lawfully, fairly, and transparently in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

1. Who We Are

KRLIT is a sole trader business based in Hull, East Yorkshire, providing web hosting, CRM hosting, email services, and related IT solutions to clients in the UK.

Data Controller: KRLIT
Contact: hello@krlit.co.uk
Location: Hull, East Yorkshire, United Kingdom

We are registered with the UK Information Commissioner’s Office (ICO) where required by law. If you have concerns about how we handle your data, you have the right to contact us first or lodge a complaint directly with the ICO at ico.org.uk.

2. What Data We Collect

We collect and process the following categories of personal data:

Information you provide directly

  • Name, business name, and job title
  • Contact details: email address, phone number, postal address
  • Billing information (we use a third-party payment processor — we do not store full card details on our systems)
  • Account username for services you use with us. We do not store passwords.
  • Information contained in any communications you send us

Information collected automatically

  • IP addresses, browser type, and device information when you visit our website
  • Server logs relating to services we host on your behalf (access logs, error logs, security events)
  • Cookies and similar technologies (see our Cookie Policy section below)

Information you store on services we host

When you use our hosting or CRM services, you may upload, store, or process personal data relating to your own customers, contacts, or staff. In relation to that data, you are the Data Controller and we act as a Data Processor on your behalf. A separate Data Processing Agreement (DPA) governs that relationship.

3. How We Use Your Data and Our Lawful Basis

UK GDPR requires us to have a lawful basis for processing your personal data. We rely on the following bases:

PurposeLawful Basis
Providing services you have requested (hosting, CRM, email)Performance of a contract
Processing payments and managing accountsPerformance of a contract
Sending service-related notifications (outages, maintenance, security)Legitimate interests / Performance of a contract
Responding to enquiries and providing supportLegitimate interests
Complying with legal, accounting, and tax obligationsLegal obligation
Protecting our systems and clients from fraud, abuse, and security threatsLegitimate interests
Sending marketing communications about our servicesConsent / Legitimate interests (existing clients)

4. How Long We Keep Your Data

We retain personal data only for as long as is necessary for the purposes set out above, or to comply with legal requirements:

  • Active client accounts: for the duration of the service plus a reasonable wind-down period
  • Billing and tax records: 6 years from the end of the relevant tax year (HMRC requirement)
  • Server logs and security data: typically 30–90 days unless required for an active investigation
  • Marketing contacts: until you unsubscribe or request removal
  • Backups: our backup retention may temporarily extend the above periods; backups are overwritten on rotation

5. Who We Share Your Data With

We do not sell your personal data. We share data only where necessary to deliver our services or comply with the law. Our processors and partners include:

  • Infrastructure providers hosting our servers (e.g. our data centre and cloud providers)
  • Payment processors handling transactions on our behalf
  • Email and communication tools we use to contact you
  • Accounting and tax software for our financial records
  • Professional advisors such as accountants or legal advisors, where strictly necessary
  • Law enforcement or regulators where we are legally required to disclose information

All processors we use are bound by written agreements requiring them to handle your data in compliance with UK GDPR. A current list of subprocessors is available on request.

6. International Transfers

Where possible, we use UK and EU-based providers. Where data is transferred outside the UK or European Economic Area, we ensure adequate safeguards are in place, such as the UK Government’s adequacy regulations, the International Data Transfer Agreement (IDTA), or the UK Addendum to the EU Standard Contractual Clauses.

7. Your Rights

Under UK GDPR, you have the following rights regarding your personal data:

  • Right of access: request a copy of the personal data we hold about you
  • Right to rectification: ask us to correct inaccurate or incomplete data
  • Right to erasure: ask us to delete your data, subject to certain legal exceptions
  • Right to restrict processing: ask us to limit how we use your data
  • Right to data portability: receive your data in a structured, commonly used format
  • Right to object: object to processing based on our legitimate interests, including direct marketing
  • Rights related to automated decision-making: we do not use automated decision-making or profiling that produces legal effects
  • Right to withdraw consent: where we rely on consent, you can withdraw it at any time

To exercise any of these rights, contact us at hello@krlit.co.uk. We will respond within one calendar month. There is normally no charge, although we may charge a reasonable fee or refuse manifestly unfounded or excessive requests.

8. How We Protect Your Data

We take security seriously and apply appropriate technical and organisational measures, including:

  • Encryption of data in transit (TLS/SSL) and at rest where appropriate
  • Access controls and authentication on all systems handling personal data
  • Regular software updates, patching, and security monitoring
  • Firewall and intrusion prevention systems on hosting infrastructure
  • Regular backups stored securely
  • Limited access to personal data on a need-to-know basis

No system can be guaranteed completely secure. In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the ICO within 72 hours and inform affected individuals where required.

9. Cookies

Our website uses a small number of cookies. Strictly necessary cookies are used to operate the site and do not require consent. Any analytics or non-essential cookies will only be set with your consent via our cookie banner. You can control cookies through your browser settings or our cookie preferences tool.

10. Children’s Data

Our services are intended for businesses and adults. We do not knowingly collect personal data from anyone under the age of 16. If you believe we have inadvertently collected such data, please contact us and we will delete it promptly.

11. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, services, or legal requirements. The “Last updated” date at the top of this page will reflect the most recent version. Material changes will be communicated to active clients by email.

12. Contact Us

If you have any questions about this Privacy Policy or how we handle your personal data, please contact:

KRLIT
Email: hello@krlit.co.uk
Location: Hull, East Yorkshire, United Kingdom

If you are not satisfied with our response, you have the right to complain to the Information Commissioner’s Office:

Information Commissioner’s Office
Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF
Helpline: 0303 123 1113
Website: ico.org.uk