Legal
Privacy Policy
Last updated: June 2026
KRL IT Services (“we”, “us”, “our”) is committed to protecting your personal data. This policy explains what data we collect, how we use it, and your rights under UK GDPR.
1. What data we collect
We may collect the following personal data:
- Name and job title
- Business name and address
- Email address and phone number
- Billing information (invoices, payment records)
- Technical data (IP addresses, service logs) where necessary for security and service delivery
We do not collect sensitive personal data (such as health information or financial account details beyond what is needed to process payment).
2. How we collect your data
- Directly from you when you contact us, request a quote, or sign up for a service
- Through use of our services (e.g. server logs for security purposes)
- Via our website contact form
3. How we use your data
We use your data to:
- Deliver and manage the services you have purchased
- Send invoices and process payments
- Communicate with you about your account, service updates, or issues
- Comply with our legal and regulatory obligations
- Improve our services
Our legal basis for processing is primarily contract performance (Article 6(1)(b) UK GDPR) and legitimate interests (Article 6(1)(f)) for security and service improvement purposes.
4. Data sharing
We do not sell your personal data to third parties.
We may share your data with:
- Payment processors, solely to process your payment
- IT infrastructure providers (e.g. hosting platforms) where necessary to deliver your service
- Legal or regulatory authorities if required by law
All third parties we work with are required to handle your data in accordance with UK GDPR.
5. Data retention
We retain your personal data for as long as you are a customer and for up to 6 years after the end of your contract, in accordance with our legal obligations (e.g. HMRC record-keeping requirements).
Technical logs are retained for a maximum of 90 days.
On written request, we will delete your personal data earlier where we have no legal obligation to retain it.
6. Your rights
Under UK GDPR, you have the right to:
- Access the personal data we hold about you
- Request correction of inaccurate data
- Request deletion of your data (subject to legal retention obligations)
- Object to processing based on legitimate interests
- Request restriction of processing
- Data portability (receive your data in a machine-readable format)
- Withdraw consent where processing is based on consent
To exercise any of these rights, contact us at hello@krlit.co.uk. We will respond within 30 days.
If you are unhappy with how we handle your data, you have the right to lodge a complaint with the Information Commissioner’s Office (ICO) at ico.org.uk.
7. Cookies
Our website uses only essential cookies necessary for the site to function correctly (e.g. caching and session management). We do not use marketing, tracking, or analytics cookies.
For full details, see our Cookie Policy.
8. Security
We take appropriate technical and organisational measures to protect your personal data against unauthorised access, loss, or disclosure. These measures include encrypted data transmission (HTTPS), access controls, and regular security reviews.
9. Changes to this policy
We may update this Privacy Policy from time to time. The latest version will always be available at krlit.co.uk/privacy. We will notify you of significant changes by email.