Privacy Policy | Record Group

1. About Record Group

Record Digital Limited (trading as Record Group) ("we", "us", "our") is a United Kingdom-based IT services and cyber security company operating across the Midlands region. We are committed to protecting the privacy and security of your personal data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

Data Controller: Record Digital Limited (trading as Record Group)

Contact Email: [email protected]

Phone: 01299 333444

Address: 20b Lombard Street, Stourport-on-Severn, Worcestershire, DY13 8DR

Website: www.record-group.co.uk

2. Data We Collect

We may collect and process the following categories of personal data:

Information You Provide Directly

Contact information: name, email address, phone number, company name
Enquiry details: service requirements, project details, budget range
Communication records: emails, contact form submissions, chatbot conversations
Newsletter subscriptions: email address and preferences

Information Collected Automatically

Technical data: IP address, browser type, operating system, device information
Usage data: pages visited, time on site, referral source, click behaviour
Cookie data: session identifiers, preference cookies, analytics cookies

Information From Third Parties

Publicly available business information for lead qualification
Referral information from existing clients (with consent)

3. How We Use Your Data

We process your personal data for the following purposes, each supported by a lawful basis under UK GDPR:

Purpose	Lawful Basis
Responding to enquiries and providing quotes	Legitimate interest / Contract performance
Delivering contracted IT services	Contract performance
Sending newsletters and marketing communications	Consent
Improving our website and services	Legitimate interest
Website analytics and performance monitoring	Legitimate interest
AI chatbot interactions and lead qualification	Legitimate interest / Consent
Legal compliance and fraud prevention	Legal obligation

4. Cookies

Our website uses cookies and similar tracking technologies to enhance your experience and analyse website performance.

Essential Cookies

Required for the website to function correctly. These cannot be disabled. They include session management and security cookies.

Analytics Cookies

We use analytics tracking to understand how visitors interact with our website. This data is processed on our internal servers and is not shared with third-party analytics providers. Data collected includes pages viewed, session duration, and referral sources.

Functional Cookies

These remember your preferences, such as chatbot conversation history and display settings, to provide a more personalised experience.

You can manage cookie preferences through your browser settings. Disabling certain cookies may affect website functionality.

5. Third-Party Services

We use a limited number of trusted third-party services to operate our website and deliver our services:

Cloudflare: We use Cloudflare for content delivery, DDoS protection, and DNS management. Cloudflare may process limited technical data (IP addresses, request headers) in accordance with their privacy policy. Cloudflare acts as a data processor on our behalf.
SMTP Email Services: Contact form submissions and newsletter communications are delivered via our SMTP infrastructure. Email addresses and message content are processed to facilitate communication.
Internal AI Servers: Our AI-powered chatbot runs on our own internal servers. Conversation data is stored securely on our infrastructure and is not transmitted to external AI providers. This data is used to improve our services and qualify enquiries.

We do not sell, trade, or otherwise transfer your personal data to third parties for their own marketing purposes.

6. Data Retention

We retain personal data only for as long as necessary to fulfil the purposes for which it was collected:

Data Type	Retention Period
Contact form submissions	24 months from submission
Client project data	6 years after contract completion
Newsletter subscriber data	Until unsubscribe request
Chatbot conversation logs	12 months from conversation
Website analytics data	26 months from collection
Financial and invoicing records	7 years (legal requirement)

After the retention period expires, data is securely deleted or anonymised.

7. Your Rights Under UK GDPR

Under the UK General Data Protection Regulation, you have the following rights regarding your personal data:

Right of Access: You have the right to request a copy of the personal data we hold about you (Subject Access Request).
Right to Rectification: You can request that we correct any inaccurate or incomplete personal data.
Right to Erasure: You can request that we delete your personal data where there is no compelling reason for continued processing.
Right to Restrict Processing: You can request that we limit how we use your data in certain circumstances.
Right to Data Portability: You can request a machine-readable copy of your data to transfer to another provider.
Right to Object: You can object to processing based on legitimate interests, including direct marketing.
Right to Withdraw Consent: Where processing is based on consent, you can withdraw it at any time without affecting the lawfulness of prior processing.

To exercise any of these rights, please contact us at [email protected]. We will respond to your request within 30 days.

You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk if you believe your data protection rights have been violated.

8. Security Measures

As a cyber security company, we take the protection of your data extremely seriously. We implement appropriate technical and organisational measures to safeguard your personal data, including:

TLS/SSL encryption for all data in transit
Encryption at rest for stored personal data
Regular security audits and vulnerability assessments
Strict access controls with multi-factor authentication
Regular staff training on data protection and security
Secure backup procedures with encrypted off-site storage
Incident response procedures for prompt breach notification
DDoS protection and web application firewall via Cloudflare

While no method of transmission over the Internet is 100% secure, we strive to use commercially acceptable means to protect your personal data and continuously improve our security posture.

9. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or services. When we make material changes, we will:

Update the "Last updated" date at the top of this page
Post a notice on our website for significant changes
Where required, notify affected individuals directly via email

We encourage you to review this page periodically to stay informed about how we protect your data.

10. Contact Us

If you have any questions about this Privacy Policy, wish to exercise your data protection rights, or have concerns about how we handle your personal data, please contact us:

Email: [email protected]
Phone: 01299 333444
Address: 20b Lombard Street, Stourport-on-Severn, Worcestershire, DY13 8DR
Website: www.record-group.co.uk/contact

We aim to resolve any data protection queries promptly and transparently. For Subject Access Requests, we will respond within 30 calendar days.