Privacy Policy
Last Updated: 30th December 2025
Next2IT Ltd (“we”, “our”, or “us”) is committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website, use our services, or interact with us.
1. Who We Are
Next2IT Ltd is an IT consultancy and managed services provider registered in England and Wales.
Registered Office: 6 Marconi Gate, Staffordshire Technology Park, Stafford, ST18 0FZ
Email: privacy@next2it.co.uk
2. Information We Collect
We collect information that you provide directly to us, information we obtain automatically when you use our services, and information from third-party sources.
2.1 Information You Provide to Us
Account Information: Username, password, security questions when you create an account for our services
Business Information: Company details, technical environment information, IT infrastructure details when engaging our services
Communication Data: Information contained in enquiries, support requests, feedback, or correspondence you send to us
Service Data: Information about your use of our IT services, including system logs, performance data, and service requests
Payment Information: Billing address and payment details (processed securely by our payment providers)
2.2 Information We Collect Automatically
Usage Information: Pages visited, time spent on pages, links clicked, referring website addresses
Location Data: General geographic location based on IP address
Cookies and Similar Technologies: Information collected through cookies, web beacons, and similar tracking technologies (see Section 6)
3. How We Use Your Information
We use the information we collect for the following purposes:
Communication: To respond to your enquiries, send service notifications, provide technical support, and communicate about your account
Business Operations: To process transactions, send invoices, manage accounts, and fulfil contractual obligations
Service Improvement: To analyse usage patterns, monitor service performance, and develop new features or services
Security: To detect, prevent, and address technical issues, security threats, fraud, or other malicious activity
Marketing: To send marketing communications about our services, industry insights, and company updates (with your consent where required)
Legal Compliance: To comply with applicable laws, regulations, legal processes, or enforceable governmental requests
Business Analytics: To conduct research, analysis, and reporting about our services and customer base
4. Legal Basis for Processing (UK GDPR)
We process your personal data under the following legal bases:
Legitimate Interests: Processing necessary for our legitimate business interests, such as improving services, maintaining security, and conducting business operations
Legal Obligation: Processing necessary to comply with legal requirements, including tax, accounting, and regulatory obligations
Consent: Processing based on your explicit consent for marketing communications or other specific purposes (you may withdraw consent at any time)
5. How We Share Your Information
We do not sell your personal information. We may share your information in the following circumstances:
Microsoft and Cloud Partners: When providing Modern Workplace, Microsoft 365, or cloud services, we may share necessary information with Microsoft, Amazon, and other cloud platform providers to deliver services.
Professional Advisers: We may share information with lawyers, accountants, auditors, and other professional advisers who assist us with business operations.
Business Transfers: If Next2IT is involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction.
Legal Requirements: We may disclose information when required by law, court order, or governmental authority, or when necessary to protect our rights, property, or safety, or that of others.
With Your Consent: We may share information with third parties when you have given explicit consent for specific purposes.
6. Cookies and Tracking Technologies
We use cookies and similar tracking technologies to collect information about your browsing activities. Cookies are small data files stored on your device.
Types of Cookies We Use
Performance Cookies: Collect information about how visitors use our website, helping us improve performance and user experience
Functional Cookies: Remember your preferences and choices to provide enhanced, personalised features
Marketing Cookies: Track your browsing activity to display relevant advertisements and measure marketing campaign effectiveness
You can control cookies through your browser settings. However, disabling cookies may affect website functionality. Most browsers allow you to refuse cookies, delete existing cookies, or receive notification before cookies are stored.
7. Data Security
We implement appropriate technical and organisational measures to protect your personal information against unauthorised access, alteration, disclosure, or destruction. Our security measures include:
– Regular security assessments and penetration testing
– Access controls limiting employee access to personal data on a need-to-know basis
– Secure authentication mechanisms including multi-factor authentication
– Regular staff training on data protection and security best practices
– Incident response procedures to address potential data breaches
– Secure data centres with physical and environmental controls
While we strive to protect your personal information, no method of transmission over the internet or electronic storage is completely secure. We cannot guarantee absolute security but are committed to implementing and maintaining appropriate safeguards.
8. Data Retention
We retain your personal information only for as long as necessary to fulfil the purposes for which it was collected, including:
– Financial Records: Retained for 7 years to comply with UK tax and accounting requirements
– Marketing Communications: Retained until you unsubscribe or withdraw consent
– Website Analytics: Typically retained for 26 months
– Legal Requirements: Some information may be retained longer when required by law or to establish, exercise, or defend legal claims
When personal information is no longer needed, we securely delete or anonymise it in accordance with our data retention and disposal procedures.
9. Your Rights Under UK GDPR
Under UK GDPR, you have the following rights regarding your personal information:
Right to Rectification: Request correction of inaccurate or incomplete personal information
Right to Erasure: Request deletion of your personal information in certain circumstances
Right to Restriction: Request that we limit processing of your personal information in specific situations
Right to Data Portability: Receive your personal information in a structured, commonly used format and transmit it to another controller
Right to Object: Object to processing of your personal information for direct marketing or based on legitimate interests
Rights Related to Automated Decision-Making: Not be subject to decisions based solely on automated processing that produce legal or similarly significant effects
Right to Withdraw Consent: Withdraw consent at any time where processing is based on consent (without affecting lawfulness of processing before withdrawal)
To exercise any of these rights, please contact us at privacy@next2it.co.uk. We will respond to your request within one month, though this may be extended by two additional months for complex requests. We may request additional information to verify your identity before processing your request.
You have the right to lodge a complaint with the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues. Visit www.ico.org.uk or call 0303 123 1113.
10. International Data Transfers
We primarily store and process data within the United Kingdom and European Economic Area. When we transfer personal information outside the UK/EEA, we ensure appropriate safeguards are in place, including:
– Using Standard Contractual Clauses approved by the UK authorities
– Relying on approved certification mechanisms
– Implementing appropriate technical and organisational security measures
11. Third-Party Links
Our website may contain links to third-party websites, applications, or services. We are not responsible for the privacy practices or content of these third parties. We encourage you to review the privacy policies of any third-party sites you visit. This Privacy Policy applies solely to information collected by Next2IT.
12. Children’s Privacy
Our services are not directed to individuals under 18 years of age. We do not knowingly collect personal information from children. If you become aware that a child has provided us with personal information, please contact us immediately. If we discover we have collected information from a child without parental consent, we will delete that information promptly.
13. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors. We will notify you of any material changes by posting the updated policy on our website with a new “Last Updated” date. For significant changes, we may provide additional notice such as email notification. Your continued use of our services after such modifications constitutes acceptance of the updated Privacy Policy. We encourage you to review this policy periodically.