Dark background with horizontal blue glowing lines creating a digital or sci-fi visual effect.

A digital neon blue circular graphic with concentric rings and arrow-like segments, resembling a futuristic radar or interface design.

Privacy policy

1. Who we are

Nebulogiq Ltd (“we”, “us”, “our”) is a registered company in England and Wales, providing managed IT and cybersecurity services to businesses across the UK. Our registered office is at Delta House, 16 Bridge Road, Haywards Heath, West Sussex, RH16 1UA.

For any privacy-related queries, you can contact us at:

Email: privacy@nebulogiq.com
Post: Data Controller, Nebulogiq Ltd, Delta House, 16 Bridge Road, Haywards Heath, West Sussex, RH16 1UA

We are the data controller for the personal data we collect via this website and in connection with our services.

2. What this policy covers

This privacy policy explains how Nebulogiq Ltd collects, uses, stores, and shares your personal data when you:

Visit our website at www.nebulogiq.com
Contact us via email, phone, or web forms
Engage with us as a prospective or existing client
Subscribe to our communications

We are committed to protecting your personal data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

3. What personal data we collect

Depending on how you interact with us, we may collect the following categories of personal data:

Contact and identity information

Full name, job title, company name
Email address, phone number
Postal address

Technical and usage data

IP address, browser type and version
Pages visited, time spent on site, referral source
Device information and operating system

Communications data

Content of enquiries, emails, or messages sent to us
Records of calls or meetings where relevant

Business and contractual data (clients only)

Company details and billing information
Service usage and support ticket information
System and network information necessary to deliver managed services

We do not knowingly collect personal data from individuals under the age of 16.

4. How we collect your data

We collect personal data through:

Website forms: contact, enquiry, and lead generation forms
Direct communication: email, phone calls, and meetings
Cookies and analytics tools: when you browse our website (see Section 9)
LinkedIn and social media: if you engage with us through professional networks
Service delivery: information provided during onboarding or the delivery of managed IT and cybersecurity services

5. Why we use your data (Lawful Basis)

We only process your personal data where we have a lawful basis to do so under UK GDPR. The bases we rely on are:

  
      Purpose
      Lawful Basis
    
      Responding to enquiries and providing information about our services
      Legitimate interests
    
      Performing a contract or taking steps prior to entering a contract
      Contract
    
      Delivering managed IT and cybersecurity services to clients
      Contract
    
      Sending relevant marketing communications (where opted in)
      Consent
    
      Complying with legal and regulatory obligations
      Legal obligation
    
      Conducting security assessments and audits
      Legitimate interests / Contract
    
      Improving our website and services
      Legitimate interests

Purpose	Lawful Basis
Responding to enquiries and providing information about our services	Legitimate interests
Performing a contract or taking steps prior to entering a contract	Contract
Delivering managed IT and cybersecurity services to clients	Contract
Sending relevant marketing communications (where opted in)	Consent
Complying with legal and regulatory obligations	Legal obligation
Conducting security assessments and audits	Legitimate interests / Contract
Improving our website and services	Legitimate interests

Where we rely on legitimate interests, we have assessed that our interests do not override your fundamental rights and freedoms.

6. Marketing communications

We may contact you with information about our services, industry insights, or relevant cybersecurity guidance where you have:

Opted in to receive such communications, or
Made an enquiry or entered into a business relationship with us, and the communication is relevant to that context (soft opt-in)

You can opt out at any time by:

Clicking the unsubscribe link in any email we send
Emailing us at privacy@nebulogiq.com
Calling us and requesting removal

We will process your request promptly and within no more than 10 working days.

7. Who we share your data with

We do not sell your personal data. We may share it with:

Service providers and sub-processors: Third-party tools we use to operate our business (e.g. CRM platforms, email services, cloud infrastructure). These parties process data on our behalf under data processing agreements.

Technology partners: Where required to deliver managed services (e.g. security vendors, Microsoft, third-party monitoring tools).

Legal and regulatory bodies: Where required by law, court order, or regulatory obligation.

Professional advisers: Solicitors, accountants, or auditors, where necessary and bound by confidentiality obligations.

All third parties we engage are required to handle your data in compliance with UK GDPR.

8. International transfers

Where any personal data is transferred outside the UK, we ensure appropriate safeguards are in place, including the UK International Data Transfer Agreement (IDTA) or adequacy decisions, in line with UK GDPR requirements.

9. Cookies

Our website uses cookies to improve your browsing experience and help us understand how visitors use our site.

Essential cookies: Required for the website to function. Cannot be disabled.
Analytics cookies: Help us understand website traffic and behaviour. These are only placed with your consent.
Marketing cookies: Used to track engagement with any advertising or campaigns. Only placed with your consent.

You can manage your cookie preferences via the cookie consent banner on your first visit, or by adjusting your browser settings at any time. Please note that disabling certain cookies may affect website functionality.

10. Data Retention

We retain personal data only for as long as necessary for the purpose it was collected, or as required by law.

  
      Data Type
      Retention Period
    
      Prospect / lead data (no contract formed)
      24 months from last contact
    
      Client data
      Duration of contract + 6 years
    
      Financial and invoicing records
      6 years (statutory requirement)
    
      Support and incident records
      3 years from closure
    
      Website analytics data
      26 months

Data Type	Retention Period
Prospect / lead data (no contract formed)	24 months from last contact
Client data	Duration of contract + 6 years
Financial and invoicing records	6 years (statutory requirement)
Support and incident records	3 years from closure
Website analytics data	26 months

After the applicable retention period, data is securely deleted or anonymised.

11. Your Rights

Under UK GDPR, you have the following rights in relation to your personal data:

Right of access: Request a copy of the personal data we hold about you
Right to rectification: Ask us to correct inaccurate or incomplete data
Right to erasure: Ask us to delete your data in certain circumstances
Right to restrict processing: Ask us to limit how we use your data
Right to data portability: Receive your data in a structured, machine-readable format
Right to object: Object to processing based on legitimate interests or for direct marketing
Rights related to automated decision-making: We do not use solely automated decision-making that produces legal or similarly significant effects

To exercise any of these rights, please contact us at privacy@nebulogiq.com. We will respond within one calendar month of receiving your request. We may need to verify your identity before processing your request.

12. How We Protect Your Data

We take the security of your personal data seriously. As a security-first organisation, our measures include:

Encryption of data in transit and at rest
Access controls and role-based permissions
Regular security assessments and vulnerability management
Staff awareness training on data protection and information security
Incident response and breach notification procedures

In the event of a personal data breach that poses a risk to your rights and freedoms, we will notify the Information Commissioner's Office (ICO) within 72 hours and inform affected individuals without undue delay where required.

13. The Right to Complain

If you believe we have not handled your personal data in accordance with UK GDPR, you have the right to lodge a complaint with the Information Commissioner's Office (ICO):

Website: ico.org.uk
Phone: 0303 123 1113
Post: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF

We would, however, welcome the opportunity to address your concerns directly before you contact the ICO. Please reach out to us first at privacy@nebulogiq.com.

14. Changes to This Policy

We may update this policy from time to time to reflect changes in our practices, services, or legal requirements. When we make significant changes, we will update the "Last updated" date at the top of this page.

We encourage you to review this policy periodically. Continued use of our website or services after any changes constitutes acceptance of the updated policy.

15. Contact Us

For any questions about this privacy policy or how we handle your personal data:

Nebulogiq Ltd

Delta House, 16 Bridge Road, Haywards Heath, West Sussex, RH16 1UA

Email: privacy@nebulogiq.com

Website: www.nebulogiq.com

Policy last updated: April 2026