Legal and Compliance

Website Terms and Conditions and Privacy Policy

Infuse Technology Ltd t/a PKF Infuse
A company registered in England and Wales with company number 07661373

Registered Office: Prospect House, 1 Prospect Place, Millennium Way, Derby, DE24 8HG

 

1. Who we are

For the purposes of UK data protection law, the controller of personal data collected through this website is:

Infuse Technology Ltd t/a PKF Infuse
Prospect House, 1 Prospect Place
Millennium Way, Derby
DE24 8HG

Phone: 01332 37444
Email: dpo@pkfsmithcooper.com
Website: www.pkfinfuse.com

We process personal data in line with:

  • The UK General Data Protection Regulation (UK GDPR) as amended by the Data (Use and Access) Act 2025

  • The Data Protection Act 2018

  • The Privacy and Electronic Communications Regulations 2003 (PECR) as amended

2. Key definitions

The following terms have the meanings given in UK GDPR:

  • Personal data means any information relating to an identified or identifiable natural person.

  • Data subject means the individual whose personal data is processed.

  • Processing means any operation performed on personal data. This includes collection, recording, organisation, storage, alteration, retrieval, use, disclosure, restriction, erasure or destruction.

  • Controller means the organisation that decides why and how personal data is processed.

  • Processor means an organisation that processes personal data on behalf of a controller.

  • Recipient means anyone to whom personal data is disclosed.

  • Third party means any person other than the data subject, controller, processor or people authorised to process personal data under the direct authority of the controller or processor.

  • Consent means any freely given, specific, informed and unambiguous indication of the data subject's wishes signifying agreement to the processing of personal data.

3. Personal data we collect

We may collect and process the following categories of personal data:

  • Identity data such as name and job title.

  • Contact data such as business address, email address and telephone number.

  • Technical data such as IP address, browser type and version, time zone setting, operating system and platform.

  • Usage data such as information about how you use our website, pages viewed and time spent on pages.

  • Marketing and communications data such as your preferences in receiving marketing from us and your communication preferences.

  • Support interaction data such as information you provide on support tickets, emails and recorded calls to our helpdesk.

We do not intentionally collect special category data (for example health or religious data) through the website and ask you not to submit this through contact forms.

4. How we collect personal data

We collect personal data in the following ways:

  • Directly from you when you complete a contact form, sign up to an event or newsletter, email us, call us or otherwise communicate with us.

  • Automatically as you interact with our website through cookies and similar technologies.

  • Through our service systems such as ConnectWise and N-able where you are a user of services that we manage for your organisation.

5. How we use personal data and legal bases

We will only use personal data when UK law allows us to. Most commonly we will use personal data in the following circumstances:

  • To respond to enquiries and provide information you request
    Legal basis: legitimate interests (to respond to enquiries and grow our business) or performance of a contract where we are discussing or delivering services.

  • To manage and deliver our services to clients
    Legal basis: performance of a contract with your organisation and legitimate interests (to manage our business).

  • To improve our website, services and user experience
    Legal basis: legitimate interests (to keep our site updated and relevant and to develop our services).

  • To send you marketing communications
    Legal basis: consent where required under PECR, or legitimate interests where consent is not required and you have not opted out.

  • To comply with legal obligations
    For example to keep records for tax, regulatory or insurance purposes.
    Legal basis: compliance with legal obligations.

  • For cybersecurity, fraud prevention and service monitoring
    Legal basis: legitimate interests (to secure our systems and detect malicious activity) and compliance with legal obligations where relevant.

Where we rely on consent you have the right to withdraw that consent at any time.

6. Cookies and similar technologies

Our website uses cookies and similar technologies. Cookies are small text files stored on your device when you visit a website.

We use:

  • Strictly necessary cookies that are required for the operation of the site. These are set without consent.

  • Preference and analytics cookies that help us understand how the site is used and improve performance. Where required under PECR we obtain your consent before setting these cookies.

You can control cookies through:

  • Our on-site cookie banner or preference centre where available.

  • Your browser settings which allow you to block or delete cookies.

If you disable cookies some parts of the site may not function correctly.

7. ConnectWise and N-able data protection provisions

We use the following third party platforms to deliver managed IT services and support to our clients:

  • ConnectWise platforms such as professional services automation and related tools.

  • N-able platforms such as N-sight RMM, backup and other remote monitoring and management services.

  • SentinelOne EDR Provider

When we deliver services to your organisation we will often act as a controller for some data and a processor for other data. ConnectWise, SentinelOne N-able act as our processors. Please ask for a full list of our processors.

7.1 Types of personal data processed in these systems

Through ConnectWise and N-able we may process:

  • Names, business email addresses and telephone numbers of your staff and authorised users.

  • Device identifiers, usernames and technical logs relating to the devices and services we manage.

  • Ticket and support information including incident descriptions and troubleshooting notes.

  • Limited location or usage data associated with devices where required to provide the service.

We do not use these systems to intentionally store special category data and we ask clients not to enter such data into ticket descriptions unless strictly necessary.

7.2 Roles and responsibilities

  • Your organisation is usually the controller for user data related to your staff and devices.

  • Infuse Technology Ltd acts as a processor when managing your data in ConnectWise and N-able in line with our contract and your documented instructions.

  • ConnectWise and N-able act as our sub-processors under their own data processing agreements. These agreements reflect UK GDPR Article 28 requirements and include appropriate security, confidentiality and sub-processor controls. connectwise.com+1

7.3 International transfers

ConnectWise, SentinelOne,N-able and Microsoft are global providers. This means personal data may be processed or stored outside the UK and the European Economic Area.

Where that occurs we ensure that appropriate safeguards are in place, which may include:

  • The UK Information Commissioner's Office approved International Data Transfer Addendum to the EU Standard Contractual Clauses. connectwise.com

  • EU Standard Contractual Clauses where relevant. N-able

  • Technical and organisational measures to protect data in transit and at rest.

We review ConnectWise and N-able's security and privacy documentation regularly and keep records of the data processing arrangements.

7.4 How this affects you

Your rights under UK data protection law continue to apply to data held in these systems. Requests to exercise your rights should be made to us as controller or to your employer where your employer is the controller. We will work with ConnectWise and N-able where necessary to respond to those requests.

8. Other third party tools and plugins

We may use third party tools on the site such as analytics, security and social media plugins. These providers act as processors or independent controllers depending on the integration.

Where our website includes links to or plugins for third party sites such as Facebook, LinkedIn, X (Twitter) or others, your use of those services is subject to their own privacy notices and cookie policies. You should review those notices before using such services.

Where these tools set cookies that are not strictly necessary we will seek your consent through our cookie controls.

9. Disclosure of personal data

We may share personal data with:

  • Members of our corporate group where needed to deliver services.

  • Professional advisers including lawyers, bankers, auditors and insurers.

  • Service providers who act as processors such as hosting providers, email and telephony providers, ConnectWise and N-able.

  • Regulators, law enforcement agencies and other authorities where required by law or to protect our legal rights.

  • Potential buyers and their advisers in the context of a merger, acquisition or restructuring, subject to confidentiality obligations.

We do not sell personal data.

10. International transfers

Where we transfer personal data outside the UK we will ensure that one of the following conditions applies:

  • The destination country has been deemed to provide an adequate level of protection by the UK Government.

  • We use approved contractual clauses or a UK International Data Transfer Addendum with the recipient.

  • Another appropriate safeguard recognised under UK GDPR applies.

You can contact us for more information about specific transfer mechanisms used for your data.

11. Data retention

We keep personal data only for as long as reasonably necessary for the purposes set out in this notice and to satisfy legal, regulatory, tax, accounting or reporting requirements.

In general:

  • Website enquiry data is kept for up to 3 years from last contact.

  • Client and contract records are kept for the life of the contract then for up to 7 years after the end of the relationship.

  • Call recordings are kept for 30 days unless needed in connection with a complaint, claim or investigation.

Where we no longer need personal data we will delete or anonymise it.

12. Call recording

When you call our helpdesk or other support lines your call may be recorded. Call recordings may contain personal data.

We use call recordings to:

  • Monitor and improve the quality of our customer service.

  • Train and develop our staff.

  • Investigate complaints, incidents and potential security issues.

Call recordings may be shared with:

  • Third parties who help us deliver telephony and recording services.

  • Regulators, law enforcement or professional advisers where required by law or in connection with a claim.

We normally retain call recordings for 30 days. Recordings needed for complaints, disputes or legal matters may be kept for longer in line with those matters.

You have the same rights in relation to call recordings as for other personal data, described in section 13 below.

13. Your rights as a data subject

Subject to certain conditions and exemptions, you have the following rights under UK GDPR and related law:

  • Right of access
    You can request confirmation that we process your personal data and obtain a copy of that data together with certain information about the processing.

  • Right to rectification
    You can ask us to correct inaccurate data and complete incomplete data.

  • Right to erasure
    You can ask us to delete your personal data in certain situations, for example where the data is no longer needed for the original purpose and we have no legal reason to keep it.

  • Right to restriction of processing
    You can ask us to restrict processing in certain cases, for example while we check the accuracy of data or assess an objection.

  • Right to data portability
    You can ask us to provide certain personal data in a structured, commonly used and machine readable format or to transmit that data to another controller where technically feasible.

  • Right to object
    You can object to processing based on legitimate interests where you believe your rights and interests outweigh ours. You can always object to direct marketing at any time.

  • Rights in relation to automated decision making
    You have rights where we make decisions about you solely by automated means that have legal or similar significant effects. We do not carry out such profiling through this website.

  • Right to withdraw consent
    Where we rely on consent you can withdraw it at any time. This will not affect the lawfulness of processing before consent was withdrawn.

To exercise any of these rights please contact us at dataprotection@pkfinfuse.com or by post using the contact details in section 1.

14. Complaints

If you have concerns about how we handle your personal data you can contact us using the details above and we will do our best to resolve the issue.

You also have the right to lodge a complaint with the UK supervisory authority:

Information Commissioner's Office (ICO)
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
Website: ico.org.uk

15. Security

We have put in place appropriate technical and organisational measures to protect personal data against accidental loss, misuse, unauthorised access, alteration or disclosure.

These measures include access controls, encryption where appropriate, regular security reviews and staff training. We also expect our processors such as ConnectWise and N-able to implement appropriate security measures and we review their published security information and data processing terms.

16. Third party websites

Our website may contain links to third party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you.

We do not control these third party sites and are not responsible for their privacy statements. We encourage you to read the privacy notice of every website you visit.

17. Changes to this notice

We may update this Website Terms and Conditions and Privacy Policy from time to time. Any changes will be posted on this page with an updated "Last updated" date. Material changes may also be notified to you by email or through a notice on our website where appropriate.

Our Technology Partners
Microsoft-gold-partner-modern-work-derby-it-support
sentinelOne-cyber-security-provider-derby
cove-data-protection-it-support-co-managed-msp-derby-nottingham
cisco-umbrella-reseller-derby-nottingham-derbyshire-nottinghamshire
safetitan-cyber-awareness-training-jpg
cyberEssentials