Privacy Policy

Last Updated: 7 August 2025

Who We Are

OpenKit is a UK-based software development company that provides bespoke software solutions, consulting services, and technical expertise to businesses across various sectors. We are committed to protecting your privacy and handling your personal data responsibly in accordance with UK and EU data protection laws.

Our registered address is Portland House, Belmont Business Park, Durham DH1 1TW, United Kingdom.

Information We Collect

We collect different types of information depending on how you interact with our services. Here’s what we gather and why:

When You Contact Us or Enquire About Services

When you reach out through our website, email, or phone, we collect your name, email address, phone number, and company details. We use this information to respond to your enquiries, provide quotes, and discuss potential projects. We keep records of our communications to ensure we can provide consistent service and meet our professional obligations.

Newsletter Subscribers

If you sign up for our newsletter, we collect your email address and, optionally, your name and company information. We use this to send you updates about our services, industry insights, and company news. You can unsubscribe at any time using the link in every email we send.

Client Information

For our software development clients, we collect comprehensive contact and project information including names, email addresses, phone numbers, company details, project requirements, and billing information. This allows us to deliver our services effectively, manage projects, handle invoicing, and maintain ongoing client relationships.

Website Analytics and Usage Data

We use Google Analytics and PostHog to understand how visitors use our website. These tools collect information about your visit including pages viewed, time spent on site, your general location (country/city level), device type, and browser information. We also use cookies to remember your preferences and improve your experience on our site.

This analytics data helps us improve our website, understand which content is most valuable to visitors, and make informed decisions about our online presence.

Technical Information

When you use our website or services, we automatically collect certain technical information such as your IP address, browser type, operating system, and referring website. This information helps us maintain security, troubleshoot technical issues, and ensure our services work properly across different devices and browsers.

Our Legal Basis for Processing

We process your personal data based on several legal grounds under UK GDPR:

Contract Performance: When we process data to deliver our software development services, respond to your enquiries, or fulfil our agreements with you.

Legitimate Interests: For business communications, improving our services, website analytics, security monitoring, and maintaining client relationships. We’ve assessed that these uses don’t override your privacy rights.

Consent: For newsletter subscriptions and certain marketing communications. You can withdraw this consent at any time.

Legal Obligations: When we need to keep records for tax, accounting, or other legal requirements.

How We Use Your Information

We use your personal information for several specific purposes:

Service Delivery: Managing projects, communicating with clients, providing technical support, and delivering the software solutions you’ve commissioned.

Business Communications: Sending project updates, invoices, important notices, and responding to your questions or requests.

Marketing: With your permission, we send newsletters and information about our services that might interest you. We also use analytics to understand how our marketing performs.

Improving Our Services: Analysing how our website and services are used to make improvements, develop new offerings, and enhance user experience.

Legal and Security: Protecting our business and clients from fraud, ensuring compliance with our legal obligations, and maintaining the security of our systems.

Sharing Your Information

We don’t sell your personal information to anyone. However, we do share it with trusted partners in specific circumstances:

Service Providers: We work with hosting providers, email services, payment processors, and other technical partners who help us deliver our services. These companies can only use your data to provide services to us and must protect it according to our instructions.

Professional Advisors: Our accountants, lawyers, and business consultants may access your information when they’re helping us with legitimate business matters.

Legal Requirements: We’ll disclose information if required by law, court orders, or to protect our legal rights and those of our clients.

Business Transfers: If we sell or transfer part of our business, client information may be included in that transfer, but the new owner must continue to protect your data according to this policy.

International Data Transfers

Some of our service providers are located outside the UK and EU. When we transfer your data internationally, we ensure appropriate protections are in place through approved transfer mechanisms such as:

• Standard contractual clauses approved by UK and EU authorities
• Transfers to countries with adequacy decisions
• Other appropriate safeguards as recognised by data protection law

Google Analytics and PostHog both have robust data protection measures and comply with international data transfer requirements.

Data Security and ISO 27001

We take data security seriously and maintain ISO 27001 certification, demonstrating our commitment to information security management. Our security measures include:

Technical Safeguards: Encryption of data both when stored and transmitted, secure hosting infrastructure, regular security updates, and access controls that limit who can see your information.

Organisational Measures: Staff training on data protection, clear policies and procedures, regular security assessments, and incident response plans.

Physical Security: Secure facilities and equipment, with appropriate access controls and environmental protections.

We regularly review and update our security practices to address emerging threats and maintain our ISO 27001 certification.

Your Rights

Under UK and EU data protection law, you have several important rights regarding your personal information:

Access: You can request a copy of the personal information we hold about you, along with details about how we use it.

Correction: If any information we have is inaccurate or incomplete, you can ask us to correct it.

Erasure: In certain circumstances, you can request that we delete your personal information.

Restriction: You can ask us to limit how we use your information in specific situations.

Objection: You can object to certain uses of your data, particularly for marketing purposes or when we rely on legitimate interests.

Portability: You can request your data in a portable format to transfer to another service provider.

Withdraw Consent: Where we rely on your consent, you can withdraw it at any time.

To exercise any of these rights, contact us at contact@openkit.co.uk. We’ll respond within one month and won’t charge a fee unless your request is clearly unfounded or excessive.

Data Retention

We keep your personal information only as long as necessary for the purposes we collected it. Our retention periods vary depending on the type of information:

Client Project Data: We typically retain this for seven years after project completion to meet our professional and legal obligations.

Marketing and Newsletter Data: We keep this until you unsubscribe or ask us to delete it.

Website Analytics: This data is automatically deleted by our analytics providers after 26 months.

Financial Records: We retain these for seven years to comply with accounting and tax requirements.

When we no longer need your information, we securely delete or anonymise it.

Cookies and Tracking

Our website uses cookies and similar technologies to function properly and provide analytics insights. We use:

Essential Cookies: These are necessary for our website to work and cannot be disabled.

Analytics Cookies: Google Analytics and PostHog cookies help us understand website usage and improve our services.

Functional Cookies: These remember your preferences and enhance your experience.

You can control cookies through your browser settings, but please note that disabling some cookies may affect website functionality.

Children’s Privacy

Our services are designed for businesses and professional users. We don’t knowingly collect personal information from children under 16. If we discover we’ve inadvertently collected such information, we’ll delete it promptly.

Changes to This Policy

We review this privacy policy regularly and may update it to reflect changes in our practices or legal requirements. When we make significant changes, we’ll notify you by:

• Sending an email to our newsletter subscribers and clients
• Posting a notice on our website
• Including information in our service communications

We encourage you to review this policy periodically to stay informed about how we protect your information.

Contact Us

If you have questions about this privacy policy or how we handle your personal information, please contact us:

Email: contact@openkit.co.uk
Phone: 020 3355 1358
Address: OpenKit, Portland House, Belmont Business Park, Durham DH1 1TW

For data protection matters specifically, you can also email our Data Protection Officer at the same address.

Making a Complaint

If you’re not satisfied with how we’ve handled your personal information, you have the right to complain to the supervisory authority:

Information Commissioner’s Office (ICO)
Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF
Phone: 0303 123 1113
Website: www.ico.org.uk

We’d appreciate the opportunity to address your concerns directly before you contact the ICO, but this is your right and won’t affect any other legal remedies available to you.