Privacy Policy

2. Scope and Responsibilities

This policy applies to all personal data processed by Idium Technology Ltd. in our role as a data processor on behalf of our clients (data controllers). We process personal data strictly under the instructions of our clients and in compliance with relevant data protection laws including UK & EU GDPR directives.

3. Data We Process

As a data processor, we may process the following types of personal data on behalf of our clients:

• Identifiable personal information (e.g., names, email addresses, phone numbers)
• Demographic data (e.g., age, gender, location)
• Technical data (e.g., IP addresses, device information, log data)
• Any other personal data provided to us by our clients

We do not process special category data unless explicitly instructed by the data controller and in compliance with applicable laws.

4. Purpose of Processing

We process personal data strictly for the purposes outlined by our clients, including but not limited to:

• Delivering contracted services
• Providing technical support
• Improving system performance and security
• Compliance with legal obligations

5. Data Security Measures

Idium Technology Ltd. implements appropriate technical and organizational measures to protect personal data, including:

• Encryption and secure storage mechanisms
• Access controls and authentication measures
• Regular security audits and monitoring
• Incident response procedures

6. Data Sharing and Transfers

We do not share or sell personal data. Personal data may be transferred to third-party service providers only for the purpose of fulfilling our contractual obligations. Where data is transferred outside the UK or EEA, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses (SCCs) or equivalent mechanisms.

7. Data Retention

We retain personal data only for as long as instructed by the data controller. Upon the end of the service agreement, we securely delete or return personal data unless legally required to retain it.

8. Data Subject Rights

As a data processor, we assist our clients in responding to data subject rights requests, including:

• Access to personal data
• Rectification of incorrect data
• Erasure of personal data (right to be forgotten)
• Restriction of processing
• Data portability
• Objection to processing

Requests should be directed to the data controller, who will coordinate with us as necessary.

9. Breach Notification

In the event of a data breach, we will notify the data controller without undue delay and provide all necessary information to support compliance with legal reporting obligations.

10. Contact Information

For any privacy-related inquiries, please contact us at:

Idium Technology Ltd.
technology@idium.co.uk

11. Policy Updates

We may update this Privacy Policy from time to time to reflect changes in legal requirements or our data processing practices. Any updates will be communicated to our clients as appropriate.

This Privacy Policy is designed to ensure GDPR compliance and demonstrate our commitment to data protection. For further details or specific compliance requests, please reach out to us.