Privacy Policy

This privacy policy explains how Initiate IT, a trading name of RMGB Group Ltd (Companies House 14330082), handles personal data. Where this policy refers to "I", "me" or "my", that means me, Ryan Melling, the founder.

Who this applies to

This policy applies to anyone whose personal data Initiate IT collects, processes, or stores, principally prospects who get in touch through the website, current and former clients, and anyone whose personal data is processed in the course of providing IT services to a client.

Data controller

The data controller for Initiate IT website enquiries and Initiate IT marketing communications is RMGB Group Ltd, registered at Strawberry Fields Digital Hub, Euxton Lane, Chorley PR7 1PS, United Kingdom. You can reach me at hello@initiateit.co.uk.

For client engagements, Initiate IT is generally a data processor acting on the client's instructions, the client remains the data controller for their own staff and customer data. The specifics are documented in each client's engagement contract.

What I collect through this website

• Enquiry form data, name, email, company, phone (optional), message, collected when you submit the contact form, used solely to respond to your enquiry.
• Calendly booking data, name, email, and any booking details you provide when using the embedded Calendly widget. Calendly's own privacy policy applies to data they hold.
• Analytics data, Google Analytics 4 and Microsoft Clarity, only after you've accepted cookies. Both are configured to anonymise IP addresses where possible.

Lawful basis

For enquiry forms and Calendly bookings, the lawful basis is legitimate interest (responding to someone who has voluntarily contacted me) and, where appropriate, contract (steps taken in advance of entering a contract).

For analytics, the lawful basis is consent (collected via the cookie banner). Refusing analytics cookies has no effect on the rest of the site.

How long I keep data

• Enquiry data from prospects who do not become clients: 24 months from last contact, then deleted.
• Client data: for the duration of the engagement and for 6 years afterwards (HMRC and contractual record-keeping requirements).
• Analytics data: per the retention settings in GA4 (default 14 months) and Microsoft Clarity (default 12 months).

Subprocessors

I use a small number of third-party services to operate Initiate IT. The current list:

• Microsoft, hosting of email, M365, and SharePoint data (UK data residency where available).
• Google, Google Analytics 4 (consent-gated).
• Microsoft Clarity, anonymous session analytics (consent-gated).
• Calendly, meeting booking.
• Formspree, contact form submission delivery (where configured).
• Ploi / hosting provider, website hosting infrastructure.

Each of these providers has its own privacy policy and security posture, which I review before adopting them.

Your rights

Under UK GDPR you have the right to: access the personal data I hold about you; correct it if it's wrong; request deletion (subject to legal retention requirements); restrict processing; object to processing; and request your data in a portable format. Email hello@initiateit.co.uk and I'll respond within 30 days. You also have the right to complain to the Information Commissioner's Office (ico.org.uk).

International transfers

Some of my subprocessors (notably Google and Microsoft Clarity) may transfer data outside the UK or EEA. Where this happens, the transfer is covered by appropriate safeguards, Standard Contractual Clauses or adequacy decisions, depending on the country.

Changes to this policy

I'll update this policy when something material changes. Material changes will be highlighted at the top of the page. The "last updated" date at the top of this page reflects the latest revision.

Contact

Questions about this policy or about how Initiate IT handles your data? Email hello@initiateit.co.uk.