Legal

Privacy Policy

How we collect, use, and protect your personal data.

Last updated: 7 February 2026

1. Introduction

Welcome to Bright Idea Tech Ltd. ("we", "us", "our"). We are committed to protecting and respecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal data when you visit our website brightideatech.co.uk (the "Website") or use our services.

This policy is provided in compliance with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and the Privacy and Electronic Communications Regulations 2003 (PECR).

By using our Website, you agree to the collection and use of information in accordance with this policy. If you do not agree with the terms of this policy, please do not access the Website.

2. Who We Are

Bright Idea Tech Ltd. is a custom software development company registered in England and Wales.

For the purposes of data protection law, Bright Idea Tech Ltd. is the data controller responsible for your personal data.

3. Information We Collect

We may collect and process the following categories of personal data:

3.1 Information You Provide to Us

  • Contact Information: Name, email address, phone number, and company name when you fill in forms on our Website, subscribe to our newsletter, or contact us via email or phone.
  • Project Enquiry Information: Details about your business requirements, project specifications, budget, and timeline that you share with us during consultations.
  • Correspondence: Records of any correspondence between you and us, including emails and messages submitted through our contact form.

3.2 Information Collected Automatically

  • Technical Data: IP address, browser type and version, operating system, device type, screen resolution, and time zone setting.
  • Usage Data: Information about how you use our Website, including pages visited, time spent on pages, navigation paths, referral sources, and exit pages.
  • Cookie Data: Data collected through cookies and similar tracking technologies (see Section 7 below).

3.3 Information from Third Parties

We may receive information about you from third parties, including:

  • Analytics providers (such as Google Analytics)
  • Search information providers
  • Business networking platforms

4. How We Use Your Information

We use the personal data we collect for the following purposes:

  • To provide our services: Processing your enquiries, delivering project consultations, and providing custom software development services.
  • To communicate with you: Responding to your queries, sending project updates, and providing customer support.
  • To send marketing communications: With your consent, sending newsletters, promotional materials, and information about our services that may interest you.
  • To improve our Website: Analysing usage patterns to enhance user experience, content, and functionality.
  • To comply with legal obligations: Fulfilling our legal and regulatory requirements, including tax, accounting, and anti-money laundering obligations.
  • To protect our interests: Detecting, preventing, and addressing fraud, security issues, and technical problems.

5. Legal Basis for Processing

Under UK GDPR, we must have a valid legal basis for processing your personal data. We rely on the following legal bases:

  • Consent (Article 6(1)(a)): Where you have given clear consent for us to process your personal data for a specific purpose, such as subscribing to our newsletter or accepting cookies.
  • Contract (Article 6(1)(b)): Where processing is necessary for the performance of a contract with you or to take steps at your request before entering into a contract.
  • Legitimate Interests (Article 6(1)(f)): Where processing is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests. This includes operating and improving our Website, marketing our services, and protecting our business.
  • Legal Obligation (Article 6(1)(c)): Where processing is necessary to comply with a legal obligation to which we are subject.

6. How We Share Your Information

We do not sell, trade, or rent your personal data to third parties. We may share your personal data with the following categories of recipients:

  • Service Providers: Third-party companies that provide services on our behalf, such as website hosting, email delivery, analytics, and payment processing. These providers are contractually obligated to protect your data and use it only for the purposes we specify.
  • Professional Advisors: Lawyers, accountants, auditors, and insurers who provide professional services to us.
  • Law Enforcement and Regulators: Where we are required to do so by law, regulation, or court order, or where disclosure is necessary to protect our rights, property, or safety.
  • Business Transfers: In the event of a merger, acquisition, or sale of all or a portion of our assets, your personal data may be transferred as part of that transaction.

7. Cookies and Tracking Technologies

Our Website uses cookies and similar tracking technologies to enhance your browsing experience and analyse website traffic.

7.1 What Are Cookies?

Cookies are small text files placed on your device when you visit a website. They are widely used to make websites work more efficiently, to provide information to site owners, and to personalise user experience.

7.2 Types of Cookies We Use

  • Strictly Necessary Cookies: Essential for the Website to function properly. These cannot be switched off.
  • Analytics Cookies: We use Google Analytics (G-C2EMK0YCJX) to collect anonymous information about how visitors use our Website. This helps us understand which pages are most popular and how visitors navigate the site. Google Analytics cookies include: _ga, _ga_*, _gid.
  • Functionality Cookies: Allow the Website to remember choices you make (such as language preferences) and provide enhanced features.

7.3 Managing Cookies

You can control and manage cookies through your browser settings. Most browsers allow you to refuse cookies or delete existing cookies. Please note that disabling cookies may affect the functionality of our Website.

For more information about cookies and how to manage them, visit www.allaboutcookies.org.

7.4 Google Analytics

We use Google Analytics 4, a web analytics service provided by Google LLC. Google Analytics uses cookies to help us analyse how users interact with our Website. The information generated by the cookie about your use of the Website is transmitted to and stored by Google on servers that may be located outside the UK.

Google’s privacy policy is available at: https://policies.google.com/privacy

You can opt out of Google Analytics by installing the Google Analytics Opt-out Browser Add-on.

8. Marketing Communications

We may send you marketing communications about our services, industry insights, and company news where you have:

  • Expressly opted in to receive such communications (e.g., by subscribing to our newsletter); or
  • Previously enquired about or purchased our services (soft opt-in under PECR), and we are marketing similar services.

You can opt out of marketing communications at any time by:

  • Clicking the "unsubscribe" link in any marketing email we send you;
  • Emailing us at [email protected] with the subject line "Unsubscribe"; or
  • Contacting us using the details in Section 2.

Please note that opting out of marketing communications will not affect service-related communications (such as project updates or invoices).

9. International Data Transfers

Your personal data may be transferred to, stored, or processed in countries outside the United Kingdom. Where we transfer your data internationally, we ensure that appropriate safeguards are in place, including:

  • Transfers to countries that the UK Government has deemed to provide an adequate level of protection for personal data;
  • Use of specific contracts approved by the UK Information Commissioner’s Office (the International Data Transfer Agreement or International Data Transfer Addendum to the EU Standard Contractual Clauses);
  • Where we use providers based in the US, we may transfer data to them if they participate in recognised certification mechanisms or have appropriate safeguards in place.

Please contact us if you want further information on the specific mechanisms used by us when transferring your personal data out of the UK.

10. Data Security

We take the security of your personal data seriously and implement appropriate technical and organisational measures to protect it against unauthorised or unlawful processing, accidental loss, destruction, or damage. These measures include:

  • Encryption of data in transit using SSL/TLS;
  • Secure hosting with reputable service providers;
  • Regular security assessments and updates;
  • Access controls limiting who can access personal data;
  • Staff training on data protection and security awareness.

While we strive to use commercially acceptable means to protect your personal data, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security.

11. Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected, including to satisfy any legal, accounting, or reporting requirements.

To determine the appropriate retention period, we consider:

  • The amount, nature, and sensitivity of the personal data;
  • The potential risk of harm from unauthorised use or disclosure;
  • The purposes for which we process the data and whether we can achieve those purposes through other means;
  • Applicable legal, regulatory, tax, accounting, or other requirements.

As a general guide:

  • Enquiry data: Retained for 2 years from the date of your last interaction with us.
  • Client project data: Retained for 6 years after the completion of the project (in line with limitation periods under English law).
  • Marketing data: Retained until you unsubscribe or request deletion.
  • Website analytics data: Anonymised and retained for up to 26 months.

12. Your Rights

Under UK GDPR, you have the following rights in relation to your personal data:

  • Right of Access (Article 15): You have the right to request a copy of the personal data we hold about you (a "Subject Access Request").
  • Right to Rectification (Article 16): You have the right to request that we correct any inaccurate or incomplete personal data.
  • Right to Erasure (Article 17): You have the right to request that we delete your personal data in certain circumstances (the "right to be forgotten").
  • Right to Restriction of Processing (Article 18): You have the right to request that we restrict the processing of your personal data in certain circumstances.
  • Right to Data Portability (Article 20): You have the right to receive your personal data in a structured, commonly used, and machine-readable format and to transmit it to another controller.
  • Right to Object (Article 21): You have the right to object to the processing of your personal data where we are relying on legitimate interests or for direct marketing purposes.
  • Right to Withdraw Consent: Where we rely on consent as the legal basis for processing, you have the right to withdraw your consent at any time. This will not affect the lawfulness of processing carried out before you withdrew consent.
  • Rights Related to Automated Decision-Making (Article 22): You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you.

To exercise any of these rights, please contact us at [email protected]. We will respond to your request within one month. In certain circumstances, we may extend this period by a further two months, in which case we will inform you.

We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights).

13. Third-Party Links

Our Website may include links to third-party websites, plug-ins, and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our Website, we encourage you to read the privacy policy of every website you visit.

14. Children’s Privacy

Our Website and services are not intended for children under the age of 16. We do not knowingly collect personal data from children under 16. If you are a parent or guardian and you are aware that your child has provided us with personal data, please contact us. If we become aware that we have collected personal data from children under 16 without verification of parental consent, we take steps to remove that information from our servers.

15. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make changes, we will update the "Last updated" date at the top of this page.

We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting your personal data. Continued use of our Website after any changes to this Privacy Policy constitutes your acceptance of such changes.

16. Complaints

If you are unhappy with how we have handled your personal data, you have the right to lodge a complaint with the Information Commissioner’s Office (ICO), the UK’s supervisory authority for data protection:

We would appreciate the chance to deal with your concerns before you approach the ICO, so please contact us first.

17. Contact Us

If you have any questions about this Privacy Policy, your personal data, or wish to exercise any of your rights, please contact us:

Thank You for Subscribing!

You're now subscribed to our newsletter. We'll send you the latest insights on software development and technology.