Privacy Policy

We take your privacy seriously. This policy explains what data we collect, why we collect it, and how we protect it.

Last Updated: 17 May 2026
UK GDPR Compliant
Smart Nibble, United Kingdom
Table of Contents
  1. Who We Are
  2. Data We Collect
  3. How We Collect Your Data
  4. How We Use Your Data
  5. Legal Basis for Processing
  6. Data Sharing
  7. Data Retention
  8. Your Rights
  9. Cookies
  10. Security
  11. International Transfers
  12. Children's Privacy
  13. Changes to this Policy
  14. How to Contact Us
In plain English: We collect only the information we need to provide you with remote IT support. We do not sell your data. We do not share it with advertisers. We handle everything in accordance with UK GDPR and the Data Protection Act 2018.

1. Who We Are

Smart Nibble ("we", "us", "our") is a remote IT support business based in the United Kingdom. We are the data controller for personal information collected through our website and services.

Contact: info@smartnibble.co.uk

2. Data We Collect

Information You Provide

  • Identity data: Full name
  • Contact data: Email address, telephone number (if provided)
  • Support data: Issue descriptions, device type, screenshots or files you share during a support session
  • Communication data: The content of messages or emails you send us

Information Collected Automatically

  • Technical data: IP address, browser type, operating system, referring URL, pages visited, and session duration
  • Cookie data: Session identifiers and consent preferences — see our Cookie Policy

Sensitive Data

We do not intentionally collect special category data (such as health, financial, or political information). Please do not submit such data through our forms. If sensitive data is incidentally disclosed during a support session, we will handle it with appropriate care and will not store it beyond the session.

3. How We Collect Your Data

  • Support request forms on our website
  • Contact forms and email correspondence
  • Remote support sessions (screen content visible during the session)
  • Automatically through cookies and server logs when you visit our website

4. How We Use Your Data

We use your personal data for the following purposes:

  • Service delivery: To process your support request and provide remote IT assistance
  • Communication: To respond to your enquiries, send session confirmations, and provide updates on your support request
  • Quality assurance: To monitor and improve the quality of our services
  • Security: To detect, prevent, and investigate fraud, security incidents, and misuse of our services
  • Legal compliance: To meet our legal and regulatory obligations
  • Website analytics: To understand how visitors use our website and improve user experience (using anonymised or aggregated data)

We will never use your personal data for unsolicited direct marketing without your explicit consent.

5. Legal Basis for Processing

Under the UK GDPR, we rely on the following legal bases for processing your personal data:

  • Contract (Article 6(1)(b)): Processing is necessary to deliver the remote IT support services you have requested.
  • Legitimate interests (Article 6(1)(f)): Processing is necessary for our legitimate business interests, including improving our services, maintaining security, and preventing fraud — where such interests are not overridden by your rights.
  • Legal obligation (Article 6(1)(c)): Processing is necessary to comply with our legal obligations under UK law.
  • Consent (Article 6(1)(a)): Where we rely on consent (e.g., for non-essential cookies or marketing), you may withdraw consent at any time.

6. Data Sharing

We do not sell, rent, or trade your personal data to third parties. We may share data only in the following limited circumstances:

  • Service providers: With trusted third-party providers who assist in operating our business (e.g., email hosting, web hosting), who are contractually bound to process data only on our instructions and in accordance with our privacy standards.
  • Legal requirements: Where required by law, court order, or government authority.
  • Business transfers: In the event of a merger, acquisition, or sale of assets, personal data may be transferred. We will notify affected customers and ensure continued protection under this policy.

7. Data Retention

We retain personal data for no longer than necessary for the purposes for which it was collected:

  • Support request records: Retained for up to 12 months after the support session, then securely deleted or anonymised.
  • Email correspondence: Retained for up to 24 months for service continuity purposes.
  • Website logs: Retained for up to 90 days for security and analytical purposes.
  • Legal hold: Where required by law, data may be retained for longer periods.

8. Your Rights

Under UK GDPR, you have the following rights regarding your personal data:

  • Right of access: Request a copy of the personal data we hold about you (Subject Access Request).
  • Right to rectification: Request correction of inaccurate or incomplete data.
  • Right to erasure ("right to be forgotten"): Request deletion of your personal data where there is no lawful reason to retain it.
  • Right to restrict processing: Request that we limit how we use your data in certain circumstances.
  • Right to data portability: Receive your data in a structured, machine-readable format.
  • Right to object: Object to processing based on legitimate interests or for direct marketing.
  • Rights related to automated decision-making: We do not use automated decision-making or profiling that produces legal or similarly significant effects.

To exercise any of these rights, please contact us at info@smartnibble.co.uk. We will respond within 30 days. You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.

9. Cookies

We use essential cookies to maintain session security and site functionality. Please refer to our Cookie Policy for full details of the cookies we use and how to manage your preferences.

10. Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, disclosure, alteration, or destruction. These include:

  • TLS/HTTPS encryption for all data in transit
  • Secure, access-controlled servers
  • Employee access restrictions on a need-to-know basis
  • Regular security reviews and updates
  • CSRF protection on all web forms
  • Input sanitisation and SQL injection prevention

Despite these measures, no internet transmission or electronic storage is entirely secure. In the event of a data breach that is likely to result in a risk to your rights, we will notify you and the ICO as required by law.

11. International Transfers

We primarily process data within the United Kingdom and the European Economic Area (EEA). Where data is transferred to countries outside the UK, we ensure that equivalent safeguards are in place in accordance with UK GDPR requirements (e.g., Standard Contractual Clauses or adequacy decisions).

12. Children's Privacy

Our services are not directed at individuals under the age of 18 without parental or guardian consent. We do not knowingly collect personal data from children. If you believe we have inadvertently collected data from a child, please contact us immediately and we will take steps to delete it.

13. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. The most current version will always be published on this page with the date of the last update. We encourage you to review this policy periodically.

14. How to Contact Us

For any privacy-related questions, to exercise your rights, or to make a complaint:

Smart Nibble
Email: info@smartnibble.co.uk
United Kingdom

You also have the right to complain to the Information Commissioner's Office (ICO):
Website: ico.org.uk/make-a-complaint
Phone: 0303 123 1113