Back to homeLegal

Privacy Policy

Last updated: 24 April 2026

1. Who We Are

IronFell DPS Ltd ("IronFell", "we", "us", or "our") is a company registered in England and Wales. We operate as a specialist data protection and managed backup service provider. Our registered office address is available on request by contacting us at [email protected].

We are the data controller in respect of personal data we collect from you when you use our website (ironfell.co.uk) and associated services. Where we process personal data on behalf of our business customers, we act as a data processor and our obligations in that capacity are governed by a separate Data Processing Agreement.

2. Legal Basis and Applicable Law

This Privacy Policy is issued pursuant to the UK General Data Protection Regulation (UK GDPR) as retained in UK law by section 3 of the European Union (Withdrawal) Act 2018, and the Data Protection Act 2018 (DPA 2018). Where we serve individuals in the European Economic Area, we also comply with EU GDPR (Regulation (EU) 2016/679).

We are registered with the Information Commissioner's Office (ICO). You may verify our registration and exercise certain rights through the ICO at ico.org.uk.

3. Personal Data We Collect

We may collect and process the following categories of personal data:

  • Identity data: first name, last name, job title, company name.
  • Contact data: email address, telephone number, billing and correspondence address.
  • Account data: username, encrypted password, service preferences, and configuration data submitted through our platform.
  • Technical data: IP address, browser type and version, time-zone, browser plug-in types, operating system, and other technology on the devices you use to access our website.
  • Usage data: information about how you use our website, products, and services, including pages visited, features accessed, and session duration.
  • Transaction data: details about payments and services you have purchased from us, including invoices and order history.
  • Marketing and communications data: your preferences for receiving marketing communications from us.

We do not knowingly collect special category personal data (as defined in Article 9 UK GDPR) such as health data, biometric data, or data revealing political opinions, nor do we collect data relating to criminal convictions or offences. If you inadvertently provide such data, please contact us immediately so we can delete it.

4. How We Collect Your Personal Data

We collect personal data through:

  • Direct interactions: data you provide when registering an account, completing our pricing configurator, submitting a contact form, or communicating with us by email or telephone.
  • Automated technologies: as you interact with our website, we automatically collect technical and usage data through cookies, server logs, and similar technologies (see our Cookie Policy).
  • Third parties: analytics providers (e.g. Vercel Analytics), payment processors (e.g. Stripe), and authentication services.

5. How We Use Your Personal Data

We process your personal data on the following lawful bases:

Performance of a contract (Article 6(1)(b) UK GDPR)

To register your account, deliver the services you have purchased, process payments, and provide customer support.

Legitimate interests (Article 6(1)(f) UK GDPR)

To improve our website and services, prevent fraud and abuse, conduct internal analytics, and communicate relevant service updates. We have balanced our legitimate interests against your rights and freedoms.

Legal obligation (Article 6(1)(c) UK GDPR)

To comply with applicable laws including tax legislation, financial regulations, and any lawful requests from regulatory authorities.

Consent (Article 6(1)(a) UK GDPR)

To send you marketing communications where you have opted in. You may withdraw consent at any time without affecting the lawfulness of prior processing.

6. Data Sharing and Disclosure

We do not sell your personal data. We may share your data with:

  • Service providers: third-party processors acting under our instruction, including cloud hosting providers, payment processors, email delivery services, and analytics platforms. All such providers are subject to appropriate data processing agreements.
  • Professional advisers: lawyers, accountants, auditors, and insurers, subject to confidentiality obligations.
  • Regulatory authorities: the ICO, HMRC, or other authorities where required by law or to protect our legal rights.
  • Business transfers: in the event of a merger, acquisition, or sale of assets, your data may be transferred to the successor entity, subject to equivalent protections.

7. International Transfers

We store your data on servers located in the United Kingdom and/or European Economic Area. Where we engage sub-processors outside these territories, we ensure appropriate safeguards are in place in accordance with Chapter V of UK GDPR, including by using UK International Data Transfer Agreements (UK IDTAs) or EU Standard Contractual Clauses (SCCs) as applicable.

8. Data Retention

We retain personal data only for as long as necessary for the purposes for which it was collected, and in accordance with our legal obligations. In general:

  • Account and transaction data is retained for the duration of your contract with us plus 7 years (to comply with UK tax and financial record-keeping obligations).
  • Marketing preferences are retained until you withdraw consent.
  • Website log files and technical data are typically retained for no more than 12 months.

9. Your Rights

Under UK GDPR you have the following rights, exercisable free of charge:

  • Right of access — to obtain a copy of the personal data we hold about you (Subject Access Request).
  • Right to rectification — to have inaccurate data corrected without undue delay.
  • Right to erasure — to request deletion of your data where there is no compelling reason for its continued processing.
  • Right to restriction — to restrict processing in certain circumstances.
  • Right to data portability — to receive your data in a structured, commonly used, machine-readable format.
  • Right to object — to object to processing based on legitimate interests or for direct marketing purposes.
  • Rights related to automated decision-making — not to be subject to a decision based solely on automated processing that produces significant legal or similarly significant effects, without human review.

To exercise any of these rights, please contact us at [email protected]. We will respond within one calendar month. We may need to verify your identity before processing your request.

You also have the right to lodge a complaint with the ICO at ico.org.uk/make-a-complaint, or to seek a judicial remedy in the courts of England and Wales.

10. Security

We implement appropriate technical and organisational measures to protect your personal data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure, or access. These measures include AES-256 encryption at rest and in transit, access controls, regular security assessments, and staff training. However, no system is entirely secure and we cannot guarantee absolute security of data transmitted over the internet.

11. Cookies

We use cookies and similar tracking technologies on our website. Please see our Cookie Policy for full details of the cookies we use and how to manage your preferences.

12. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be notified to registered users by email and/or prominent notice on our website. The "last updated" date at the top of this page indicates when it was most recently revised. Continued use of our services after the effective date of any change constitutes your acceptance of the updated policy.

13. Contact Us

For any questions about this Privacy Policy or our data practices, please contact our Data Protection point of contact at:

IronFell DPS Ltd

Email: [email protected]

Registered in England and Wales