Privacy Policy

Last Updated: 28/03/2026

1. Introduction Welcome to the website privacy policy of Kimbley IT Limited ("us", "we", or "our"). We respect your privacy and are committed to protecting your personal data. This privacy policy will inform you as to how we look after your personal data when you visit our website (https://www.kimbley.com), regardless of where you visit it from, and tell you about your privacy rights and how the law protects you.

For the purposes of the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018, Kimbley IT Limited is the "data controller" and is responsible for your personal data.

Note: This policy applies specifically to information collected through our website. If you become a Kimbley IT customer, the processing of your data as a client will be governed by our separate customer terms and agreements.

2. The Data We Collect About You Personal data, or personal information, means any information about an individual from which that person can be identified. We may collect, use, store, and transfer different kinds of personal data about you when you use our website:

  • Identity Data: Includes first name, last name, or similar identifiers provided via contact forms.

  • Contact Data: Includes your email address and telephone numbers.

  • Technical Data: Includes your internet protocol (IP) address, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access this website.

  • Usage Data: Includes information about how you navigate and use our website, including session recordings, heatmaps, and behavioural metrics.

3. How We Collect Your Data We use different methods to collect data from and about you, including:

  • Direct interactions: You may give us your Identity and Contact Data by filling in forms on our website or corresponding with us by email.

  • Automated technologies or interactions: As you interact with our website, we automatically collect Technical Data about your equipment, browsing actions, and patterns. We collect this using cookies, server logs, session recording tools, and other similar technologies.

4. How We Use Your Personal Data and Our Legal Basis Under the UK GDPR, we must have a legal basis to process your personal data. We will only use your data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:

  • Legitimate Interests: Where it is necessary for our legitimate interests (e.g., running our website, keeping it secure, responding to your direct inquiries, and analysing website traffic and user behaviour to improve our site), and your interests and fundamental rights do not override those interests.

  • Consent: Where you have explicitly given us consent to process your data, such as accepting non-essential cookies for remarketing, heatmaps, advertising, or analytics. You have the right to withdraw consent at any time.

5. Disclosures of Your Personal Data We may share your personal data with third parties to facilitate our website operations. These include:

  • Squarespace: Our website hosting provider.

  • Google: For Google Analytics (website traffic analysis), Google Ads (remarketing services), and Google AdSense (displaying advertisements on our blog).

  • Microsoft: For Microsoft Clarity (website analytics, heatmaps, and session recording).

  • Regulators and Authorities: If required by law to disclose your information to comply with a legal or regulatory obligation.

We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.

6. International Transfers Our website is hosted by Squarespace, a company based in the United States. Furthermore, we use Google and Microsoft services for analytics, advertising, and marketing. This means that when you use our website, your personal data may be transferred to, and processed in, the United States.

Whenever we transfer your personal data out of the United Kingdom (UK), we ensure a similar degree of protection is afforded to it by ensuring standard safeguards are in place. We rely on mechanisms such as the UK Extension to the EU-US Data Privacy Framework and Standard Contractual Clauses (SCCs) to ensure that your data is legally protected when processed by our US-based service providers.

7. Data Security We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used, or accessed in an unauthorised way, altered, or disclosed. However, please remember that no method of transmission over the Internet is 100% secure, and we cannot guarantee its absolute security.

8. Data Retention We will only retain your personal data for as long as reasonably necessary to fulfil the purposes we collected it for. For website visitors, we generally retain contact form inquiries and email correspondence for a period of 12 months after our last communication with you, unless you become a customer, at which point your data is retained according to our customer data retention policies.

9. Your Legal Rights Under certain circumstances, you have rights under UK data protection laws in relation to your personal data, including the right to:

  • Request access to your personal data.

  • Request correction of the personal data that we hold about you.

  • Request erasure of your personal data.

  • Object to processing of your personal data.

  • Request restriction of processing of your personal data.

  • Request the transfer of your personal data to you or a third party.

  • Withdraw consent at any time where we are relying on consent to process your personal data.

If you wish to exercise any of the rights set out above, please contact us using the details below.

10. Cookies, Behavioural Remarketing, Advertising, and Website Analytics We use "cookies" to collect information and improve our website. Kimbley IT Limited uses various third-party services that utilise cookies:

  • Google AdSense: We use Google AdSense to display advertisements on some of our blog posts. Google, as a third-party vendor, uses cookies to serve ads on our site. Google's use of advertising cookies enables it and its partners to serve ads to our users based on their previous visits to our site and/or other sites on the Internet. You may opt out of personalised advertising by visiting Google Ads Settings (https://www.google.com/settings/ads).

  • Google Ads (Remarketing): We use remarketing services to advertise on third-party websites to you after you have visited our website.

  • Google Analytics: You can opt out of Google Analytics by installing the Google Analytics Opt-out Browser Add-on (https://tools.google.com/dlpage/gaoptout).

  • Microsoft Clarity: We partner with Microsoft Clarity and Microsoft Advertising to capture how you use and interact with our website through behavioural metrics, heatmaps, and session replay to improve and market our products/services. Website usage data is captured using first and third-party cookies and other tracking technologies to determine the popularity of products/services and online activity. Additionally, we use this information for site optimisation, fraud/security purposes, and advertising. For more information about how Microsoft collects and uses your data, visit the Microsoft Privacy Statement.

You can set your browser to refuse all or some browser cookies or to alert you when websites set or access cookies. If you disable or refuse cookies, please note that some parts of this website may become inaccessible or not function properly.

11. Children's Privacy Our website does not address anyone under the age of 13. We do not knowingly collect personally identifiable information from children under 13. If you are a parent or guardian and you are aware that your child has provided us with personal data, please contact us. If we become aware that we have collected personal data from a child under 13 without verification of parental consent, we take steps to remove that information from our servers.

12. Changes to the Privacy Policy We may update our Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page.

13. Complaints You have the right to make a complaint at any time to the Information Commissioner's Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO, so please contact us in the first instance.

14. Contact Us If you have any questions about this Privacy Policy or our privacy practices, please contact us:

  • By email: [email protected]

  • By post: Kimbley IT, The Moseley Exchange, 149-153 Alcester Road, Moseley, Birmingham, B13 8JP