Privacy Policy

Contact Us

Cubit Technology Ltd

Effective date: 21 May 2026
Last reviewed: 21 May 2026

1. About this policy

Cubit Technology Ltd (“Cubit”, “we”, “us”, “our”) is committed to protecting your personal information. This policy explains what personal information we collect about you, how we use it, who we share it with, how long we keep it, and the rights you have under data protection law.

This policy applies to personal information we collect when you:

  • visit our website at www.cubittech.com;
  • contact us by web form, email, telephone, or in person;
  • subscribe to our newsletters, attend our events, or download materials from us; or
  • interact with us as a contact at a current, prospective, or former customer or supplier.

This policy does not cover personal information we process on behalf of our customers as a data processor when delivering managed IT, cloud, or backup services. That processing is governed by the relevant service agreement and data processing agreement between Cubit and the customer.

2. Who we are

Cubit Technology Ltd is the “data controller” responsible for the personal information described in this policy. This means we decide how and why your information is processed.

  • Company: Cubit Technology Ltd
  • Trading address: 3rd Floor, John Stow House, 18 Bevis Marks, London EC3A 7JB
  • Registered office: Clarence Street Chambers, 32 Clarence Street, Southend On Sea, Essex, SS1 1BD
  • Company number: 05158403
  • ICO registration number: ZA360910
  • Telephone: 020 3535 0680
  • Email: info@cubittech.com

We are not required by law to appoint a statutory Data Protection Officer. For all data protection matters — including any of the rights set out in this policy — please contact us at info@cubittech.com.

3. The information we collect about you

3.1 Information you give us

When you contact us, request a quote, subscribe to communications, or otherwise interact with us, you may share:

  • your name;
  • your business email address and telephone number;
  • your job title and the organisation you work for;
  • the content of your enquiry, message, or correspondence; and
  • any other information you choose to share with us.

3.2 Information we collect automatically

When you visit our website, we automatically collect technical information, including:

  • your IP address and approximate location derived from it;
  • device information such as browser type and version, operating system, and screen resolution;
  • pages you visit, time spent on each page, and the website that referred you; and
  • data from cookies and similar technologies (see section 5).

3.3 Information we receive from third parties

We sometimes receive information about you from publicly available sources (for example, your employer’s website or LinkedIn) when researching potential customers or partners. We will only use this information for the purposes set out in section 4.

3.4 Special category data

We do not intentionally collect special category data (such as information about your health, ethnicity, religion, political opinions, or sexual orientation). Please do not include special category data in your communications with us unless we have specifically asked you to do so.

3.5 Do you have to provide your information?

Providing your personal information to us is voluntary — we don’t require it by statute or by contract. However, if you choose not to provide it we may not be able to respond to your enquiry, send you the communications you have requested, or provide our services to you.

4. Why we use your information and our lawful basis

Under UK GDPR and EU GDPR, we may only use your personal information if we have a lawful basis for doing so. The table below summarises the purposes for which we use your personal information and the lawful basis we rely on. Where we rely on “legitimate interests”, we have checked that our interests are not overridden by your rights and freedoms — you can request a summary of this assessment.

Purpose Information used Lawful basis
Responding to enquiries and providing requested information Contact details, message content Article 6(1)(b) — taking steps at your request prior to entering a contract; and/or Article 6(1)(f) — legitimate interests in responding to people who contact us.
Providing services and managing the customer relationship Business contact details, correspondence, service records Article 6(1)(b) — performance of a contract; and/or Article 6(1)(f) — legitimate interests in account management.
Operating and securing our website Technical data, strictly necessary cookie data, security logs Article 6(1)(f) — legitimate interests in running a functional, secure website.
Website analytics and improvement Pseudonymised analytics data set by non-essential cookies Article 6(1)(a) — consent (provided via our cookie banner).
Sending marketing communications Name, business email, preferences, engagement data Article 6(1)(a) — consent; or Article 6(1)(f) — legitimate interests under the PECR “soft opt-in” for existing customers receiving similar communications.
Complying with legal, regulatory, and tax obligations Records of consent, correspondence, accounting data Article 6(1)(c) — legal obligation.
Establishing, exercising, or defending legal claims Contact records, communications, contract documentation Article 6(1)(f) — legitimate interests in protecting our legal position.

5. Cookies and similar technologies

A cookie is a small text file that a website places on your device. We use cookies and similar technologies on www.cubittech.com to make the site work, to remember your preferences, to measure how the site is used, and (where you have consented) to support our marketing.

Categories of cookies we use

  • Strictly necessary cookies — essential for the site to function (for example, session management and security). These do not require your consent.
  • Analytics cookies — help us understand how visitors use our site so we can improve it. We only set these with your consent.
  • Marketing and preference cookies — used by us or our partners to show relevant communications and remember your choices. We only set these with your consent.

When you first visit our website, we will ask you to accept or reject non-essential cookies via our cookie banner. You can change your preferences at any time using the “Cookie preferences” link in our website footer, or by clearing cookies in your browser.

We will continue to keep our approach to cookies under review in line with the latest guidance from the Information Commissioner’s Office and the Data (Use and Access) Act 2025, which has introduced limited exceptions to the consent requirement for certain low-risk cookies.

6. Marketing communications

We send marketing communications — such as newsletters, event invitations, and updates about our services — only where:

  • you have given us your consent to do so; or
  • you are an existing customer and the communication relates to similar products or services to those we already provide you, and you were given a clear opportunity to opt out at the point your details were collected (the “soft opt-in” permitted by the Privacy and Electronic Communications Regulations).

Every marketing email we send contains a clear and easy-to-use unsubscribe link. You can also opt out at any time by emailing info@cubittech.com. If you opt out, we will keep a minimum record (typically your email address) on a suppression list so that we do not contact you again — this is required by law.

7. Who we share your information with

We do not sell your personal information. We share your personal information only where necessary and only with the following categories of recipients:

  • Service providers acting as our processors — including our website host, customer relationship management (CRM) platform, email marketing platform, IT and security tools, and analytics providers. We have written data processing agreements in place with each of these providers that meet the requirements of UK GDPR Article 28.
  • Professional advisers — accountants, auditors, lawyers, and insurers — where it is necessary for them to provide their services to us.
  • Regulators, law enforcement, and other authorities — where we are required to do so by law, court order, or to protect our legal rights or those of others.
  • Successor entities — if Cubit Technology is acquired, merged, or restructured, your personal information may transfer to the successor entity under the same protections set out in this policy.

8. International transfers

We are based in the UK, and most of your personal information stays within the UK or the European Economic Area (EEA).

Where we need to transfer personal information outside the UK or EEA (for example, because some of our service providers are based in the United States), we use one or more of the safeguards required by UK GDPR:

  • UK or EU adequacy regulations, where the receiving country has been recognised as providing adequate protection;
  • the UK International Data Transfer Agreement (IDTA), or the UK Addendum to the EU Standard Contractual Clauses; and
  • a transfer risk assessment and, where appropriate, additional technical and organisational measures.

You can request a copy of the relevant safeguard for any specific transfer by contacting us using the details in section 14.

9. How long we keep your information

We keep your personal information only for as long as is necessary for the purposes set out in this policy, or as required by law. Typical retention periods are:

  • Website analytics data: retained as configured in our analytics tools, typically 14 to 26 months.
  • Enquiries that do not lead to a contract: up to 24 months from the date of last contact.
  • Marketing subscription data: until you unsubscribe, then a minimum record is kept indefinitely on a suppression list.
  • Customer contact and contract records: for the duration of the contractual relationship and for six years afterwards, in line with limitation periods and tax record-keeping requirements.
  • Records relating to legal claims: for as long as needed to defend or pursue the claim.

A more detailed retention schedule is available on request.

10. How we keep your information secure

We take the security of your personal information seriously. The measures we have in place include:

  • Technical controls — encryption in transit (HTTPS / TLS), encryption at rest where appropriate, access controls, multi-factor authentication, vulnerability management, monitoring, and secure backup.
  • Organisational controls — staff data protection and security training, written security policies, role-based access, supplier due diligence, and incident response procedures.
  • Standards — our security programme is aligned with the Cyber Essentials scheme and guidance from the National Cyber Security Centre.

No system is ever 100% secure. If we become aware of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the ICO within 72 hours, and we will notify affected individuals where the risk is high, as required by UK GDPR.

11. Your rights

Under UK GDPR and EU GDPR, you have the following rights in respect of your personal information. Most rights are not absolute and may not apply in every circumstance:

  • Right of access (Article 15) — to ask for a copy of the personal information we hold about you.
  • Right to rectification (Article 16) — to ask us to correct inaccurate or incomplete information.
  • Right to erasure (Article 17) — also known as the “right to be forgotten”, to ask us to delete your information in certain circumstances.
  • Right to restrict processing (Article 18).
  • Right to data portability (Article 20) — where we process your information by automated means under your consent or under a contract.
  • Right to object (Article 21) — including an absolute right to object to direct marketing at any time.
  • Right to withdraw consent (Article 7(3)) — where we rely on your consent, you can withdraw it at any time without affecting the lawfulness of processing before withdrawal.
  • Rights related to automated decision-making (Article 22) — we do not make decisions about you based solely on automated processing that have a legal or similarly significant effect on you.

To exercise any of these rights, please contact us using the details in section 14. We will respond within one month, which we may extend by a further two months for complex requests (we will tell you if we do). The service is free in most cases; we may charge a reasonable fee, or refuse to act, only where a request is manifestly unfounded or excessive. We may need to verify your identity before we act on your request.

12. How to complain

If you have a concern about how we handle your personal information, please contact us first using the details in section 14 so we have the opportunity to resolve it.

You also have the right to complain to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection:

  • Information Commissioner’s Office
  • Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF
  • Telephone: 0303 123 1113
  • Website: ico.org.uk

If you are based in the EU or EEA, you may also lodge a complaint with the supervisory authority in your country of residence, place of work, or place of the alleged infringement.

13. Other important information

13.1 Children

Our website and services are not directed at children under the age of 13, and we do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us and we will delete it.

13.2 Third-party links

Our website may contain links to third-party websites and services. We are not responsible for the privacy practices or content of those third parties. Please review their privacy policies before sharing personal information with them.

13.3 Changes to this policy

We may update this policy from time to time to reflect changes to our practices, our services, or the law. The “last reviewed” date at the top of this policy will show when it was last updated. For material changes, we will bring the update to your attention — for example, by displaying a notice on our website or, where appropriate, by emailing you. We recommend you check this page periodically.

14. How to contact us

If you have any questions about this policy or about how we handle your personal information, or if you would like to exercise any of your rights, please contact us:

    • Email: info@cubittech.com
    • Telephone: 020 3535 0680
    • Post: Data Protection, Cubit Technology Ltd, 3rd Floor, John Stow House, 18 Bevis Marks, London EC3A 7JB