Legal

Privacy Policy

How we collect, use, and protect your personal data. UK GDPR and Data Protection Act 2018 compliant.

Last updated: 24 May 2026Version 1.0

1. Data Controller

The data controller responsible for your personal data is:

TekSpert Ltd
Company No. 16711813
VAT No. 505 2175 24
Email: privacy@pubsmanagement.com

For the purposes of the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018, TekSpert Ltd is the data controller when you interact with our website and marketing services. When you use the Platform to manage your own employees' data, you are the data controller and TekSpert Ltd acts as a data processor on your behalf (see our Data Processing Agreement).

2. Personal Data We Collect

We collect and process the following categories of personal data:

Account Data: Name, email address, phone number, job title, company name, and login credentials.

Employee Data (on your behalf): Employee names, contact details, employment records, shift patterns, clock-in/out times, training records, holiday requests, and documents uploaded by you or your staff.

Technical Data: IP address, browser type and version, device information, operating system, time zone, and usage data collected through cookies and similar technologies.

Communication Data: Records of correspondence with us, including support tickets and feedback.

Financial Data: Billing information and payment card details (processed by our payment provider; we do not store full card numbers).

3. Lawful Basis for Processing

We process personal data under the following lawful bases as defined by Article 6 of the UK GDPR:

Performance of a Contract (Article 6(1)(b)): Processing necessary to provide the Platform and Services you have subscribed to.

Legitimate Interests (Article 6(1)(f)): Processing necessary for our legitimate business interests, including improving our services, fraud prevention, and ensuring network and information security, where these interests are not overridden by your rights and freedoms.

Consent (Article 6(1)(a)): Where you have given consent for specific processing activities, such as receiving marketing communications or the use of non-essential cookies. You may withdraw consent at any time.

Legal Obligation (Article 6(1)(c)): Processing necessary to comply with a legal obligation, such as tax reporting or responding to lawful requests from public authorities.

4. Purposes of Processing

We use your personal data for the following purposes:

  • Providing, maintaining, and improving the Platform
  • Processing Subscription payments and billing
  • Communicating with you about your account, support requests, and service updates
  • Sending marketing communications (with your consent)
  • Analysing usage patterns to improve user experience and performance
  • Ensuring the security and integrity of the Platform
  • Complying with legal obligations
  • Enforcing our Terms of Service

5. Recipients and Third Parties

We may share your personal data with the following categories of recipients:

Service Providers: Cloud hosting providers (UK-based infrastructure), payment processors, email delivery services, and customer support tools. All service providers are contractually bound to process data only on our instructions and in compliance with applicable data protection law.

Professional Advisers: Lawyers, auditors, and accountants where necessary for the exercise or defence of legal claims.

Law Enforcement: Where required by law, regulation, or court order.

We do not sell your personal data to third parties. We do not share personal data with third parties for their own marketing purposes.

6. International Transfers

Your personal data is primarily stored and processed within the United Kingdom. Where it is necessary to transfer data outside the UK, we ensure appropriate safeguards are in place in accordance with UK GDPR requirements, including:

  • Transfers to countries with an adequacy decision from the UK Secretary of State
  • Standard contractual clauses approved by the UK Information Commissioner
  • Binding corporate rules where applicable

7. Data Retention

We retain personal data only for as long as necessary to fulfil the purposes for which it was collected:

Account Data: For the duration of your Subscription, plus 30 days for data export, then deleted.

Employee Data: For the duration of your Subscription, then available for export for 30 days before deletion.

Financial Records: 7 years from the date of transaction, as required by HMRC.

Technical and Usage Data: Up to 24 months from collection.

Marketing Consent Records: For the duration of the consent plus 3 years.

8. Your Rights

Under the UK GDPR, you have the following rights in relation to your personal data:

Right of Access (Article 15): You have the right to request a copy of the personal data we hold about you.

Right to Rectification (Article 16): You have the right to request correction of inaccurate or incomplete personal data.

Right to Erasure (Article 17): You have the right to request deletion of your personal data where there is no compelling reason for continued processing.

Right to Restriction (Article 18): You have the right to request that we restrict processing of your personal data in certain circumstances.

Right to Data Portability (Article 20): You have the right to receive your personal data in a structured, commonly used, and machine-readable format.

Right to Object (Article 21): You have the right to object to processing based on legitimate interests or for direct marketing purposes.

Rights Related to Automated Decision-Making (Article 22): We do not currently make decisions based solely on automated processing that produce legal effects or similarly significant effects on you.

To exercise any of these rights, please contact us at privacy@pubsmanagement.com. We will respond within one month of receiving your request, as required by law.

9. Children's Data

The Platform is not intended for use by children under the age of 16. We do not knowingly collect personal data from children under 16. If you believe a child under 16 has provided personal data to us, please contact us at privacy@pubsmanagement.com and we will delete it.

10. Cookies

We use cookies and similar technologies on our website. For full details of the cookies we use, why we use them, and how to manage your preferences, please see our Cookie Policy.

11. Security Measures

We implement appropriate technical and organisational measures to protect personal data against unauthorised access, alteration, disclosure, or destruction. These include encryption in transit (TLS 1.2+) and at rest, access controls, regular security assessments, and staff training on data protection.

12. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via email or in-platform notification. The "Last updated" date at the top of this page indicates when this Policy was last revised.

13. Complaints

If you are not satisfied with how we handle your personal data, you have the right to lodge a complaint with the Information Commissioner's Office (ICO):

Information Commissioner's Office
Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
Website: ico.org.uk
Helpline: 0303 123 1113

14. Contact

For privacy-related enquiries:

TekSpert Ltd
Email: privacy@pubsmanagement.com