Privacy Policy
Last Updated: January 2026
1. Introduction
This privacy notice provides you with details of how we collect and process your personal data through your use of our website and services, including any information you may provide when you engage our managed IT services, contact us for support, or sign up to receive communications from us.
By engaging our services or providing us with your data, you warrant that you are over 16 years of age, or that you are a business owner or authorized representative with the authority to engage our services on behalf of your organization. This includes authority for us to manage, monitor, and support all services, devices, systems, and network connections (including broadband and connectivity services) you have requested we provide or manage, whether these are business-owned, personal, or family devices and services.
AOIT Networks Ltd is the data controller and we are responsible for your personal data (referred to as “we”, “us” or “our” in this privacy notice).
Contact Details
Full name of legal entity: AOIT Networks Ltd
Company Number: 10450071
VAT Number: GB253424912
Email address: support@aoitnetworks.com
Postal address: Jarrow Business Centre, Rolling Mill Road, Jarrow, Tyne and Wear, NE32 3DT, United Kingdom
Telephone number: 0191 825 0808
If you are not happy with any aspect of how we collect and use your data, you have the right to complain to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk). We would be grateful if you would contact us first if you do have a complaint so that we can try to resolve it for you.
It is very important that the information we hold about you is accurate and up to date. Please let us know if at any time your personal information changes by emailing us at support@aoitnetworks.com or by contacting your account manager.
2. What Data Do We Collect About You
Personal data means any information capable of identifying an individual. It does not include anonymized data.
We may process certain types of personal data about you as follows:
Identity Data may include your first name, last name, username, company name, job title, and gender.
Contact Data may include your business address, email address, and telephone numbers. For employees of our partner organizations, this includes both work contact details and personal contact details where provided to ensure service continuity.
Financial Data may include bank account and payment card details where you engage our services.
Transaction Data may include details about payments between us and other details of services purchased by you.
Technical Data may include internet protocol addresses (anonymized via CDN for website visitors with the last octet removed, but full IP addresses may be recorded when using our support portal or service desk), browser type and version, browser plug-in types and versions, time zone setting and location, operating system and platform, and other technology on the devices you use to access our website or services.
Profile Data may include your username and password for our support portal or partner portal, services purchased or used, your interests, preferences, feedback, and survey responses.
Usage Data may include information about how you use our website, products, and services.
Marketing and Communications Data may include your preferences in receiving marketing communications from us and your communication preferences.
Service Delivery Data includes information we collect and process as part of delivering our managed IT services to you, including support ticket history and communications, call recordings, device and network information, connectivity and broadband service usage and performance data, system logs and monitoring data, network traffic metadata and performance metrics, and security event data.
We may also process aggregated data from your personal data, but this data does not reveal your identity and as such in itself is not personal data. An example of this is where we review your usage data to work out the percentage of service users utilizing a specific feature. If we link aggregated data with your personal data so that you can be identified from it, then it is treated as personal data.
Sensitive Data
We do not intentionally collect any sensitive data about you. Sensitive data refers to data that includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health, and genetic and biometric data. We do not collect any information about criminal convictions and offenses.
However, as part of our managed services, we may have technical access to backup data, email systems, endpoint devices, and network monitoring that could theoretically contain sensitive data belonging to you or your employees. Where we process such data, we do so solely as a data processor on your behalf and in accordance with our Data Processing Agreement. We do not actively collect, review, or use such data for our own purposes.
Where we are required to collect personal data by law, or under the terms of the contract between us, and you do not provide us with that data when requested, we may not be able to perform the contract. For example, we may not be able to deliver services to you. If you do not provide us with the requested data, we may have to cancel a service you have ordered, but if we do, we will notify you at the time.
3. How We Collect Your Personal Data
We collect data about you through a variety of different methods including direct interactions, automated technologies, and in the course of delivering our services.
Direct interactions. You may provide data by filling in forms on our website or by communicating with us by post, phone, email, or otherwise, including when you order our services, create an account on our website or partner portal, subscribe to our communications, request information or marketing materials be sent to you, request support or technical assistance, provide feedback, or engage with us in any other way.
Automated technologies or interactions. As you use our website, we may automatically collect technical data about your equipment, browsing actions, and usage patterns. We collect this data by using cookies, server logs, and similar technologies. We may also receive technical data about you if you visit other websites that use our cookies. For detailed information about the cookies we use, please see our Cookie Policy managed via Cookiebot.
Service delivery and monitoring. As part of delivering our managed IT services, we collect data through our monitoring systems, remote management tools, backup services, security solutions, support ticketing systems, and telecommunications services. This includes automated collection of system logs, performance metrics, security events, and other technical data necessary for service delivery.
Third parties or publicly available sources. We may receive personal data about you from various third parties and public sources including analytics providers such as Google, Microsoft, and potentially Matomo, some of which may be based outside the EU. We may also receive contact and business data from publicly available sources such as Companies House and business directories.
4. How We Use Your Personal Data
We will only use your personal data when legally permitted. The most common uses of your personal data are where we need to perform the contract between us, where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests, and where we need to comply with a legal or regulatory obligation.
Generally, we do not rely on consent as a legal ground for processing your personal data, other than in relation to sending marketing communications to you via email. You have the right to withdraw consent to marketing at any time by emailing us at support@aoitnetworks.com or by following the unsubscribe link in any marketing email.
Purposes for Processing Your Personal Data
Set out below is a description of the ways we intend to use your personal data and the legal grounds on which we will process such data. We have also explained what our legitimate interests are where relevant.
We may process your personal data for more than one lawful ground, depending on the specific purpose for which we are using your data. Please email us at support@aoitnetworks.com if you need details about the specific legal ground we are relying on to process your personal data where more than one ground has been set out in the table below.
| Purpose/Activity | Type of Data | Lawful Basis for Processing |
|---|---|---|
| To register you as a new partner or respond to an enquiry | (a) Identity (b) Contact | (a) Performance of a contract with you (b) Necessary for our legitimate interests (to communicate with potential and existing partners) |
| To process and deliver services including managing payments, fees and charges, and collecting money owed to us | (a) Identity (b) Contact (c) Financial (d) Transaction (e) Marketing and Communications | (a) Performance of a contract with you (b) Necessary for our legitimate interests (to recover debts owed to us) |
| To manage our relationship with you including notifying you about changes to our terms and conditions or privacy policy, and asking you to provide feedback or complete surveys | (a) Identity (b) Contact (c) Profile (d) Marketing and Communications | (a) Performance of a contract with you (b) Necessary to comply with a legal obligation (c) Necessary for our legitimate interests (to keep our records updated and to study how partners use our services) |
| To deliver our managed IT services including backup and disaster recovery, endpoint management, network monitoring, cybersecurity services, VoIP and communications services, and connectivity services | (a) Identity (b) Contact (c) Technical (d) Service Delivery Data | (a) Performance of a contract with you (b) Necessary for our legitimate interests (to provide proactive IT support and maintain system security) |
| To provide technical support, troubleshooting, and respond to support requests | (a) Identity (b) Contact (c) Technical (d) Service Delivery Data (e) Profile | Performance of a contract with you |
| To administer and protect our business and our website, including troubleshooting, data analysis, testing, system maintenance, support, reporting, and hosting of data | (a) Identity (b) Contact (c) Technical | (a) Necessary for our legitimate interests (for running our business, provision of administration and IT services, network security, to prevent fraud and in the context of a business reorganization or group restructuring exercise)<br>(b) Necessary to comply with a legal obligation |
| To use data analytics to improve our website, services, marketing, partner relationships, and experiences | (a) Technical (b) Usage | Necessary for our legitimate interests (to define types of partners for our services, to keep our website updated and relevant, to develop our business and to inform our service strategy) |
| To make suggestions and recommendations to you about services that may be of interest to you | (a) Identity (b) Contact (c) Technical (d) Usage (e) Profile (f) Marketing and Communications | Necessary for our legitimate interests (to develop our services and grow our business) |
| To record telephone calls for training, quality assurance, and dispute resolution purposes | (a) Identity (b) Contact (c) Service Delivery Data | (a) Necessary for our legitimate interests (to improve service quality and protect our business interests) (b) Performance of a contract with you |
Marketing Communications
You will receive marketing communications from us if you have requested information from us, engaged our services, or provided us with your details and indicated your consent to receive marketing communications, and in each case, you have not opted out of receiving that marketing.
We may send marketing communications based on our legitimate business interests to enquirers and existing partners, including email newsletters, service updates and product announcements, educational content such as cybersecurity tips and IT best practices, and event invitations.
For existing partners, with approval from your IT Director or CEO, we may send informational (non-marketing) materials to business email addresses within your organization. These communications may be tailored based on the services you use or services that may benefit your organization.
We will get your express opt-in consent before we share your personal data with any third party for marketing purposes.
You can ask us to stop sending you marketing messages at any time by following the opt-out links on any marketing message sent to you or by emailing support@aoitnetworks.com. Where you opt out of receiving our marketing communications, this will not apply to personal data provided to us as a result of a service purchase or other transactions, and you will continue to receive transactional and service-related communications.
We will not send excessive marketing communications, and we will never sell, rent, or share your contact details with third parties for their marketing purposes.
Change of Purpose
We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you wish to find out more about how the processing for the new purpose is compatible with the original purpose, please email us at support@aoitnetworks.com.
If we need to use your personal data for a purpose unrelated to the purpose for which we collected the data, we will notify you and we will explain the legal ground of processing.
We may process your personal data without your knowledge or consent where this is required or permitted by law.
5. When We Act as a Data Processor
For many of our managed IT services, we act as a data processor on behalf of our partners, who remain the data controllers of their employee and customer data. This section explains our role and responsibilities when processing data on your behalf.
Services Where We Process Data on Your Behalf
As part of delivering our managed IT and telecommunications services, we may have technical access to and process data on your behalf. This includes but is not limited to data accessed through backup and disaster recovery services, endpoint and mobile device management, email security and management services, telecommunications services including VoIP and call recording, connectivity and network services with associated monitoring, cloud services and infrastructure management, identity and access management services, cybersecurity and threat detection services, remote access and secure connectivity services, network performance and health monitoring, patch management and software deployment, domain and DNS management, compliance monitoring and reporting, and helpdesk and support services.
The specific services we provide and the data we may access are detailed in your service agreement with us. We only access data when necessary for service delivery, security monitoring, support, or proactive maintenance as authorized under our contract with you.
How We Handle Data We Process on Your Behalf
Access and Use Principles
We only access data when necessary for service delivery, responding to support requests, security monitoring and threat detection, or proactive maintenance and system health monitoring. All access is controlled through appropriate authentication and authorization mechanisms, and access events are logged for security and audit purposes.
We do not routinely monitor or review the content of your data. Our proactive monitoring focuses on system health indicators, performance metrics, security events, and anomaly detection rather than the content of communications, files, or personal data. When we do need to access specific data for support or troubleshooting purposes, we do so with the minimum access necessary to resolve the issue.
Security Measures
We maintain comprehensive security controls to protect data we process on your behalf. Data is encrypted in transit using industry-standard protocols and at rest where applicable and technically feasible. Access to data is restricted to authorized personnel only, limited by role-based access controls and the principle of least privilege. We maintain detailed logging and monitoring of access to partner systems and data, and we conduct regular security audits and assessments of our systems and processes.
Our staff receive regular training on data protection, confidentiality, and security best practices, and all personnel with access to partner data are subject to contractual confidentiality obligations.
Data Location and Transfers
All data is stored within the United Kingdom or European Union where possible and technically feasible. Some services may route traffic through our CDN nodes, which may include a node based in the United States, but primary data storage remains within UK or EU regions.
Where any transfer of data outside the UK or EU is necessary for service delivery, we ensure appropriate safeguards are in place in accordance with UK GDPR requirements, including standard contractual clauses or other approved transfer mechanisms.
Your Data Processing Agreement
Our legal obligations as a data processor are detailed in our Data Processing Agreement (DPA), which forms part of our service contracts with partners. The DPA includes detailed provisions regarding our security obligations and the specific technical and organizational measures we implement, data breach notification procedures including our commitment to notify you without undue delay, subprocessor management including our obligation to inform you of any changes to subprocessors, your rights as data controller and our responsibilities as data processor, data return and deletion procedures upon termination of services, and audit rights and our cooperation with supervisory authorities.
The DPA also addresses our obligations regarding data subject requests. Where we receive requests from individuals whose data we process on your behalf (such as your employees or customers), we will promptly refer such requests to you as the data controller and provide reasonable assistance in responding to such requests.
For a copy of our standard Data Processing Agreement or questions about our data processing activities, please contact support@aoitnetworks.com.
Subprocessors
We engage certain third-party subprocessors to assist us in delivering services to you. We carefully select our subprocessors and ensure they provide sufficient guarantees to implement appropriate technical and organizational measures to meet the requirements of data protection law.
Our key subprocessors include HaloPSA, N-Able, Google, Microsoft, Bunny CDN, and Pax8.
We maintain a complete and current list of all subprocessors at aoitnetworks.com/subprocessors. We will inform you of any intended changes concerning the addition or replacement of subprocessors, giving you the opportunity to object to such changes in accordance with our Data Processing Agreement.
6. Disclosures of Your Personal Data
We may share your personal data with the parties set out below for the purposes set out in the table in Section 4 above.
Service providers and subprocessors who provide IT and system administration services, telecommunications services, payment processing, and other services necessary for us to deliver our services to you. We require all third parties to whom we transfer your data to respect the security of your personal data and to treat it in accordance with the law. We only allow such third parties to process your personal data for specified purposes and in accordance with our instructions.
Professional advisers including lawyers, bankers, auditors, and insurers who provide consultancy, banking, legal, insurance, and accounting services to us.
HM Revenue & Customs, regulators, and other authorities based in the United Kingdom and other relevant jurisdictions who require reporting of processing activities in certain circumstances.
Payment processing providers such as direct debit processors and payment gateway providers where you have engaged our services.
Software vendors and suppliers to whom we may need to share information solely to complete orders on your behalf as part of our service delivery. This may include sharing contact and business information to procure licenses, provision services, or fulfill your service requirements.
Third parties to whom we sell, transfer, or merge parts of our business or our assets. Alternatively, we may seek to acquire other businesses or merge with them. If a change happens to our business, then the new owners may use your personal data in the same way as set out in this privacy notice.
We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.
What We Do Not Do
We will never sell your personal data to third parties. We will never rent or share your contact information with third parties for their marketing purposes. We will not use your data for purposes unrelated to our services without your explicit consent, except where required or permitted by law.
7. International Transfers
We endeavor to store and process all personal data within the United Kingdom or European Economic Area (EEA). However, some of our service providers and analytics tools may involve transfers of data outside the UK or EEA.
Where we transfer your personal data outside the UK or EEA, we ensure a similar degree of protection is afforded to it by implementing appropriate safeguards. This may include transferring data to countries that have been deemed to provide an adequate level of protection for personal data, using specific contracts approved for use in the UK (such as the International Data Transfer Agreement or standard contractual clauses), or relying on other appropriate safeguards recognized under UK data protection law.
Some services may route traffic through our CDN infrastructure, which includes nodes based in the United States. However, all primary data storage and processing remains within UK or EU regions where possible.
Please contact us at support@aoitnetworks.com if you would like further information on the specific mechanism used by us when transferring your personal data outside the UK or EEA.
8. Data Retention
We will only retain your personal data for as long as necessary to fulfill the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
By law we are required to keep basic information about our partners, including contact, identity, financial, and transaction data for six years after they cease being partners for tax and accounting purposes.
Enquiries and Prospective Partners:
Contact information from enquiries is retained for one year from the date of enquiry. If you subscribe to our marketing communications, we will retain your basic contact details until you unsubscribe from our mailing list.
Active Partners:
For the duration of our partnership, we retain your business and contact information, support ticket history and communications, and service delivery data as required for service continuity and support. Call recordings are retained for 12 months as standard, with extended retention available for up to 3 years upon request.
Former Partners:
Business records and contact information are retained for 6 years after account closure to comply with legal and accounting obligations. Service data is deleted or returned to you in accordance with the terms of our Data Processing Agreement and our mutual agreement at the time of service termination.
Data Processed on Your Behalf:
Where we process data as a data processor on your behalf, retention periods are determined by your requirements and our service agreements. Backup data is retained according to your chosen retention policy and service level agreement. Monitoring and logging data is typically retained for 90 days to 12 months depending on the specific service and regulatory requirements. Other partner data is retained as specified in our service agreements and Data Processing Agreement.
In some circumstances you can ask us to delete your data. Please see Section 9 below for further information. In some circumstances we may anonymize your personal data so that it can no longer be associated with you, in which case we may use this information indefinitely without further notice to you.
9. Data Security
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorized way, altered, or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors, and other third parties who have a business need to know such data. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.
Our security measures include encryption of data in transit using industry-standard protocols such as TLS, encryption of data at rest where applicable and technically feasible, multi-factor authentication and strong access controls for systems containing personal data, role-based access controls following the principle of least privilege, comprehensive logging and monitoring of access to systems and data, regular security assessments, vulnerability scanning, and penetration testing, staff training on information security and data protection best practices, incident response procedures and breach notification protocols, secure data centers within UK or EU regions with physical and environmental controls, and regular backups and disaster recovery procedures.
We maintain security certifications and adhere to industry best practices for information security management. Details of our specific security controls and certifications are available upon request for partners and prospective partners.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so. Where we act as a data processor on your behalf, we will notify you without undue delay upon becoming aware of a personal data breach affecting data we process for you.
While we implement robust security measures, no method of transmission over the internet or method of electronic storage is completely secure. We cannot guarantee absolute security, but we are committed to protecting your personal data using appropriate and proportionate security measures.
10. Your Legal Rights
Under certain circumstances, you have rights under data protection laws in relation to your personal data. You have the right to request access to your personal data, request correction of your personal data, request erasure of your personal data, object to processing of your personal data, request restriction of processing your personal data, request transfer of your personal data, and the right to withdraw consent where we are relying on consent to process your personal data.
You can see more about these rights at www.ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/individual-rights.
If you wish to exercise any of the rights set out above, please email us at support@aoitnetworks.com.
No Fee Usually Required
You will not have to pay a fee to access your personal data or to exercise any of your other rights. However, we may charge a reasonable fee if your request is clearly unfounded, repetitive, or excessive. Alternatively, we may refuse to comply with your request in these circumstances.
What We May Need from You
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data or to exercise any of your other rights. This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
Time Limit to Respond
We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
Your Rights Explained in Detail
Request access to your personal data. This is commonly known as a “data subject access request.” This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.
Request correction of your personal data. This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us.
Request erasure of your personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully, or where we are required to erase your personal data to comply with local law. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.
Object to processing of your personal data. This right exists where we are relying on a legitimate interest (or those of a third party) as the legal basis for processing, and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your personal data for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms.
Request restriction of processing your personal data. This enables you to ask us to suspend the processing of your personal data in the following scenarios: if you want us to establish the data’s accuracy, where our use of the data is unlawful but you do not want us to erase it, where you need us to hold the data even if we no longer require it as you need it to establish, exercise, or defend legal claims, or you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.
Request transfer of your personal data. We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.
Withdraw consent at any time. Where we are relying on consent to process your personal data, you have the right to withdraw your consent at any time. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain services to you. We will advise you if this is the case at the time you withdraw your consent.
Rights for Data We Process on Your Behalf
Where we act as a data processor and process personal data on your behalf (for example, data of your employees or customers), requests from those individuals should be directed to you as the data controller. If we receive such a request directly, we will promptly refer it to you and provide reasonable assistance in responding to the request as outlined in our Data Processing Agreement.
11. Cookies
You can set your browser to refuse all or some browser cookies, or to alert you when websites set or access cookies. If you disable or refuse cookies, please note that some parts of this website may become inaccessible or not function properly.
For detailed information about the cookies we use and how to manage your cookie preferences, please see our Cookie Policy, which is managed via Cookiebot and accessible on our website.
12. Third-Party Links
This website may include links to third-party websites, plug-ins, and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements.
When you leave our website, we encourage you to read the privacy notice of every website you visit. This privacy notice applies only to personal data collected by AOIT Networks Ltd.
13. Changes to This Privacy Policy
We may update this privacy notice from time to time to reflect changes in our practices, services, or legal requirements. Any changes we make to our privacy notice in the future will be posted on this page and, where appropriate, notified to you by email or through our partner portal.
The “Last Updated” date at the top of this privacy notice indicates when it was most recently revised. We encourage you to review this privacy notice periodically to stay informed about how we are protecting your personal data.
For material changes that significantly affect how we process partner data or your rights, we will provide advance notice and, where required by law, seek your consent before implementing such changes.
14. Children’s Privacy
Our services are designed for businesses and are not directed at individuals under 16 years of age. We do not knowingly collect personal data from children under 16.
If you believe we have collected personal data from a child under 16, please contact us immediately at support@aoitnetworks.com and we will take steps to delete such information as soon as possible.
15. Questions and Complaints
If you have any questions about this privacy notice or how we handle your personal data, please contact us:
Email: support@aoitnetworks.com
Telephone: 0191 825 0808
Post: AOIT Networks Ltd, Jarrow Business Centre, Rolling Mill Road, Jarrow, Tyne and Wear, NE32 3DT, United Kingdom
Right to Complain
You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues. We would, however, appreciate the chance to deal with your concerns before you approach the ICO, so please contact us in the first instance.
ICO Contact Details:
Website: www.ico.org.uk
Helpline: 0303 123 1113
Address: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
Glossary
Lawful Basis
Legitimate Interest means the interest of our business in conducting and managing our business to enable us to give you the best service and the most secure experience. We make sure we consider and balance any potential impact on you (both positive and negative) and your rights before we process your personal data for our legitimate interests. We do not use your personal data for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law). You can obtain further information about how we assess our legitimate interests against any potential impact on you in respect of specific activities by contacting us at support@aoitnetworks.com.
Performance of Contract means processing your data where it is necessary for the performance of a contract to which you are a party or to take steps at your request before entering into such a contract.
Comply with a legal or regulatory obligation means processing your personal data where it is necessary for compliance with a legal or regulatory obligation that we are subject to.
Consent means you have given clear permission for us to process your personal data for a specific purpose. Consent must be freely given, specific, informed, and unambiguous. You have the right to withdraw consent at any time.
Your Legal Rights
Data subject access request means a request to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.
Right to rectification means the right to have any incomplete or inaccurate data we hold about you corrected.
Right to erasure (right to be forgotten) means the right to ask us to delete or remove personal data where there is no good reason for us continuing to process it.
Right to object means the right to object to processing of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your personal data for direct marketing purposes.
Right to restriction of processing means the right to ask us to suspend the processing of your personal data in certain scenarios.
Right to data portability means the right to request the transfer of your personal data to you or to a third party in a structured, commonly used, machine-readable format.
Right to withdraw consent means the right to withdraw your consent at any time where we are relying on consent to process your personal data.
Data Protection Terms
Data controller means the entity that determines the purposes and means of processing personal data. When you engage our services, you are typically the data controller of your business data and your employees’ data.
Data processor means the entity that processes personal data on behalf of the data controller. AOIT Networks Ltd acts as a data processor when we process data as part of delivering our managed IT services to you.
Personal data means any information relating to an identified or identifiable natural person (a data subject). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.
Sensitive personal data (Special categories of personal data) means personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data, data concerning health, or data concerning a natural person’s sex life or sexual orientation.
Subprocessor means a third party engaged by a data processor to process personal data on behalf of the data controller.