Privacy Policy

1. Important Information and Who We Are

Privacy Policy

This privacy policy gives you information about how iomart group plc collects and uses your personal data through your use of this website, when you contact us or when you purchase a product or service.

This website is not intended for children and we do not knowingly collect data relating to children.

Controller

The iomart Group (Group) is made up of different legal entities. This privacy policy is issued on behalf of the Group so when we mention “iomart”, “we”, “us” or “our” in this privacy policy, we are referring to the relevant company in the Group responsible for processing your data.

We have appointed a data protection officer (DPO) who is responsible for overseeing questions in relation to this privacy policy. If you have any questions about this privacy policy, including any requests to exercise your legal rights (paragraph 9), please contact using the information set out in the contact details section (paragraph 10).

2. The Types of Personal Data We Collect About You

Personal data means any information about an individual from which that person can be identified.

We may collect, use, store and transfer different kinds of personal data about you, which we have grouped together as follows:

  • Identity Data includes first name, last name, any previous names, username or similar identifier, marital status, title, date of birth, gender, national insurance number, images and recordings, car registration number and dietary requirements.
  • Contact Data includes billing address, delivery address, email address and telephone numbers.
  • Financial Data includes bank account and payment card details.
  • Transaction Data includes details about payments and purchases of products or services.
  • Technical Data includes IP address, login data, browser type/version, time zone, plug-ins, operating system, device ID and related technologies.
  • Profile Data includes job title, employer name, username, purchases, interests, preferences, feedback and survey responses.
  • Biometric Data includes fingerprints.
  • Usage Data includes how you use our website and services, such as pages viewed, clickstream data, time spent, interactions (scrolling, clicks) and navigation activity.
  • Marketing and Communications Data includes your marketing and communication preferences.
  • Employment Data includes education, qualifications and job history.
  • Shareholder Data includes national insurance details and shareholding level.

We may also collect personal data when establishing and managing business relationships, including onboarding, due diligence, contract management and ongoing services.

We also collect and use aggregated data (statistical or demographic data) which does not directly identify you.

For example, we may analyse Usage Data to understand user behaviour and improve our website and services.

3. How is Your Personal Data Collected?

We use different methods to collect data from and about you including:

  • Your interactions with us.

    You may give us your personal data by filling in online forms or by corresponding with us by post, phone, email or otherwise. This includes when you:

    • Purchase or use our products or services, including creating or using an account and contacting our service desk
    • Subscribe to our service or publications, including downloading white papers or brochures
    • Visit our website
    • Report a problem with our website
    • Visit our offices or data centres (including CCTV recording)
    • Provide information for identity verification
    • Request marketing to be sent to you
    • Sign up to or attend an event
    • Enter a competition, promotion or survey
    • Send your CV when applying for a job (directly or via an agency)
    • Provide feedback or contact us
    • Engage in business relationship processes such as onboarding, due diligence, contract negotiations and ongoing service delivery
  • Automated technologies or interactions.

    As you interact with our website, we automatically collect Technical Data about your equipment, browsing actions and patterns using cookies, server logs and similar technologies. We may also receive Technical Data if you visit other websites using our cookies. Please refer to our Cookie Policy for more details.

  • Third parties or publicly available sources.

    We may receive personal data about you from various third parties and public sources:

    • Technical Data from:
      • Analytics providers (e.g. Google)
      • Advertising networks
      • Search information providers
    • Contact, Financial and Transaction Data from providers of technical, payment and delivery services
    • Identity and Contact Data from data brokers or aggregators
    • Identity and Contact Data from publicly available sources such as Companies House and the Electoral Register
    • Identity, contact and related data from credit reference agencies, fraud prevention agencies and public registers where required for business relationships
  • Your employer or colleagues.

    To register you on our control panel and provide access to our services and products.

4. How We Use Your Personal Data

Legal Basis

The law requires us to have a legal basis for collecting and using your personal data. We rely on one or more of the following legal bases:

  • Performance of a contract with you: Where we need to perform the contract we are about to enter into or have entered into with you.
  • Legitimate interests: We may use your personal data where it is necessary to conduct our business and pursue our legitimate interests, for example to prevent fraud and provide you with the best and most secure customer experience. We always consider and balance any potential impact on your rights before processing your data under this basis.
  • Legal obligation: We may use your personal data where it is necessary to comply with a legal obligation. We will identify the relevant legal obligation when relying on this basis.
  • Consent: We rely on consent only where we have obtained your clear agreement to use your personal data for a specific purpose (e.g. email newsletters).

Purposes for Which We Will Use Your Personal Data

We will use your personal data for the following purposes:

  • To register you as a new customer
  • To process and deliver your order, including:
    • Liaising with you regarding services and products
    • Managing payments, fees and charges
    • Collecting and recovering money owed
    • Registering you on our control panel
  • To manage our relationship with you, including:
    • Notifying you about changes to terms or privacy policy
    • Handling requests, complaints and queries
  • To enable office/data centre visits and maintain safety and security
  • To administer and protect our business and website (e.g. troubleshooting, data analysis, testing, maintenance, support, reporting, hosting)
  • To deliver relevant content and advertisements and measure their effectiveness
  • To use analytics to improve website, services, and customer experience
  • To send marketing communications and personalised recommendations based on your data
  • To conduct market research through surveys
  • To allow participation in events, competitions, or surveys
  • To process job applications and review CVs
  • To manage relationships with suppliers and business partners (including onboarding, due diligence, contracts, performance monitoring)
  • To assess risk, conduct due diligence, and comply with legal and regulatory requirements

Direct Marketing

You will receive marketing communications from us if you have requested information from us or purchased goods or services and have opted in to receive such communications.

We may analyse your Identity, Contact, Technical, Usage and Profile Data to determine which products, services, and offers may interest you.

Third-Party Marketing

We will obtain your explicit consent before sharing your personal data with any third party for their own marketing purposes.

Opting Out of Marketing

You can opt out of marketing communications at any time by using the unsubscribe link provided in our emails.

Even if you opt out of marketing, you will still receive essential service-related communications, such as billing updates, maintenance notifications, or important service information.

Cookies

For more information about the cookies we use and how to manage your preferences, please refer to our Cookie Policy

5. Disclosures of Your Personal Data

We may share your personal data, where necessary, with the parties set out below for the purposes described in the section “Purposes for which we will use your personal data” above.

  • Internal Third Parties: Companies within the iomart Group, including those located in India and the USA.
  • External Third Parties:
    • Service providers acting as processors in the United Kingdom, Europe, Thailand, the USA and India, who provide IT services for our internal business operations and to our customers as subcontractors.
    • Professional advisers acting as processors or joint controllers, including lawyers, bankers, auditors and insurers in the United Kingdom, who provide consultancy, legal, banking, insurance and accounting services.
    • HM Revenue & Customs, regulators and other authorities acting as processors or joint controllers in the United Kingdom, requiring reporting of processing activities in certain circumstances.
    • Market research agencies, recruitment companies and fraud prevention agencies.
    • Providers of business systems and services supporting our operations, including supplier management, procurement, finance and contract management.
  • Third parties to whom we may choose to sell, transfer or merge parts of our business or assets. Alternatively, we may acquire or merge with other businesses. In such cases, the new owners may use your personal data in accordance with this privacy policy.

We require all third parties to respect the security of your personal data and to process it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your data for specified purposes and in line with our instructions.

6. International Transfers

We share your personal data within the iomart Group. This may involve transferring your data outside the UK to our overseas offices in India.

Whenever we transfer your personal data outside the UK to countries that may not provide the same level of data protection as UK law, we ensure that a similar level of protection is maintained by implementing appropriate safeguards.

We use specific contractual terms approved for use in the UK, including the International Data Transfer Agreement (IDTA), to ensure your personal data receives the same level of protection as it does within the UK. You can request a copy of these safeguards by contacting us.

We may also transfer your personal data to service providers who perform certain functions on our behalf. This may involve transferring data outside the UK to countries without equivalent data protection laws. In such cases, we ensure appropriate safeguards are in place, including:

  • Transferring data only to countries recognised by the UK as providing an adequate level of data protection (such as the EEA); or
  • Using approved contractual mechanisms such as:
    • International Data Transfer Agreement (IDTA); or
    • International Data Transfer Addendum to the European Commission’s Standard Contractual Clauses.

7. Data Security

We maintain strict security measures to protect your personal information. These measures include both technical and organisational procedures designed to safeguard your data against misuse, unauthorised access or disclosure, loss, alteration or destruction.

Credit card information is transmitted using Secure Socket Layer (SSL) encryption and is stored, processed and maintained in accordance with the Payment Card Industry Data Security Standard (PCI DSS) 4.0.1.

Where we have provided you with (or where you have chosen) a password that enables access to certain parts of our site, you are responsible for keeping this password confidential. We ask that you do not share your password with anyone.

Unfortunately, the transmission of information over the internet is not completely secure. Although we take all reasonable steps to protect your personal data, we cannot guarantee the security of information transmitted to our site, and any transmission is at your own risk.

Once we have received your information, we use strict security procedures and features to prevent unauthorised access. All information submitted via a web browser is protected using HTTPS encryption between the server and your device (such as a mobile phone or computer).

8. Data Retention

We will only retain your personal data for as long as reasonably necessary to fulfil the purposes for which it was collected, including to meet any legal, regulatory, tax, accounting or reporting requirements.

We may retain your personal data for a longer period in the event of a complaint or if we reasonably believe there is a possibility of litigation arising from our relationship with you.

To determine the appropriate retention period, we consider factors such as the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure, the purposes for which we process the data and whether those purposes can be achieved through other means, as well as applicable legal and regulatory requirements.

By law, we are required to retain basic customer information (including Contact, Identity, Financial and Transaction Data) for six years after you cease being a customer for tax purposes.

In some circumstances, you may request deletion of your personal data (please refer to paragraph 9 for more details). If we have received your CV either directly from you or via a recruitment agency, we will retain your details for up to 12 months from the date of receipt.

In certain situations, we may anonymise your personal data so that it can no longer be associated with you. This anonymised data may be used for research or statistical purposes and may be retained indefinitely without further notice.

9. Your Legal Rights

Your Legal Rights

You have a number of rights under data protection laws in relation to your personal data. These include the right to:

  • Request access

    You can request access to your personal data (commonly known as a “subject access request”). This enables you to receive a copy of the data we hold about you and check that we are processing it lawfully.

  • Request correction

    You can request correction of incomplete or inaccurate personal data we hold about you. We may need to verify the accuracy of the new data provided.

  • Request erasure

    You can request deletion of your personal data where there is no valid reason for continued processing. In some cases, legal requirements may prevent us from fulfilling this request, and you will be informed if this applies.

  • Object to processing

    You can object to processing where we rely on legitimate interests. We may continue processing if we demonstrate compelling legitimate grounds that override your rights.

  • Object to direct marketing

    You have an absolute right to object to the use of your personal data for direct marketing purposes at any time.

  • Request data transfer

    You can request transfer of your personal data to you or a third party in a structured, commonly used, machine-readable format. This applies only to data processed automatically based on consent or contract.

  • Request restriction of processing

    You can request restriction of processing in the following situations:

    • If you want us to verify data accuracy
    • If processing is unlawful but you do not want deletion
    • If you need the data for legal claims and we no longer require it
    • If you have objected to processing and verification is required

If you wish to exercise any of the rights above, please refer to the contact details provided in paragraph 10.

Fees

You will not usually have to pay a fee to access your personal data or exercise your rights. However, we may charge a reasonable fee or refuse to comply if your request is clearly unfounded, repetitive or excessive.

What We May Need from You

We may request specific information to confirm your identity and ensure your right to access your personal data. This is a security measure to prevent unauthorised access. We may also ask for additional information to help us respond more quickly to your request.

Time Limit to Respond

We aim to respond to all legitimate requests within one month. If your request is complex or multiple requests are made, it may take longer. In such cases, we will notify you and keep you updated.

10. Contact Details

If you have any questions about this privacy policy or about the use of your personal data or you want to exercise your privacy rights, please contact us in the following ways:

  • Email address: dpo@iomart.com
  • Postal address: 6 Atlantic Quay, 55 Roberson Street, Glasgow G2 8JD
  • Telephone number: 0141 931 6400

11. Complaints

You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK regulator for data protection issues (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.

12. Changes to the Privacy Policy and Your Duty to Inform Us of Changes

We keep our privacy policy under regular review. This version was last updated on 05/06/2025. It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us, for example a new address or email address.

13. Third-Party Links

This website may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy policy of every website you visit.

Last updated: 8th June 2026