Privacy Policy


Here at Flex IT Ltd we are committed to protecting your privacy and keeping your personal
data secure. This notice is provided for you to understand what personal data we collect,
how we collect it and why we need it to run our business.

Who we are

Flex IT Ltd is an IT managed service provider based in Woodstock, Oxfordshire. We provide IT services to a large client base in the UK and internationally. We are committed to maintaining the trust and confidence of our clients, customers, suppliers, and visitors to our website. Flex IT Ltd is the ‘Data Controller’ for any data you provide to us, and we process it in accordance with all applicable Data Protection law including the Data Protection Act (UK) 2018 and the General Data Protection Regulations (2018). If you have any questions regarding this notice or our handling of your data, our contact details can be found at the end of this notice.

Ways we collect your data may include times when:

  • You request a proposal from us in respect of the services we provide.
  • You OR your employer OR our customer engages us to provide our services and during the provision of those services.
  • As part of a contract with our customer we may be allowed incidental access to personal data processed by that customer but only as necessary to install, configure or diagnose software or hardware issues. Our staff are trained not to record, transfer, or otherwise share such information.
  • You contact us by email, telephone, post, or social media (for example when you have a query about our services).
  • We obtain information from third parties and/or publicly available resources (for example, from your employer or from Companies House); or
  • You engage with our website; Please see our cookie policy below for further details.

Types of data we collect

Website Cookies

A cookie is a small file which asks permission to be placed on your computer's hard drive. Cookies allow web applications to respond to you as an individual. They allow the web application to tailor its operations to your needs, likes and dislikes by gathering and remembering information about your preferences.

Flex IT Ltd uses a number of different cookies on this site including core, functional cookies that are required for the correct operation of the site and tracking cookies that help us to monitor and improve the site for its users.

These are the types of tracking cookies Flex IT Ltd uses and the purpose they serve:



More information on these cookies


Third Party

Used for site analytics and Google Ad suggestions.

Google reCAPTCHA


Used to identify bots to protect the website against malicious spam attacks.

If you are not comfortable with us storing cookies, there are a couple of options that you can take when using our site:

  1. You can edit your preferences using the button below.
  2. Most web browsers will allow you to disable all cookies or just third party cookies. Instructions on how to do this for various browsers can be found here - If you completely disable cookies our website may not function as intended.
  3. You can browse our site using your browser’s anonymous browsing mode, for example Chrome's ‘incognito’ mode or Internet Explorer's ‘inPrivate browsing’ mode. This will prevent the site from reading any older cookies, or storing any cookies for longer than your session duration.

Customer Data

To fulfil our contractual obligation to our customers, it is necessary for Flex IT Ltd to collect specific personal data about our customers. The data that we collect includes:

  • Your personal contact details (such as your name, address, email address, phone number)
  • Bank account details
  • Details of contact we have had with you in relation to the provision, or the proposed provision, of our services
  • Our correspondence and communications with you
  • Information about any complaints and enquiries you make to us
  • Information we receive from other sources, such as publicly available information, information provided by your employer OR our clients or from our member network firms which may include financial and credit check information.

Lawful reasons for processing your personal data

We process your personal data for the following lawful reasons:

a. For the performance of our contract with you OR your employer OR our clients and to comply with our legal obligations. This may include processing your personal data where you are an employee, subcontractor, supplier, or customer of our client.

b. For our legitimate interests provided that those interests do not override any of your own interests, rights and freedoms which require the protection of personal data. This includes processing for marketing, business development, statistical and management purposes.

Please note that we may process your personal data for more than one lawful basis depending on the specific purpose for which we are using your data.

Data sharing

We will share your personal data with third parties:

  • Where it is necessary to administer the relationship between us, for example with invoice and accounting agents.
  • Where we have another legitimate interest in doing so in connection with the services we are providing to you.
  • We will never sell to, or share your information with, third parties to use for their own sales and marketing purposes.

Third-party service providers

“Third parties” includes third-party service providers. We use the third-party service providers such as IT and cloud services and accounting services.

All our third-party service providers are required to take commercially reasonable and appropriate security measures to protect your personal data. We only permit our third-party service providers to process your personal data for specified purposes and in accordance with our instructions.

Transferring personal data outside the European Economic Area (EEA)

Whenever we transfer your personal data out of the EEA, we ensure a similar degree of protection by ensuring at least one of the following safeguards is implemented:

  • we will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission.
  • where we use providers based in the US, we may transfer data to them if they are part of the Privacy Shield which requires them to provide similar protection to personal data shared between Europe and the US.

Mailing Lists

As of the date of this notice, we do not collect your data for use on mailing lists for marketing purposes. However, we may periodically use the contact information you provide to update you with essential service information.

Data security

We apply appropriate security measures, including Cyber Essentials, to prevent your personal data from being accidentally lost, used, or accessed in an unauthorised way, altered, or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.

We will notify you and any applicable regulator of a suspected breach where we are legally required to do so.

Rights of access, correction, erasure, and restriction

Your duty to inform us of changes

It is important that the personal data we hold about you is accurate and current. Should your personal information change, please notify us of any changes of which we need to be made aware by contacting us, using the contact details below.

Your rights in connection with personal data

Under certain circumstances, by law you have the right to request access to the personal data we hold, and we are obliged to keep it accurate as far as it is within our control to do so. You have other rights to object to or restrict our processing and request its transfer to another party under certain circumstances.

If you wish to exercise these rights please contact:

You will not have to pay a fee to access your personal data or to exercise any of the other rights. However, we may charge a reasonable fee if your request for access is clearly unfounded or excessive. We may need to request specific information from you to help us confirm your identity and ensure your right to access the information (or to exercise any of your other rights). This is an appropriate security measure to ensure that personal information is not disclosed to any person who has no right to receive it.

Changes to this Privacy Notice

Any changes we may make to our privacy notice in the future will be updated on this page. This privacy notice was last updated on 27th November 2020

Contact us

If you have any questions regarding this notice please email