1. Who we are
This privacy policy applies to iot-works.com, operated by IoT-WorkS, a trading name of Virtually Pro Ltd (registered in Scotland, SC123456). Registered office: 83 Princes Street, Edinburgh EH2 2ER, United Kingdom.
We are the data controller for any personal data you provide via this website. For privacy questions, contact us at privacy@iot-works.com.
2. What we collect and why
We collect personal data in three situations:
- When you contact us via the contact form, email, or phone - typically your name, company, email, phone, and the contents of your enquiry. We use this to respond and follow up.
- When you subscribe to our newsletter - your email address. Used solely to send the newsletter; unsubscribe link in every email.
- When you visit the site - anonymous analytics (page views, referrer, anonymised IP) via Vercel Analytics. No personal identification, no cross-site tracking.
3. Lawful basis
We process your data under the lawful bases set out in UK GDPR Article 6: consent (newsletter), legitimate interest (responding to enquiries, basic site analytics), and contract (delivering services you have engaged us for).
4. How long we keep your data
- Contact enquiries: up to 3 years from last interaction
- Newsletter subscribers: until you unsubscribe
- Analytics: aggregated, no individual retention
- Customer records: as required by law (typically 7 years for accounting)
5. Who we share data with
We share data only with the parties needed to operate the service:
- Hosting: Vercel Inc. (US) and Cloudflare Inc. (US) - both with EU-UK Data Privacy Framework certification
- Email delivery: our transactional email provider for replies and newsletters
- Database: Neon (US/EU) for any persisted form submissions
- Analytics: Vercel Analytics (anonymised, no cookies)
We do not sell your data and do not share it for advertising.
6. Cookies
The site uses minimal cookies: a theme preference cookie (light/dark mode) and a session cookie if you submit a form. We do not use third-party advertising cookies. Vercel Analytics is cookie-less.
Your browser allows you to block or delete cookies via its settings. Blocking the theme cookie will reset your light/dark preference each visit; blocking other cookies will not break the site.
7. Your rights
Under UK GDPR you have the right to:
- access the personal data we hold about you
- request correction of inaccurate data
- request erasure (the "right to be forgotten")
- restrict or object to processing
- data portability
- withdraw consent at any time (without affecting prior lawful processing)
To exercise any of these rights, email privacy@iot-works.com. We respond within 30 days.
8. Complaints
If you believe we have mishandled your personal data, you can complain to the UK Information Commissioner’s Office (ICO): ico.org.uk/make-a-complaint.
9. International transfers
Some of our service providers (Vercel, Cloudflare, Neon) are based in the US. Transfers are protected by the EU-UK Data Privacy Framework and contractual safeguards (Standard Contractual Clauses).
10. Updates to this policy
We update this policy from time to time. The "last updated" date at the top reflects the most recent change. Material changes are highlighted in our newsletter and on this page for 30 days.