Steelzz Development ("Steelzz", "we", "our", or "us") is committed to protecting and respecting your privacy in accordance with all applicable data protection legislation, including but not limited to the UK General Data Protection Regulation ("UK GDPR") and the Data Protection Act 2018 ("DPA 2018").

This Privacy Policy (the "Policy") sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed, stored, and protected by Steelzz Development. It applies to all interactions with our website, communications, and services.

By accessing our website, submitting information through our forms, or engaging our services, you acknowledge that you have read, understood, and agree to the practices described in this Policy.

1. Data Controller and Contact Information

1.1 For the purposes of applicable data protection legislation, the data controller is:

1.2 All queries, concerns, or requests regarding the processing of your personal data should be directed to the above contact details.

2. Scope and Application of This Policy

2.1 This Policy applies to all natural persons who:

• Visit, browse, or interact with our website (www.steelzz.com)
• Submit information via contact forms, quotation requests, or other electronic means
• Communicate with us via email, telephone, or other communication channels
• Enter into contractual arrangements for the provision of our services
• Are otherwise identified or identifiable through data we process

2.2 This Policy does not apply to information that has been anonymised or aggregated such that individuals cannot be re-identified.

3. Categories of Personal Data Collected

3.1 Personal data provided directly by you:

We may collect and process the following categories of personal data that you voluntarily provide to us:

• Full legal name or trading name
• Email address
• Telephone number (landline or mobile)
• Business or company name and trading details
• Correspondence, messages, and communications submitted to us
• Project-specific requirements, specifications, and instructions
• Any other personal data voluntarily disclosed via forms, emails, or consultations

3.2 Personal data collected automatically:

When you access our website or services, we may automatically collect certain technical and usage data, including:

• Internet Protocol (IP) address
• Browser type, version, and language preferences
• Operating system and device type
• Approximate geolocation and time zone settings
• Pages visited, duration of visit, and navigation paths
• Referring and exit pages, and traffic sources
• Date and time stamps of access

3.3 We do not collect special category data (sensitive personal data such as health, racial, political, or biometric data) unless expressly required and consented to in writing.

4. Legal Basis for Processing Personal Data

4.1 We process personal data only where we have a lawful basis to do so under UK GDPR and DPA 2018. The legal bases we rely upon include:

(a) Consent (Article 6(1)(a) UK GDPR)

Where you have freely given, specific, informed, and unambiguous consent to the processing of your personal data for one or more specified purposes (e.g., submitting a contact form or subscribing to communications).

(b) Performance of a Contract (Article 6(1)(b) UK GDPR)

Where processing is necessary for the performance of a contract to which you are a party, or in order to take steps at your request prior to entering into a contract.

(c) Legitimate Interests (Article 6(1)(f) UK GDPR)

Where processing is necessary for the purposes of legitimate interests pursued by Steelzz or a third party, except where such interests are overridden by your fundamental rights and freedoms. Legitimate interests include business administration, internal analytics, service improvement, client relationship management, fraud prevention, and network security.

(d) Legal Obligation (Article 6(1)(c) UK GDPR)

Where processing is necessary to comply with a legal obligation to which we are subject (e.g., tax, accounting, or regulatory requirements).

5. Purposes for Which We Process Personal Data

5.1 Steelzz Development processes personal data for the following purposes:

• To respond to enquiries, service requests, and quotation requests
• To enter into, perform, and administer contracts for the provision of services
• To communicate with you regarding project updates, technical matters, invoicing, and support
• To maintain accurate internal records, documentation, and client databases
• To deliver, host, maintain, and support websites, applications, and digital solutions
• To conduct follow-up communications, feedback requests, and customer satisfaction assessments
• To analyse website traffic, user behaviour, and service performance for operational improvement
• To comply with legal, regulatory, tax, and audit obligations
• To enforce our Terms of Service and protect our legal rights and interests
• To detect, prevent, and address fraud, security breaches, or technical malfunctions

6. Data Retention

6.1 Personal data shall be retained only for as long as is necessary to fulfil the purposes for which it was collected, or as required by law.

6.2 Retention periods vary depending on the nature of the data and the purpose for which it is held:

• Contractual and financial records: up to 7 years from the end of the contractual relationship (to comply with accounting and tax obligations)
• Marketing communications data: until consent is withdrawn or until the data subject requests deletion
• Website analytics and technical logs: typically up to 26 months
• General correspondence: retained for as long as reasonably necessary for business continuity and operational purposes

6.3 Upon expiry of the applicable retention period, personal data will be securely deleted, anonymised, or archived in accordance with our data retention and destruction procedures.

7. Data Security

7.1 Steelzz Development implements appropriate technical and organisational measures to ensure a level of security appropriate to the risk of processing personal data.

7.2 Such measures include, but are not limited to:

• Encryption of data in transit and at rest
• Access controls and authentication mechanisms
• Regular security assessments and audits
• Secure cloud-based storage with reputable service providers
• Employee training on data protection and confidentiality obligations
• Incident response and breach notification procedures

7.3 While we endeavour to protect personal data, no method of transmission or storage is entirely secure. We cannot guarantee absolute security but will take all reasonable precautions to safeguard your data.

8. Disclosure of Personal Data to Third Parties

8.1 Steelzz Development does not sell, rent, lease, or trade your personal data to third parties for their marketing or commercial purposes.

8.2 We may disclose your personal data to third parties only in the following circumstances:

• Service Providers and Processors: We may engage reputable third-party service providers (e.g., hosting providers, email platforms, analytics services, payment processors) to assist in delivering our services. Such third parties process personal data solely on our behalf and under strict contractual obligations of confidentiality and data protection.
• Legal and Regulatory Obligations: We may disclose personal data where required to do so by law, court order, subpoena, or other legal process, or where necessary to enforce our rights, protect our property, or ensure the safety of our personnel or others.
• Business Transfers: In the event of a merger, acquisition, reorganisation, or sale of assets, personal data may be transferred to the successor entity, subject to the same privacy protections.

8.3 All third-party service providers are vetted for compliance with UK GDPR and are required to implement appropriate data protection measures.

9. International Transfers of Personal Data

9.1 Steelzz Development primarily operates within the United Kingdom. However, personal data may occasionally be transferred to, or processed in, countries outside the United Kingdom or the European Economic Area ("EEA").

9.2 Where such transfers occur, we shall ensure that:

• The recipient country has been deemed to provide an adequate level of data protection by the UK Government or European Commission; or
• Appropriate safeguards are in place (e.g., Standard Contractual Clauses approved under UK GDPR, binding corporate rules, or other recognised transfer mechanisms); and
• You are informed of such transfers and the safeguards applied.

10. Your Rights as a Data Subject

10.1 Under UK GDPR and DPA 2018, you have the following rights in relation to your personal data:

(a) Right of Access (Article 15 UK GDPR)

The right to obtain confirmation as to whether your personal data is being processed, and if so, to receive a copy of that data along with information about how it is processed.

(b) Right to Rectification (Article 16 UK GDPR)

The right to have inaccurate personal data corrected or incomplete personal data completed without undue delay.

(c) Right to Erasure ("Right to be Forgotten") (Article 17 UK GDPR)

The right to request the deletion of your personal data where there is no compelling reason for its continued processing, subject to certain legal exceptions.

(d) Right to Restriction of Processing (Article 18 UK GDPR)

The right to restrict the processing of your personal data in certain circumstances (e.g., where accuracy is contested or processing is unlawful).

(e) Right to Data Portability (Article 20 UK GDPR)

The right to receive your personal data in a structured, commonly used, and machine-readable format and to transmit that data to another controller where technically feasible.

(f) Right to Object (Article 21 UK GDPR)

The right to object to the processing of your personal data where processing is based on legitimate interests or for direct marketing purposes.

(g) Right to Withdraw Consent (Article 7(3) UK GDPR)

Where processing is based on consent, you have the right to withdraw that consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal.

(h) Right Not to Be Subject to Automated Decision-Making (Article 22 UK GDPR)

The right not to be subject to a decision based solely on automated processing, including profiling, which produces legal or similarly significant effects, unless certain conditions are met.

10.2 To exercise any of these rights, please submit a written request to help@steelzz.com. We will respond to your request within one month of receipt, or inform you if an extension is required.

10.3 We may require verification of your identity before processing any data subject request to ensure the security of your personal data.

11. Cookies and Similar Technologies

11.1 Our website may use cookies and similar tracking technologies (e.g., web beacons, pixels) to enhance user experience, analyse site performance, and gather aggregated usage statistics.

11.2 Cookies are small text files placed on your device that allow us to recognise your browser and capture certain information. They may be session-based (deleted when you close your browser) or persistent (remaining on your device until deleted or expired).

11.3 You may configure your browser settings to refuse or delete cookies. However, please note that disabling cookies may impair certain functionalities of our website.

11.4 For detailed information about the cookies we use and your choices, please refer to our Cookie Policy (if applicable) or contact us at help@steelzz.com.

12. Children's Privacy

12.1 Our services and website are not intended for, nor directed at, individuals under the age of 16 years ("Children").

12.2 We do not knowingly collect or process personal data from Children. If we become aware that we have inadvertently collected personal data from a Child without appropriate parental consent, we will take steps to delete that data as soon as reasonably practicable.

13. Third-Party Links and Services

13.1 Our website may contain links to third-party websites, platforms, or services that are not operated or controlled by Steelzz Development.

13.2 We are not responsible for the privacy practices, content, or security of such third-party sites or services. We encourage you to review the privacy policies of any third-party sites you visit.

14. Data Breach Notification

14.1 In the unlikely event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the Information Commissioner's Office ("ICO") without undue delay and, where feasible, within 72 hours of becoming aware of the breach.

14.2 If the breach is likely to result in a high risk to your rights and freedoms, we will also notify you directly and provide information about the nature of the breach, its likely consequences, and the measures taken or proposed to address it.

15. Changes to This Privacy Policy

15.1 Steelzz Development reserves the right to amend, update, or replace this Privacy Policy at any time to reflect changes in our practices, legal obligations, or operational requirements.

15.2 Any material changes to this Policy will be communicated by updating the "Last Updated" date at the top of this document. Where appropriate, we may also notify you via email or by posting a prominent notice on our website.

15.3 We encourage you to review this Policy periodically to remain informed of how we process and protect your personal data.

16. Your Right to Lodge a Complaint

16.1 If you believe that your personal data has been processed in violation of applicable data protection laws, you have the right to lodge a complaint with the supervisory authority.

16.2 In the United Kingdom, the supervisory authority is:

16.3 Whilst you have the right to lodge a complaint directly with the ICO, we would appreciate the opportunity to address your concerns directly before you do so. Please contact us at help@steelzz.com.

17. Contact and Data Protection Enquiries

17.1 If you have any questions, concerns, or requests regarding this Privacy Policy or the processing of your personal data, please contact us at:

17.2 We will endeavour to respond to all enquiries promptly and in accordance with our legal obligations.

Steelzz Development is committed to transparency, accountability, and full compliance with all applicable data protection legislation. We take your privacy seriously, and we do not sell your data. Ever.