Privacy Policy

Thingsmart ("we", "us", "our") operates the website https://thingsmart.co.

We are a UK-based business providing digital services, including (but not limited to) web development, automation, and technology consulting for SMEs.

For the purposes of data protection law, we are the Data Controller of your personal data.

We may collect and process the following personal data:

A. Information You Provide to Us

• Name
• Email address
• Phone number
• Company name
• Message content submitted via contact forms
• Information submitted when requesting a quote or consultation

B. Automatically Collected Information

When you visit our website, we may collect:

• IP address
• Browser type and version
• Device information
• Pages visited and time spent
• Referring website
• Cookies and tracking technologies

We process your personal data under the following lawful bases:

• Consent — When you submit a contact form or opt in to marketing communications.
• Contractual necessity — When processing is necessary to provide services you have requested.
• Legitimate interest — To improve our website, prevent fraud, and operate our business efficiently.
• Legal obligation — When required to comply with UK law.

We use your information to:

• Respond to enquiries
• Provide quotes and services
• Communicate about projects
• Improve our website and services
• Send marketing communications (only if you opt in)
• Comply with legal obligations

We may use cookies and similar technologies to:

• Analyse website traffic (e.g. Google Analytics)
• Improve user experience
• Remember preferences

You can manage cookies via your browser settings. A cookie consent banner is displayed to allow you to opt in to non-essential cookies before they are set.

We may share your data with trusted third-party service providers, including:

• Website hosting providers
• Email service providers
• CRM systems
• Analytics providers

All third parties are required to protect your data and process it only in accordance with applicable data protection laws.

If we transfer personal data outside the UK or EEA, we ensure appropriate safeguards are in place, such as:

• UK International Data Transfer Agreement (IDTA)
• Standard Contractual Clauses (SCCs)

We retain personal data only for as long as necessary:

• Enquiries — up to 12–24 months
• Client data — for the duration of the contract and up to 6 years for legal/accounting purposes
• Marketing data — until you withdraw consent

Under UK GDPR, you have the right to:

• Access your personal data
• Rectify inaccurate data
• Request erasure ("Right to be Forgotten")
• Restrict processing
• Object to processing
• Data portability
• Withdraw consent at any time

We implement appropriate technical and organisational measures to protect your data, including:

• SSL encryption
• Secure hosting
• Access control measures
• Regular software updates

If you are unhappy with how we process your data, you have the right to lodge a complaint with:

We may update this Privacy Policy from time to time. Updates will be posted on this page with a revised "Last updated" date.