Commandshift Privacy policy
Last Updated: 25/07/2025
CmdShift ("we," "our," or "us") is committed to protecting your privacy and personal data. This Privacy Policy explains how we collect, use, store, and protect your information when you use our website, services, or interact with us.
As a UK-based Apple infrastructure specialist, we are subject to the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. We are committed to handling your personal data in accordance with these laws.Who We AreData Controller:
CommandShift Ltd
Rivington House, 82 Great Eastern Street, London, EC2A 3JF
privacy@cmdshift.io
We are registered with the Information Commissioner's Office (ICO) under registration number [ICO registration number to be added].Information We Collect
Information You Provide Directly
• Contact Information: Name, email address, phone number, company name, job title
• Service Enquiries: Information provided when requesting consultations, quotes, or support
• Communication Records: Content of emails, chat messages, phone calls, and support tickets
• Account Information: Login credentials and account preferences for client portals
• Payment Information: Billing addresses and payment preferences (payment card details are processed by our payment provider Stripe)
Information We Collect Automatically
• Website Analytics: IP address, browser type, device information, pages visited, time spent on site
• Cookies and Tracking: See our Cookie Policy for detailed information
• Service Usage Data: When providing IT services, we may collect technical logs and performance data
Information We Receive from Third Parties
• Business Information: Publicly available business information to better understand your requirements
• Referral Information: Contact details when you're referred to us by existing clients or partnersHow We Use Your InformationWe process your personal data for the following purposes:
Legitimate Business Interests
• Service Delivery: Providing managed infrastructure, IT support, and fractional CTO services
• Customer Support: Responding to enquiries and providing technical assistance
• Business Development: Understanding client needs and improving our services
• Marketing Communications: Sending relevant information about our services (where permitted)
Contractual Obligations
• Service Agreements: Fulfilling our obligations under service contracts
• Billing and Payments: Processing invoices and payments for services
• Compliance: Meeting our legal and regulatory obligations
Consent
• Marketing Emails: Sending promotional content (only where you've consented)
• Optional Services: Providing additional services you've specifically requestedLegal Basis for ProcessingWe process your personal data under the following legal bases:
• Legitimate Interests: For business operations, service improvement, and marketing to existing clients
• Contract Performance: To deliver the IT services you've contracted for
• Legal Compliance: To meet our obligations under UK law and regulations
• Consent: Where you've explicitly consented to specific processing activitiesHow We Share Your InformationWe may share your personal data with:
Service Providers
• Cloud Platforms: Google Workspace, Microsoft 365 (for service delivery)
• Payment Processing: Stripe (for billing and payments)
• CRM System: HubSpot (for customer relationship management)
• Analytics: Google Analytics, Microsoft Clarity (for website improvement)
• Accounting: Xero (for financial management)
• Automation: n8n (for workflow automation)
• Communication Tools: Various platforms for service delivery and support
Legal Requirements
• Regulatory authorities when required by law
• Law enforcement agencies when legally obligated
• Courts and tribunals when subject to legal proceedings
Business Transfers
In the event of a merger, acquisition, or sale of assets, your data may be transferred to the new entity.
We never sell your personal data to third parties for marketing purposes.International TransfersSome of our service providers may be located outside the UK/EEA. Where this occurs, we ensure appropriate safeguards are in place:
• Adequacy Decisions: Transfers to countries with adequate data protection laws
• Standard Contractual Clauses: EU-approved contractual protections
• Certification Schemes: Providers certified under recognised data protection frameworksData RetentionWe retain your personal data for as long as necessary to:
• Active Clients: Throughout the duration of our service relationship
• Former Clients: Up to 7 years after contract termination (for legal and tax purposes)
• Enquiries: Up to 2 years after initial contact
• Marketing Communications: Until you unsubscribe or object
• Website Analytics: Up to 26 monthsYour RightsUnder UK GDPR, you have the following rights:
Access and Portability
• Right of Access: Request copies of your personal data
• Data Portability: Receive your data in a structured, machine-readable format
Correction and Deletion
• Rectification: Correct inaccurate or incomplete data
• Erasure: Request deletion of your personal data (subject to legal requirements)
Processing Controls
• Restriction: Limit how we process your data
• Objection: Object to processing based on legitimate interests
• Withdrawal: Withdraw consent where processing is based on consent
Automated Decision-Making
You have the right not to be subject to automated decision-making, including profiling, that produces legal effects or significantly affects you.
To exercise these rights, contact us at privacy@cmdshift.io.Data SecurityWe implement appropriate technical and organisational measures to protect your personal data:
Technical Safeguards
• Encryption of data in transit and at rest
• Regular security assessments and updates
• Access controls and authentication systems
• Secure backup and disaster recovery procedures
Organisational Measures
• Staff training on data protection
• Clear data handling procedures
• Regular policy reviews and updates
• Incident response procedures
Third-Party Security
We carefully select service providers who demonstrate appropriate security standards and are contractually bound to protect your data.Data Breach NotificationIn the unlikely event of a data breach that poses a risk to your rights and freedoms, we will:
• Notify the ICO within 72 hours of becoming aware
• Inform affected individuals without undue delay
• Provide clear information about the nature and impact of the breach
• Outline steps taken to address the breach and prevent recurrenceChildren's PrivacyOur services are designed for businesses and we do not knowingly collect personal data from children under 16. If we become aware that we have collected such data, we will delete it promptly.Changes to This PolicyWe may update this Privacy Policy to reflect changes in our practices or legal requirements. We will:
• Post the updated policy on our website
• Notify existing clients of material changes
• Indicate the date of the last updateContact UsData Protection Enquiries
Email: privacy@cmdshift.io
Post: Rivington House, 82 Great Eastern Street, London, EC2A 3JF
Phone: [Your phone number]
Complaints
If you're not satisfied with how we handle your personal data, you have the right to lodge a complaint with the Information Commissioner's Office (ICO):
ICO Website: ico.org.uk
ICO Helpline: 0303 123 1113
ICO Address: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF
As a UK-based Apple infrastructure specialist, we are subject to the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. We are committed to handling your personal data in accordance with these laws.Who We AreData Controller:
CommandShift Ltd
Rivington House, 82 Great Eastern Street, London, EC2A 3JF
privacy@cmdshift.io
We are registered with the Information Commissioner's Office (ICO) under registration number [ICO registration number to be added].Information We Collect
Information You Provide Directly
• Contact Information: Name, email address, phone number, company name, job title
• Service Enquiries: Information provided when requesting consultations, quotes, or support
• Communication Records: Content of emails, chat messages, phone calls, and support tickets
• Account Information: Login credentials and account preferences for client portals
• Payment Information: Billing addresses and payment preferences (payment card details are processed by our payment provider Stripe)
Information We Collect Automatically
• Website Analytics: IP address, browser type, device information, pages visited, time spent on site
• Cookies and Tracking: See our Cookie Policy for detailed information
• Service Usage Data: When providing IT services, we may collect technical logs and performance data
Information We Receive from Third Parties
• Business Information: Publicly available business information to better understand your requirements
• Referral Information: Contact details when you're referred to us by existing clients or partnersHow We Use Your InformationWe process your personal data for the following purposes:
Legitimate Business Interests
• Service Delivery: Providing managed infrastructure, IT support, and fractional CTO services
• Customer Support: Responding to enquiries and providing technical assistance
• Business Development: Understanding client needs and improving our services
• Marketing Communications: Sending relevant information about our services (where permitted)
Contractual Obligations
• Service Agreements: Fulfilling our obligations under service contracts
• Billing and Payments: Processing invoices and payments for services
• Compliance: Meeting our legal and regulatory obligations
Consent
• Marketing Emails: Sending promotional content (only where you've consented)
• Optional Services: Providing additional services you've specifically requestedLegal Basis for ProcessingWe process your personal data under the following legal bases:
• Legitimate Interests: For business operations, service improvement, and marketing to existing clients
• Contract Performance: To deliver the IT services you've contracted for
• Legal Compliance: To meet our obligations under UK law and regulations
• Consent: Where you've explicitly consented to specific processing activitiesHow We Share Your InformationWe may share your personal data with:
Service Providers
• Cloud Platforms: Google Workspace, Microsoft 365 (for service delivery)
• Payment Processing: Stripe (for billing and payments)
• CRM System: HubSpot (for customer relationship management)
• Analytics: Google Analytics, Microsoft Clarity (for website improvement)
• Accounting: Xero (for financial management)
• Automation: n8n (for workflow automation)
• Communication Tools: Various platforms for service delivery and support
Legal Requirements
• Regulatory authorities when required by law
• Law enforcement agencies when legally obligated
• Courts and tribunals when subject to legal proceedings
Business Transfers
In the event of a merger, acquisition, or sale of assets, your data may be transferred to the new entity.
We never sell your personal data to third parties for marketing purposes.International TransfersSome of our service providers may be located outside the UK/EEA. Where this occurs, we ensure appropriate safeguards are in place:
• Adequacy Decisions: Transfers to countries with adequate data protection laws
• Standard Contractual Clauses: EU-approved contractual protections
• Certification Schemes: Providers certified under recognised data protection frameworksData RetentionWe retain your personal data for as long as necessary to:
• Active Clients: Throughout the duration of our service relationship
• Former Clients: Up to 7 years after contract termination (for legal and tax purposes)
• Enquiries: Up to 2 years after initial contact
• Marketing Communications: Until you unsubscribe or object
• Website Analytics: Up to 26 monthsYour RightsUnder UK GDPR, you have the following rights:
Access and Portability
• Right of Access: Request copies of your personal data
• Data Portability: Receive your data in a structured, machine-readable format
Correction and Deletion
• Rectification: Correct inaccurate or incomplete data
• Erasure: Request deletion of your personal data (subject to legal requirements)
Processing Controls
• Restriction: Limit how we process your data
• Objection: Object to processing based on legitimate interests
• Withdrawal: Withdraw consent where processing is based on consent
Automated Decision-Making
You have the right not to be subject to automated decision-making, including profiling, that produces legal effects or significantly affects you.
To exercise these rights, contact us at privacy@cmdshift.io.Data SecurityWe implement appropriate technical and organisational measures to protect your personal data:
Technical Safeguards
• Encryption of data in transit and at rest
• Regular security assessments and updates
• Access controls and authentication systems
• Secure backup and disaster recovery procedures
Organisational Measures
• Staff training on data protection
• Clear data handling procedures
• Regular policy reviews and updates
• Incident response procedures
Third-Party Security
We carefully select service providers who demonstrate appropriate security standards and are contractually bound to protect your data.Data Breach NotificationIn the unlikely event of a data breach that poses a risk to your rights and freedoms, we will:
• Notify the ICO within 72 hours of becoming aware
• Inform affected individuals without undue delay
• Provide clear information about the nature and impact of the breach
• Outline steps taken to address the breach and prevent recurrenceChildren's PrivacyOur services are designed for businesses and we do not knowingly collect personal data from children under 16. If we become aware that we have collected such data, we will delete it promptly.Changes to This PolicyWe may update this Privacy Policy to reflect changes in our practices or legal requirements. We will:
• Post the updated policy on our website
• Notify existing clients of material changes
• Indicate the date of the last updateContact UsData Protection Enquiries
Email: privacy@cmdshift.io
Post: Rivington House, 82 Great Eastern Street, London, EC2A 3JF
Phone: [Your phone number]
Complaints
If you're not satisfied with how we handle your personal data, you have the right to lodge a complaint with the Information Commissioner's Office (ICO):
ICO Website: ico.org.uk
ICO Helpline: 0303 123 1113
ICO Address: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF
