Skip to main content
Curatrix Technologies

Curatrix Privacy Policy

Last Updated: March 2026

Curatrix Holdings Ltd and its subsidiary Curatrix Technologies Ltd (“Curatrix”, “we”, “us”, “our”) are committed to protecting your personal data and respecting your privacy. This Privacy Policy explains how we collect, use, store, share and protect your personal information when you interact with us, visit our websites, or use our services.

This Privacy Policy is written in accordance with:

  • UK General Data Protection Regulation (UK GDPR)
  • Data Protection Act 2018 (as amended)
  • Privacy and Electronic Communications Regulations (PECR)
  • Online Safety Act (relevant data-handling provisions)
  • ICO guidance updated to March 2026

1. Who We Are

Curatrix Holdings Ltd
Registration No. 10107528

Curatrix Technologies Ltd
Registration No. 09889757
VAT No. GB 231 8719 07


Curatrix is a provider of managed IT, cyber‑security, cloud and telecommunications services. For the purposes of data protection law, Curatrix is the Data Controller for the personal data we process.

2. Personal Data We Collect

We collect personal information in the following ways:

A. Information You Provide

  • Name, job title, organisation
  • Email address, phone number, postal address
  • Account login details (where applicable)
  • Service contracts, onboarding information
  • Support enquiries, call recordings, chat transcripts
  • Billing information and payment details
  • CCTV images when visiting our premises
  • Any additional information you choose to provide

B. Information Collected Automatically

  • IP address, browser type and version
  • Device identifiers
  • Usage logs and diagnostic data
  • Security events (e.g., access logs)
  • Cookies and similar tracking technology (see Cookie Policy)

C. Information Obtained from Third Parties

  • Telecoms partners and carriers
  • Cloud service providers
  • Publicly available sources (e.g., Companies House)
  • Identity or credit‑checking providers (where relevant)
  • Microsoft (for Microsoft 365 tenancy administration)

3. Legal Bases for Processing

We process your personal data on one or more of the following lawful bases:

  • Contractual necessity
    To deliver the services you have purchased or requested.

  • Legitimate interests
    Including cybersecurity, service monitoring, business administration, preventing fraud, and improving customer experience.

  • Legal obligation
    Compliance with HMRC, Ofcom, ICO, anti‑fraud and audit requirements.

  • Consent
    For marketing communications, optional cookies, or optional data collection.

  • Vital interests
    Rarely, where necessary to protect life (e.g., critical system breach notification).

4. How We Use Your Data

We use personal information to:

  • Provide, manage and support our services
  • Administer IT, cloud, telecoms and cyber‑security platforms
  • Respond to support requests and troubleshoot issues
  • Manage account billing, invoicing and contract renewals
  • Monitor platform usage to safeguard systems
  • Improve our products and services
  • Meet legal or regulatory obligations
  • Communicate updates, security alerts or service notices
  • Send marketing communications (only with consent)

5. Marketing Communications

You will only receive marketing messages if you have:

  • opted‑in to receive marketing; or
  • have an existing business relationship where UK GDPR/PECR allows it.

You may unsubscribe at any time using the link in our emails or by contacting us.

6. Sharing Your Personal Data

We never sell personal data. We may share information with:

  • Service providers such as hosting, telecoms, email, backup or cloud vendors
  • Payment and invoicing providers
  • Cyber‑security and monitoring partners
  • Professional advisers (lawyers, auditors, accountants)
  • Regulators or law enforcement where required
  • Third parties involved in mergers, acquisitions or business restructuring
  • Microsoft, telecom carriers and other vendors only where required to deliver your service

All third‑party processors are bound by contractual data‑processing agreements ensuring security and compliance.

7. International Data Transfers

Where data is transferred outside the UK, we rely on:

  • UK “adequacy regulations”
  • International Data Transfer Agreements (IDTA)
  • UK Addendum to the EU Standard Contractual Clauses
  • Additional technical and organisational measures where required

We continuously monitor ICO guidance on international transfers.

8. Data Retention

We retain your personal data only for as long as necessary for:

  • service provision
  • statutory retention (e.g., tax and financial records)
  • contractual requirements
  • security and audit logs
  • resolving potential disputes

9. Your Rights

You have the following rights under UK data protection law:

  • Right of access (Subject Access Request)
  • Right to rectification
  • Right to erasure (“right to be forgotten”)
  • Right to restrict processing
  • Right to object to processing
  • Right to data portability
  • Right to withdraw consent
  • Right not to be subject to solely automated decision‑making

We will respond to all rights requests within one month.

10. Cookies & Tracking

We use cookies for:

  • website performance
  • security and traffic monitoring
  • remembering preferences
  • analytics (consent‑based)
  • marketing (consent‑based)

Users can control cookies via browser settings or our Cookie Preference Centre.

11. Children’s Data

Our services are not intended for individuals under 18, and we do not knowingly collect children’s personal data.

12. Security Measures

We implement industry‑standard technical and organisational security controls, including:

  • Encryption of data in transit and at rest
  • Access control and MFA
  • Continuous monitoring and threat detection
  • Secure configuration and patch management
  • Staff training and vetting
  • Regular penetration testing
  • ISO‑aligned security practices

13. Telecoms & IT Service‑Specific Data

Where we provide telecoms, VoIP, hosted infrastructure, or managed services, additional data may be processed such as:

  • Call metadata (time, duration, number dialled)
  • Device identifiers
  • Authentication logs
  • Configuration files and device telemetry
  • Backup contents (where we act as Data Processor)

In these cases, Curatrix acts as a Data Processor, and the client remains the Data Controller.

14. Changes to This Policy

We may update this Privacy Policy to reflect legislative or operational changes. The latest version will always be published on our website, and material changes will be notified directly where appropriate.

15. Contact Us

For questions about this policy or to exercise your rights:

Data Protection Officer
Curatrix Holdings Ltd
Portsmouth Technopole
Kingston Crescent
Portsmouth
PO2 8FA


Email: legal@curatrix.co.uk
Telephone: +44 (0)333 241 2226

You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO) at https://ico.org.uk.