Skip to content

Data Protection
& Access Policy

Version 1.0 - July 2025

1. Introduction

Ctrl Alt Insight Limited ("the Company") is committed to protecting the privacy and security of client data in accordance with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and other applicable legislation. This policy outlines how personal and confidential data is accessed, handled, and safeguarded during the provision of consultancy services.

2. Scope

This policy applies to all data accessed or processed by Ctrl Alt Insight Limited in the course of delivering consultancy, training, reporting, or troubleshooting services. It includes:

  • Data stored or accessed via SYSPRO ERP systems
  • SQL server databases and associated reporting tools
  • Any exported files or reports shared for review
  • Client emails, documentation, and communications

3. Data Access

3.1 Access to client systems is strictly limited to the data required to perform the agreed Services.

3.2 Access may be granted via secure remote desktop, VPN, or cloud platform as specified by the client.

3.3 The Company will not access or download client data to personal or unauthorised devices. All access is logged and monitored in line with client protocols.

3.4 At the end of an engagement, all connections will be closed, and access credentials deleted or returned.

4. Confidentiality & Security Measures

4.1 All client data is treated as confidential and handled with the same level of care as the Company's own sensitive information.

4.2 Files shared with the Company will be stored in encrypted and access-controlled folders.

4.3 Passwords and access credentials will not be shared and will be stored securely for the duration of the engagement only.

4.4 Clients are encouraged to update all passwords and access credentials at the conclusion of the engagement.

5. Data Retention

5.1 The Company does not retain client data longer than necessary. Where retention is required (e.g. for professional indemnity insurance or legal record-keeping), data will be securely archived and deleted after the relevant retention period expires.

5.2 Clients may request early deletion of files or records where legally permissible. Requests will be confirmed in writing.

6. Personal Data

6.1 In the event that personal data (as defined by UK GDPR) is accessed or processed:

  • The Company will act as a data processor and will follow all client instructions regarding such data
  • The Company will implement appropriate technical and organisational measures to protect such data
  • Data subjects' rights (access, correction, erasure, etc.) will be supported in coordination with the client

7. Breach Notification

7.1 Any actual or suspected data breach will be reported to the client without undue delay, along with details of remedial actions taken or proposed.

8. Responsibilities

8.1 The Company is responsible for ensuring all contractors, Subcontractors, and collaborators are bound by equivalent confidentiality and data protection obligations.

8.2 Clients are responsible for ensuring that appropriate authorisations have been obtained for access to their data.

9. Contact

Questions regarding this policy or any aspect of data protection may be directed to:

Ctrl Alt Insight Limited

Data Protection Enquiries

info@ctrlaltinsight.co.uk

Ctrl Alt Insight Limited | Company No. 16484144 | Registered Office: 115 Heathcote Road, Leamington Spa, Warwickshire CV31 2LX