Product has been added to your basket.
Nubis 365 Ltd | Logo
Managed Services
Managed It Support
About Us
Meet the Team
Shop
Log TicketQuick Connect

Privacy Policy

Who we are: 
 
Nubis 365 Ltd 
https://nubis365.com 
Email: info@nubis365.com 
Phone: +44 1536 428937 
Address: Unit H2, Courtyard 3, Eckland Lodge Business Park, market harborough, le168hb 

Effective Date: 09/06/2025 

At Nubis 365 Ltd, we are committed to protecting the privacy and security of our clients, staff and website visitors. This Privacy Policy outlines how we collect, use, disclose, and safeguard your information in compliance with the General Data Protection Regulation (GDPR). 

  1. Information We Collect

We may collect and process the following types of information: 

  • Personal Information: Name, contact details, company name, job title, and payment information. 
  • Technical Information: IP address, device information, browser type, and system logs. 
  • Service Usage Data: Details of services requested, support tickets, and interactions with our team. An anonymised string created from your email address (also know as a Hash) may be provided to the Gravatar service if you are using it. The Gravatar service privacy policy is available here: https://automatic.com/provacy/. After approval of your comment your profile picture is visible to the public in the context of your comment. 
  • Comments when a visitor leaves comments n the site we collect the data shown in the comments form, the visitors IP address and browser user agent string to assist with spam detection.  
  • If you upload images to the website, you should avoid uploading images with embedded location data (EXIF GPS) included. Visitors to the website can download and extract any location data from images on the website. 
  • If you leave a comment on our site you may opt in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year. 
  • If you visit our login page, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser. 
  • When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed. 
  • If you edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 1 day. 
  • Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website. 
  • These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracking your interaction with the embedded content if you have an account and are logged in to that website. 
  1. Lawful Basis for Processing Under GDPR

We process personal data based on the following lawful grounds: 

  • Consent – When you provide consent for specific data collection and usage. 
  • Contractual Necessity – To fulfil our obligations in providing IT services. 
  • Legal Obligation – When required by law or regulatory requirements. 
  • Legitimate Interests – For cybersecurity, fraud prevention, and service improvements. 
  1. How We Use Your Information

We use collected data for the following purposes: 

  • Providing and managing IT services 
  • Billing and account management 
  • Security monitoring and incident prevention 
  • Customer support and communication 
  • Compliance with legal obligations 
  1. Your Rights Under Data Protection Law (GDPR & DUAA)

As a data subject, you have the following rights under the UK Data Protection Act (as amended by the DUAA 2025) and the GDPR:

  • Right of Access: Request a copy of the personal data we hold about you.
  • Right to Rectification: Request that we correct inaccurate or incomplete data.
  • Right to Erasure (“Right to Be Forgotten”): Request the deletion of your data, subject to our legal or regulatory retention obligations.
  • Right to Restrict Processing: Limit how we use your data in specific circumstances.
  • Right to Data Portability: Receive your data in a structured, machine-readable format to move between services.
  • Right to Object: Object to processing based on our “legitimate interests” or for direct marketing purposes.
  • Rights Regarding Automated Decision-Making (ADM): Where we use AI or automated systems to make decisions with significant effects on you, you have the right to:
  • Receive an explanation of the logic behind the decision.
  • Make representations (provide your own input) regarding the data used.
  • Request a meaningful human review to contest the outcome.
  1. Data Sharing & Third Parties

We do not sell your personal data. To provide our services, we may share information with:

  • Trusted Service Providers: Third parties who perform operational functions (e.g., cloud hosting, payment processing) under strict data processing agreements.
  • Law Enforcement: Regulatory or legal authorities where we have a statutory obligation to disclose information.
  • Business Partners: Only where you have provided consent or where it is necessary for the performance of a contract, subject to confidentiality.
  • Automated Security: Visitor comments and form submissions may be screened by automated spam and fraud detection services to ensure the security of our platform.
  1. Data Security & Retention

We implement industry-standard security measures, including encryption, access controls, and regular audits to protect your data. Personal data is retained only as long as necessary for legal, contractual, or operational purposes. 

  1. Contact & Complaints

If you have concerns about how we handle your data or wish to exercise your rights, please contact us at: 
 
Email: info@nubis365.com 
Phone: +44 1536 428937 
Address: Oakley House, Headway Business Park, 3 Saxon Way W, Great Oakley, Corby NN18 9EZ 

If you wish to make a data protection complaint and cannot access our online form, please call us on (01536) 428937 or write to us at Unit H2, Courtyard 3, Eckland Lodge Business Park, Market Harborough, LE168HB . We will be happy to provide a paper form or assist you in recording your complaint manually.

If you believe we have not adequately addressed your concerns, you have the right to lodge a complaint with the Information Commissioner’s Office (ICO) in the UK or another relevant data protection authority. 

  1. Data Breach Response

At Nubis 365 Ltd, we take data security seriously. In the event of a data breach, we follow a structured response process to minimise impact and ensure compliance with GDPR and other relevant regulations. 

Our Data Breach Protocol: 

  1. Detection & Assessment 
  • Immediate identification and assessment of the breach. 
  • Determine the nature, extent, and affected data. 
  1. Containment & Mitigation 
  • Secure systems to prevent further unauthorised access. 
  • Implement patches, updates, or emergency security measures. 
  1. Notification & Reporting 
  • Notify affected individuals if required under GDPR. 
  • Report the breach to the Information Commissioner’s Office (ICO) within 72 hours, if the breach poses a risk to individuals’ rights and freedoms. 
  • Inform any affected third parties and business partners. 
  1. Investigation & Remediation 
  • Conduct a forensic analysis to determine the cause of the breach. 
  • Implement necessary security improvements to prevent recurrence. 
  • Review and update internal policies and incident response plans. 
  1. Ongoing Monitoring & Compliance 
  • Continuous security monitoring for signs of vulnerabilities. 
  • Regular audits and staff training to ensure best practices. 
  1. Cybersecurity Measures

At Nubis 365 Ltd, we employ rigorous cybersecurity protocols to safeguard your data from unauthorised access, loss, or breaches. Our security framework is designed to meet industry standards and GDPR compliance. 

Key Security Measures Implemented: 

  • Data Encryption: All stored and transmitted sensitive data is encrypted using industry-leading standards (e.g., AES-256, TLS/SSL). 
  • Access Control: Strict access policies, multi-factor authentication (MFA), and role-based permissions ensure only authorised personnel handle sensitive information. 
  • Network Security: Firewalls, intrusion detection/prevention systems (IDS/IPS), and continuous network monitoring mitigate cyber threats. 
  • Endpoint Protection: Advanced antivirus, anti-malware, and endpoint security solutions prevent unauthorised access to company devices. 
  • Regular Security Audits: Periodic security assessments, vulnerability scans, and penetration testing strengthen defences. 
  • Incident Response Plan: A comprehensive strategy to identify, mitigate, and recover from cybersecurity incidents efficiently. 
  • Employee Training & Awareness: Staff members receive cybersecurity training to recognise phishing, social engineering, and best security practices. 
  • Secure Cloud Infrastructure: For clients utilising cloud services, we implement strict security controls, encryption, and access policies. 
  • Backup & Disaster Recovery: Regular automated backups ensure business continuity in case of unforeseen incidents. 
  • GDPR Compliance: We continually review and update our security practices to align with GDPR requirements for data protection and privacy. 

By implementing these cybersecurity measures, we safeguard data integrity, confidentiality, and availability