/ Privacy Policy /

Last updated: 12 June 2026

This website does not run analytics, advertising trackers or profiling of any kind. The personal data it handles is what you choose to send us through the contact forms, plus the standard server logs every website generates. This policy sets out the detail: what we hold, why we hold it, how long we keep it, and the rights you have over it.

Who we are

Novix IT Ltd is a managed IT and security partner for UK wealth management and chartered accountancy firms, operating from Edinburgh and London. For the personal data described in this policy, Novix IT Ltd is the data controller.

Novix IT Ltd is registered in Scotland under company number SC740691, with its registered office at 4 Redheughs Rigg, South Gyle, Edinburgh, Midlothian, EH12 9DQ, United Kingdom.

For anything in this policy, contact privacy@novixit.co.uk or call +44 (0) 333 358 0560.

The personal data we collect

• Contact forms. When you use a form on this site we collect your name, email address, subject and message. The submission is delivered straight to the relevant Novix IT inbox by email. The website itself keeps no copy and holds no database of submissions.
• Direct correspondence. If you email or call us, we hold the contact details and content of that correspondence for as long as the matter needs it.
• Server logs. Our hosting infrastructure records standard technical logs: IP address, browser and device type, the pages requested and when. We use these for security monitoring and fault diagnosis, nothing else.

How we use it, and the lawful basis for each use

• Responding to your enquiry and any follow-up you ask for. Lawful basis: our legitimate interest in answering the people who contact us.
• Delivering services you or your firm have engaged us for. Lawful basis: performance of a contract.
• Keeping records that company, tax and regulatory law require us to keep. Lawful basis: legal obligation.
• Protecting our systems, including this website, through the server logs described above. Lawful basis: our legitimate interest in running secure infrastructure.

Contacting us does not put you on a marketing list. We do not send unsolicited marketing email, and we do not use your data to profile you.

Cookies and local storage

This site sets no advertising, analytics or tracking cookies. The one thing it stores in your browser is your light or dark theme preference, kept in your browser's local storage. That preference stays on your device and is never transmitted to us. You can remove it at any time by clearing this site's data in your browser settings.

That is why there is no cookie banner on this site: nothing here requires one.

Who we share it with

The suppliers who run our email and website hosting process data on our behalf as processors, under contract terms that restrict what they can do with it. We disclose personal data to authorities where the law requires it. We do not sell personal data, and we do not pass it to third parties for their own marketing.

International transfers

Where a supplier processes data outside the UK, the transfer is covered by UK adequacy regulations or the UK International Data Transfer Agreement or Addendum, so the data carries equivalent protection wherever it sits.

How long we keep it

Correspondence is kept for as long as the enquiry or relationship needs it, then for any further period a legal or regulatory obligation requires. Server logs rotate on our hosting provider's standard schedule. When data is no longer needed, it is deleted.

Your rights

Under UK data protection law you have the right to:

• access the personal data we hold about you
• have inaccurate data corrected
• have data erased where there is no longer a reason for us to hold it
• restrict or object to how we process it
• receive the data you gave us in a portable format

To exercise any of these, email privacy@novixit.co.uk. We respond within one calendar month. If you are unhappy with how we have handled your data, you can complain to the Information Commissioner's Office at ico.org.uk. We would value the chance to put it right first.

Data we process for client firms

When we deliver services to a client firm, we act as a processor on that firm's instructions, under the agreement that governs the engagement. This policy does not cover that data. If your personal data is held by one of our clients, the client firm is the controller, and questions about it should go to them. We will support the client in answering.

How we secure it

Novix IT holds current Cyber Essentials Plus certification, and access to the inboxes that receive your data is limited to the people who need it to deal with your enquiry.

Links to other sites

Pages on this site link to external sites, such as the Information Commissioner's Office and the suppliers whose services we discuss. Those sites set their own privacy practices, which this policy does not cover. Review their policies directly.

Changes to this policy

When this policy changes, the new version is published on this page with a revised date at the top. Significant changes will be flagged clearly rather than slipped in quietly.