1. Home
  2. Legal & Compliance
  3. Privacy Policy
Searching...

Privacy Policy

At Leito Ltd, we are committed to respecting your privacy and complying with applicable data protection laws, including the UK GDPR, the EU GDPR, and the Data Protection Act 2018. This Privacy Policy explains how we collect, use, store, and protect your personal data.

Who We Are

Leito Ltd is a software development company based in Bedfordshire, United Kingdom. We provide cloud-based and on-premise service management solutions and related software products.

You can contact us at:
Email: info@leito.org
Registered Address: 45a Station Road, Willington, Bedford, MK44 3QL, UK

Scope of This Policy

This policy applies to:

  • Customers and users of our software and platforms
  • Employees and job applicants
  • Suppliers and subcontractors
  • Website visitors and prospective customers

If you are a customer of one of our business clients (e.g., your employer uses our platform), please contact them directly for privacy concerns — they are likely the Data Controller.

What Personal Data We Collect and Why

1. Customers Using Our Platform

As a Data Processor, we process the data our business customers input into our platform, such as:

  • Customer contact details
  • Employee records (e.g., skills, qualifications, timesheets)
  • Location and tracking data
  • Job information and photos
  • Signature data
  • Vehicle and device information
  • Call or video recordings for support and training

Purpose: To deliver our platform and services as per contract, provide support, and improve service quality.

2. Customer Integration Services

If you use third-party integrations (e.g., Microsoft, Sage, Freeagent, QuickBooks, Xero), we process and exchange data under your instruction. You should review their privacy policies separately.

Important: Leito Ltd is not responsible for the data processing practices of third-party platforms.

3. Employees and Job Applicants

We are a Data Controller for our staff and job applicants.

Collected data may include:

  • Name, contact details, CV/work history
  • Demographics and diversity data (if provided with consent)
  • Interview notes and recruitment assessments
  • Information stored in our applicant tracking system

Retention: Application data is kept for 12 months unless extended by active request or engagement.

4. Suppliers and Contractors

We collect and process:

  • Contact names, email addresses, phone numbers
  • Business address and bank details

Purpose: To manage contracts, communication, and payments.

5. Marketing and Website Visitors

We process personal data of prospective and existing customers when:

  • You sign up for updates on our website
  • We contact you based on legitimate interest
  • You interact with us at events, through referrals, or via LinkedIn

We may record calls to and from prospective customers for training and quality purposes. These are retained for a maximum of 12 months.

You can opt-out of marketing at any time by emailing: info@leito.org

Lawful Bases for Processing

We process your data under the following legal bases:

  • Contractual necessity – To provide our services and fulfil agreements
  • Legitimate interest – For business operations, security, and marketing
  • Consent – For marketing communications and non-essential cookies
  • Legal obligation – Where required under applicable laws
  • Vital interests – If necessary to protect life or safety

Data Retention

We retain personal data only for as long as necessary. Standard retention includes:

  • Customer platform data: 12 months after contract ends (unless otherwise agreed)
  • Recruitment data: 12 months from submission unless extended
  • Call recordings: Up to 12 months
  • Marketing opt-in records: Until withdrawn or expired

If you’d like details of your data’s retention schedule, contact us at info@leito.org.

Data Sharing and Transfers

We may share data with:

  • Subsidiaries and affiliated companies
  • Trusted third-party providers (e.g., hosting, support, communications)
  • Integration partners, only under your instruction

Where data is transferred outside the UK or EEA, we ensure appropriate safeguards are in place, including:

  • UK and EU Standard Contractual Clauses
  • Data Transfer Impact Assessments
  • Regular supplier risk assessments

Data Security

We apply a range of technical and organisational security measures, including:

  • Encryption in transit and at rest
  • Multi-layer access control and authentication
  • Secure hosting infrastructure
  • Ongoing security monitoring and vulnerability assessments

Despite these measures, please be aware that data transmission over the internet is never 100% secure.

Cookies and Tracking Technologies

We use cookies on our website to enhance functionality and analyse usage.

  • Functional cookies: Essential for website operation
  • Non-functional cookies: Require consent (e.g., analytics, marketing)
  • Microsoft add-in cookies: Store login/access tokens temporarily for platform features
  • Analytics: We use Google Tag Manager and Google Analytics (only with your consent)

You can update your cookie preferences at any time via the website’s cookie banner.

Your Rights Under GDPR

You have the following rights:

  • Access your data
  • Request corrections
  • Request deletion
  • Restrict or object to processing
  • Request data portability
  • Withdraw consent
  • Lodge a complaint with the ICO (UK) or your local data protection authority

To exercise your rights, contact: dpo@leito.org

Changes to This Policy

We regularly review and update this Privacy Policy. Please check our website for the latest version.

For more information or assistance, contact:

Data Protection Officer
Email: dpo@leito.org
Address: Leito Ltd, 45a Station Road, Willington, Bedford, MK44 3QL, UK

ticket system