Legal

Privacy Policy

A short, readable summary of what we do with personal data and the rights you have over it.

Last updated: 10 June 2026

Who is the data controller

The controller of personal data collected through this website and our services is Hanoto Technology Ltd, company number 11828717, registered office Unit 3 Mill Farm, Barcombe Mills, Lewes, BN8 5BT. We are registered with the UK Information Commissioner's Office under reference ZB295864.

What we collect

  • Contact information you give us through forms, email or phone (name, business name, email, phone, message content).
  • Service data needed to deliver IT support: usernames, device names, IP addresses, ticket history, logs and configuration files.
  • Billing information from clients (billing contact, address, payment reference). We do not store full card numbers; payments are handled by our regulated payment provider.
  • Website analytics: aggregate data about pages visited, browser type and approximate location. We use Google Analytics 4 with IP anonymisation.

Why we use it (lawful bases)

  • To answer enquiries and quote for work — legitimate interests and steps prior to a contract.
  • To deliver services we have agreed — performance of a contract.
  • To bill, account and meet our tax and audit duties — legal obligation.
  • To keep your systems safe (logging, monitoring, alerting) — legitimate interests.
  • To send occasional service updates and renewal reminders — legitimate interests; you can opt out at any time.

Who we share it with

We never sell personal data. We share it only with vetted suppliers who help us run the business, including:

  • Microsoft (Microsoft 365, Azure) — email, files, identity.
  • OpenText / Datto — backup and DR.
  • Our accountancy and payroll providers.
  • Government bodies where the law requires disclosure.

Where data is transferred outside the UK, we rely on UK adequacy regulations or the International Data Transfer Agreement.

How long we keep it

  • Enquiries that don't become clients: 24 months.
  • Client records (contracts, tickets, invoices): 7 years after the engagement ends, to meet tax and limitation periods.
  • System and security logs: typically 90 days, longer if we are investigating an incident.
  • Newsletter subscribers: until you unsubscribe.

Your rights

Under UK GDPR you have the right to:

  • See the personal data we hold about you (a "subject access request").
  • Correct anything that's wrong.
  • Ask us to delete data where there's no legal reason to keep it.
  • Restrict or object to certain types of processing.
  • Receive a portable copy of data you gave us.
  • Withdraw consent where we relied on consent.

Email contact@hanototechnology.com or write to the address above. We respond within one calendar month.

Cookies

We use a small number of cookies: a session cookie for our admin area, and Google Analytics for aggregate usage data. We do not run advertising trackers. You can clear or block cookies in your browser at any time.

Security

We follow the controls set out in Cyber Essentials and apply them to ourselves. That includes MFA on every account, encrypted backups, least-privilege access and patched endpoints. If we ever suffer a breach that affects your data, we will tell you within 72 hours of becoming aware.

Complaints

If you're unhappy with how we have handled your data, please tell us first so we can put it right. You also have the right to complain to the UK Information Commissioner's Office at ico.org.uk.

Changes

We update this policy when our practices change. Material changes are posted on this page with a new "last updated" date.

Hanoto AI Assistant
● Online
👋 Hello! I'm your AI assistant from Hanoto Technology. I can help you understand how AI can transform your business!
Just now