We've made some significant updates to our Terms of Service and Privacy Policy, effective 18th February 2026. These changes have been introduced to better reflect how we work, to give our customers greater transparency over our systems and processes, and to ensure we remain fully compliant with UK GDPR and current best practices.

The updates cover a wide range of areas — from how we handle Magic Links and Ticket PINs to give you secure, password-free access to your support tickets, through to new policies on Service Completion Reports, engineer identification and safety, office visits, and events. We've also expanded our Privacy Policy to clearly document how authentication data, including IP address binding for Magic Links, is collected, used, and protected.

We encourage all customers to take a moment to read through the updated documents. As always, if you have any questions about anything covered, please don't hesitate to get in touch with our team on 01205 627240 or at [email protected].

The following is a list of all the changes we have made.

Terms (https://eb-it.uk/terms)

Section 2C — Remote Support Sessions & Video Meetings

• Video Meeting Rules expanded with plain-English explanations for each rule
• Session Recording updated to clarify the notification is a deliberate, audible, public announcement and that continuing to participate constitutes acceptance

Section 2D — Document Signing & Customer Waivers

• New Service Completion Report item added, covering: Ticket Overview, Communication History, Work Clock (billable time only), Attached Services, Invoices, PAT Test Certificate, and Technical Handover Notes
• Opening paragraph clarifies the report also serves as a technical handover document for other IT companies

Section 2E — Magic Links & Ticket PINs (entirely new section)

• Explains what magic links and ticket PINs are and why they exist
• IP binding documented (up to 5 uses from same IP), 30-day expiry, PIN required to access ticket
• Ticket PIN State & Availability — PINs only active on open tickets, disabled on closure or merge
• Acceptable Use policy with Computer Misuse Act 1990 reference
• Compromised PIN/link procedure — call the office, do not email
• Option to disable magic link access in favour of email/password login
• Why We Don't Use Traditional Password Logins as Default — magic link is default but email/password and 2FA all available, with a clear summary of all three access methods

Section 5B — Engineer Identification & Customer PIN Verification (new section)

• All engineers carry official photo ID cards
• Personal PIN verification required before entry, unique per support request
• PIN included in all job emails and accessible via Track My Repair portal
• If engineer cannot provide PIN: refuse entry, call 01205 627240 or 999
• No charge for refusing entry
• Vulnerable customer protection emphasis
• "We Will Never" list covering unscheduled visits, engineers without PIN/ID, cold-calls

Section 5C — Visiting Our Office (new section)

• General safety rules including fire evacuation and exit routes
• Right to refuse access at any time without reason
• Lobby/communal area meetings may occur for safety or privacy reasons
• Device drop-off/collection requires photo ID and ticket PIN
• Walk-in availability Mon-Fri 9am-5pm, call ahead recommended
• Conduct expectations — respectful behaviour required
• Shared building consideration for Boston Enterprise Centre
• Collection time limits: must complete by 4:45 PM, invoices paid before release, device review by 4:00 PM
• Same day service terms — collection by 4:45 PM strictly required, additional handling fee may apply if missed
• Parts availability and repair timescales — up to two months for specialist parts, customers to retain device until notified
• Building reception staff clarification — not EB IT employees, no access to systems, abuse treated same as abuse toward EB IT staff
• Overnight storage policy — locked cabinets, EB IT not liable beyond two working days after completion notification

Section 5D — Events (In-Person & Virtual) (new section)

• Pre-booking required via Eventbrite, no walk-ins
• In-person: venue safety rules, fire evacuation, right to refuse entry
• Virtual: access links provided on booking, do not share links, recording consent by attending
• Code of Conduct covering aggressive behaviour, discriminatory language, disruption, inappropriate content, unauthorised recording
• Breach results in immediate removal without refund and account review under Section 14
• Cancellations and refunds per Eventbrite policy at time of booking
• EB IT can cancel, reschedule, or change format due to unforeseen circumstances
• Liability — not responsible for personal injury/loss/damage unless direct negligence, not responsible for attendee technical difficulties
• Photography and video at in-person events for marketing, opt-out available

Privacy Policy (https://eb-it.uk/privacy)

Last Updated date needs updating to 18th February 2026.

Section 2 — Information We Collect

• New Magic Link & Ticket PIN Data item added — discloses IP address collection, access count tracking, PIN generation, and automatic invalidation on ticket closure

Section 3 — How We Use Your Information

• New Authentication item added — covers magic links, PINs, passcodes, passwords, and 2FA, confirming this data is used solely for identity verification and never for marketing

Section 5A — Magic Links, Ticket PINs & Authentication Data (entirely new section)

• Full GDPR-compliant disclosure of what data is collected, why, and the lawful basis (legitimate interests and contractual necessity)
• IP address processing explicitly documented, confirmed as not used for tracking or profiling
• Retention periods: magic link tokens expire after 30 days or 5 uses; PINs disabled on ticket closure; auth logs kept for 3 years
• Customer rights regarding this data and how to request access
• Opt-out option documented — disabling magic links means portal login required; PIN still generated for engineer safety regardless

Section 8 — expanded and retitled to "Call, Session & Meeting Recording"

• Original phone call recording clause retained
• Remote support session recording added with audible announcement disclosure
• Video meeting recording added with same announcement procedure
• Storage and retention of recordings documented with GDPR rights reference