Privacy Policy | EB IT Support LTD
📱
Get quick access on mobile! Install our app for tickets, support, and status updates
Install Now
Boston Enterprise Centre, Venture Way, Boston, PE21 7TW 01205 627240 [email protected]

Privacy Policy

Home
Our Policy

How We Use and Protect Your Data

Last Updated: 18th February 2026 View the Updates

1. Our Commitment to Your Privacy

At EB IT Support LTD, protecting your personal information is a top priority. This Privacy Policy explains how we collect, use, and safeguard your data when you interact with our services, and it outlines your rights regarding your information.

2. Information We Collect

To provide you with our services, manage your account, and maintain accurate business records, we collect and store certain information. This includes, but is not limited to:

  • Personal & Contact Details: Your name, address, phone number, email address, and any other contact information required for service setup, communication, or billing.
  • Business Information: If you are a business customer, we may collect your company name, registered address, Companies House details (where applicable), VAT number, nominated contacts, department information, and any documentation necessary to provide contracted IT services.
  • Account Security Information: Your secure Customer Passcode and any other authentication data used to verify your identity when contacting support or accessing sensitive areas of our systems.
  • Service Interaction Data: The content of your support tickets, messages sent via our dashboard, email correspondence, technical notes, and live chat logs so that we can resolve issues effectively and maintain service continuity.
  • Magic Link & Ticket PIN Data: When you use our Magic Link access system, we collect and temporarily store your IP address at the point the link is first opened. This is used solely to bind the magic link to your device for security purposes, allowing up to five accesses from that same IP address within the 30-day validity window. We also store your unique Ticket PIN, which is generated automatically for each support ticket and used to verify your identity when accessing your job via the Track My Repair portal or verifying an engineer at your door. This data is tied to your ticket and is automatically invalidated when a ticket is closed or merged.
  • Website Usage Data: Technical information such as your IP address, browser type, pages visited, device type, and usage behaviour. This is collected to improve website functionality and security.
  • Third-Party Platforms: If you interact with us through social media (e.g. Facebook, Instagram, or X), these platforms may provide us with basic profile information or communication data according to their own privacy policies.
  • Payment & Billing Information: EB IT Support LTD does not store or have access to your full financial details. When you make a payment through services such as PayPal, GoCardless, or Stripe, your financial data (such as card numbers or bank details) is processed and stored solely by the payment provider. We receive only a unique verification key and payment confirmation used to validate and assign the transaction to your account. This ensures secure billing while preventing our staff or systems from ever accessing your financial information directly.

3. How We Use Your Information

  • To Provide Our Services: We use your personal and service data to respond to your support requests, deliver our IT services, and send you important communications about your account (like ticket updates and invoices).
  • To Improve Our Website: We use analytics services like Google Analytics and Cloudflare Analytics to understand how visitors use our website, which helps us to improve the user experience.
  • For Security: We use tools like Google reCAPTCHA to protect our website from spam and abuse.
  • To Authenticate Your Identity: We use Magic Links, Ticket PINs, Telephone Verification Passcodes, and where applicable email/password combinations and Two-Factor Authentication codes to verify that the person accessing an account or ticket is genuinely the account holder. This authentication data is used exclusively for security and identity verification purposes and is never used for marketing or shared with third parties.

4. Sharing Your Information

  • With Service Providers: If you use a service that relies on a third party (like our phone or email services), we will only share the minimum information necessary for them to perform their function. When you purchase a third-party service through us, your support contract is with us. You should contact our team for any assistance you need.
  • For Legal Reasons: We may be required to disclose your personal information to law enforcement or other authorities if required by UK law.
  • We Do Not Sell Your Data: We will never sell your personal information to third parties.

5. Security and Data Processing

We take the security of your information extremely seriously. All confidential customer data stored within our systems is protected using AES-256 encryption — one of the strongest and most trusted encryption standards in the world. This ensures that even if data were intercepted or accessed without permission, it would be completely unreadable and unusable.

All data processing and storage takes place within our secure customer portals, where access is strictly controlled and monitored.

When registering or activating services provided by our trusted partners, certain personal information may be shared with third-party suppliers. This is always done only on a business-need basis, and we share the absolute minimum information required for them to provide the service effectively. This approach follows the same principles outlined in Section 4: we never sell your data, and we only disclose information when essential for service delivery or when required by UK law.

5A. Magic Links, Ticket PINs & Authentication Data

  • What Data Is Collected: When you use our Magic Link and Ticket PIN system, we collect and process the following data:
    • Your IP address at the time the magic link is first opened — used to bind the link to your device
    • The number of times the link has been accessed from that IP address (up to a maximum of 5)
    • The date and time the link was generated and first accessed
    • Your unique Ticket PIN, generated automatically per support ticket
    • Whether Two-Factor Authentication (2FA) is enabled on your account and associated authentication logs
  • Why We Collect This Data: This data is collected under the lawful basis of legitimate interests and contractual necessity under UK GDPR. Specifically:
    • Your IP address is used solely to restrict magic link access to a single device, preventing unauthorised access from other locations
    • Access counts are recorded to enforce the five-use limit and detect unusual or suspicious activity
    • Ticket PINs are used to verify your identity both for portal access and for engineer door verification, as described in our Terms of Service (Section 2E and 5B)
    • 2FA logs are maintained for security audit purposes
  • How Long We Keep This Data:
    • Magic link tokens and associated IP binding data expire automatically after 30 days from generation, or immediately upon the link being used 5 times, whichever comes first
    • Ticket PINs remain active only while the associated ticket is in an open state. When a ticket is closed or merged, the PIN is automatically disabled
    • Authentication logs (including 2FA activity) are retained for the standard three-year period in line with our data retention policy (Section 6) for security and audit purposes
  • IP Address Processing: Your IP address is processed as personal data under UK GDPR. It is used exclusively for the purpose of securing your magic link and is never used for tracking, profiling, marketing, or any other purpose. It is not shared with third parties except where required by law. IP address data associated with expired magic links is purged automatically at the point of expiry.
  • Your Rights Regarding This Data: You have the right to request information about the authentication data we hold against your account, including magic link access logs and Ticket PIN history, as part of your broader right of access under UK GDPR (Section 9). You can view a summary of your account data at any time via your customer portal. If you believe your magic link or PIN has been accessed by an unauthorised person, please contact us immediately on 01205 627240 so we can invalidate the compromised credentials and review any access logs.
  • Opting Out: If you do not wish for your IP address to be processed as part of the magic link system, you may request that magic link access be disabled on your account. You will then need to use email and password login via the customer portal at dashboard.ebithost.uk. Please contact us on 01205 627240 or at [email protected] to arrange this. Note that Ticket PINs will continue to be generated for engineer verification purposes regardless of this setting, as they are necessary for the safe delivery of on-site services.

6. Data Retention & Deletion

  • Data Retention Period: For legal, security, and accounting purposes, we keep support tickets, invoices, financial information, and related service data for three years after your account is closed. After this period, this operational data is automatically and permanently deleted from our systems.
  • Permanent Records: Any entries relating to account sanctions, bans, misuse, or breaches of our terms of service are stored on a permanent customer record. These entries are retained indefinitely to protect the safety and security of our staff, systems, and business integrity.
  • Account Deletion (Right to Erasure): When you request erasure of your account, the majority of your personal data is immediately scrambled and rendered unusable within our database, ensuring that it cannot be reconstructed or accessed. However, for business safety and compliance reasons, financial information and certain operational notes are intentionally left unscrambled until the end of the three-year retention period. These remaining items are then securely and permanently removed from our system automatically.
  • Re-Registration Requirement: Once your account has been deleted, all access to our systems is removed. Should you wish to use our services again in the future, you will be required to create a new customer account, as no previous access or profile information will remain.

7. Cookies

Our website uses cookies (small data files stored on your device) to function correctly. They help us remember your preferences, allow you to place orders, and use our support chat. You can manage cookies in your browser settings, but disabling them may affect how our website works.

8. Call, Session & Meeting Recording

  • Phone Calls: For quality and training purposes, phone calls to and from our company may be recorded or monitored. By calling us, you consent to this.
  • Remote Support Sessions: Remote support sessions carried out via Zoho Assist may in some circumstances be recorded by EB IT Support LTD for quality assurance, training, or dispute resolution purposes. You will always be informed by a clear, audible public announcement at the start of any session that is to be recorded. Continuing to participate after this announcement constitutes your consent to the recording for that session.
  • Video Meetings: Video meetings conducted via our platform at meet.ebithost.uk (powered by Jitsi on our own private server) may also be recorded in the same circumstances. The same audible announcement procedure applies. If you do not consent to recording, you may end the session after the announcement is made without penalty.
  • Storage of Recordings: All recordings are stored securely within our systems, encrypted, and retained only for as long as necessary for the purpose for which they were made. They are not shared with third parties except where required by law or for legitimate dispute resolution purposes. You may request access to a recording in which you feature as part of your rights under UK GDPR (Section 9).

9. Your Rights Under UK GDPR

Under UK GDPR, you have several rights regarding your personal data. At EB IT Support LTD, we make it easy for you to access and manage the information we hold about you.

Accessing Your Data

All information we store about you can be viewed in your personal customer report via our secure client portal. Simply visit:

https://dashboard.ebithost.uk/portal/reports/my-report

(Dashboard → Profile → My Report)

This report compiles everything EB IT Support LTD knows about you as our customer.

Annual GDPR Report

To support transparency, a full GDPR customer report is automatically sent to all customers once per year on 1st December. This helps ensure your information is accurate and up to date.

How We Protect Your Data

All customer information stored inside our client portal is protected with AES-256 encryption, one of the strongest encryption standards available. This ensures your data remains secure and unreadable to potential threats.

The only piece of information not encrypted is your email address. This is intentionally left unencrypted so our systems can provide fast and reliable communication, ensuring efficient service delivery and password recovery.

EB IT Support LTD is fully registered with the Information Commissioner’s Office (ICO), demonstrating our commitment to lawful data handling and privacy compliance.

Verification & Security Checks

To protect your account, staff may require you to verify your identity using your unique Telephone Verification Passcode. This passcode is provided in your Welcome to EB IT Support LTD email and may be required if you contact us from any phone number not listed on your account.

Your GDPR Rights
  • Right to Access: Request a copy of the personal data we hold about you at any time.
  • Right to Rectification: Ask us to correct inaccuracies or update outdated information.
  • Right to Erasure (Right to be Forgotten): Request that we delete your personal information, subject to the retention rules described in Section 6.
  • Right to Restrict Processing: Request limited use of your data in certain circumstances.
  • Right to Data Portability: Request your data in a transferable electronic format.
  • Right to Object: Object to certain forms of data processing where legally applicable.

10. Your Choices Regarding Communication

We use your email address to send you essential service communications. You can request to disable these emails, but please be aware that this may prevent you from receiving important updates about your account, and we cannot be held responsible for any issues that arise as a result.

11. Changes to This Policy

We may update this Privacy Policy from time to time. The most current version will always be available on our website.

12. Contact Us

If you have any questions about this policy, please get in touch.

  • Email: [email protected]
  • Phone: 01205 627240
  • Address: EB IT Support LTD, Boston Enterprise Centre, Enterprise Way, Boston, PE21 7TW

Your Safety Comes First

Every EB IT Support engineer carries an official photo ID card and will confirm your unique personal PIN number before entering your home or business. Your PIN is unique to each support request and is included in every email we send regarding your job. If an engineer cannot provide your PIN — do not let them in. Call us on 01205 627240 or 999 if you feel unsafe. We will never charge you for refusing entry to protect your safety.

Track My Repair
Follow us on WhatsApp for updates