Introduction
Who We Are
Personal Data We Collect
How We Collect Data
Purpose and Legal Basis for Processing
Data Sharing and Sub-Processors
International Data Transfers
Data Retention
Data Security
Your Data Protection Rights
How to Exercise Your Rights
Automated Decision-Making and Profiling
Cookies and Website Analytics
Changes to This Policy
Complaints and Contact Information
Accountability and Governance
Last updated: 10th November 2025 This Privacy Policy explains how Legionella Logbook Ltd ("we", "our", "us") collects, uses, stores, and protects personal data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. We are committed to protecting your privacy and ensuring that all personal information is handled lawfully, transparently, and securely. This policy applies to our website, our SaaS platform, and all related services we provide.
Company name: Legionella Logbook Ltd Business type: Software as a Service (SaaS) provider Registered address: 128 City Road, London, England, EC1V 2NX Email: contact@legionellalogbook.com ICO registration number: ZB857401 We act as the data controller for personal data we collect about business contacts, clients, and users of our platform. Where we process data on behalf of our customers (for example, data they upload to our platform), we act as a data processor and handle that data in accordance with our customers' instructions and our Data Processing Agreement (DPA).
We collect and process only the data necessary to deliver our services and manage our relationship with you. This may include: • Identity data: name, job title, and organisation. • Contact data: business email address, business phone number, and postal address. • Account data: user login credentials, activity logs, and usage information related to your account. • Communication data: information you provide when contacting us (e.g. support requests, emails, or form submissions). • Technical data (website visitors): IP address, browser type, operating system, and cookies (see Section 13). We do not intentionally collect sensitive personal data ("special category data") or data relating to children.
We collect personal data in the following ways: • When you register for or use our SaaS platform. • When you communicate with us by email, telephone, or online form. • When you interact with our website or respond to surveys or feedback requests. • Automatically through cookies and similar technologies when you use our website (see Section 13).
We process personal data only where we have a valid lawful basis under Article 6 of the UK GDPR: Purpose: To provide and manage access to our SaaS platform Lawful Basis: Performance of a contract (Art. 6(1)(b)) Purpose: To communicate with you about your account, updates, or support Lawful Basis: Legitimate interests (Art. 6(1)(f)) Purpose: To maintain business relationships, billing, and administrative records Lawful Basis: Legitimate interests (Art. 6(1)(f)) Purpose: To improve and secure our services Lawful Basis: Legitimate interests (Art. 6(1)(f)) Purpose: To comply with legal obligations (e.g. tax, record-keeping) Lawful Basis: Legal obligation (Art. 6(1)(c)) We do not use your data for direct marketing without your explicit consent.
We do not sell or rent your personal data. However, we may share data with trusted third-party service providers (sub-processors) who help us operate our platform and business, such as: • Cloud hosting and backup providers • Email delivery and support systems • Analytics or performance monitoring tools (if used) All sub-processors are bound by contractual data-processing agreements requiring them to implement appropriate technical and organisational measures and to process data only under our instructions.
We primarily store and process data within the UK and the European Economic Area (EEA). If data is transferred outside these regions (for example, to cloud service providers), we ensure adequate safeguards are in place, such as: • UK Government adequacy decisions, or • Standard Contractual Clauses (SCCs) approved under the UK GDPR.
We retain personal data only for as long as necessary to fulfil the purposes for which it was collected or to comply with legal or regulatory obligations. Typically: • Account data is kept for the duration of your subscription and up to 6 years after closure (for tax and record-keeping). • Business contact data is retained for up to 3 years after the last interaction, unless you request deletion sooner. When data is no longer required, it is securely deleted or anonymised.
We implement appropriate technical and organisational measures to safeguard personal data, including: • Secure UK/EU-based servers and encrypted backups • Role-based access controls and authentication • TLS (SSL) encryption for data in transit • Regular security monitoring and updates • Periodic access reviews and staff training While no system is completely secure, we continually improve our measures to protect your information.
Under the UK GDPR, you have the following rights: • Right of access – obtain a copy of your personal data. • Right to rectification – correct inaccurate or incomplete data. • Right to erasure – request deletion ("right to be forgotten"). • Right to restrict processing – limit how we use your data. • Right to data portability – receive your data in a structured format. • Right to object – object to processing based on legitimate interests. • Right to lodge a complaint – with the Information Commissioner's Office (ICO). We respond to all valid requests within one month (extendable by two months for complex requests) and may verify your identity before processing your request.
To exercise any of your rights or submit a data protection request, please contact: 📧 Email: contact@legionellalogbook.com We will acknowledge and respond within the statutory timeframe.
We do not use personal data for automated decision-making or profiling that produces legal or similarly significant effects.
Our website uses essential cookies necessary for its operation. Analytics Cookies: We use PostHog analytics to understand how visitors interact with our website, helping us improve your experience. We will only activate these analytics cookies after you provide your consent via our cookie banner. What PostHog collects (with your consent): • Pages you visit and time spent on our site • How you arrived at our site (referral source) • Approximate location (country/region) • Device and browser type Your data stays private and secure: • All analytics data is hosted on EU servers and remains within the EU • Your data is never shared with third parties or used for advertising • PostHog does not track you across other websites • We retain analytics data for 7 years to analyze trends Your control: You can change or withdraw your consent at any time through our cookie preferences, accessible at the bottom of any page. Withdrawing consent will immediately stop all analytics tracking.
We may update this Privacy Policy from time to time. The latest version will always be available on our website with an updated "Last Updated" date. If changes materially affect your rights or obligations, we will notify you by email or via the platform.
If you have concerns about how we process your data, please contact us first so we can address them: 📧 Email: contact@legionellalogbook.com If you are not satisfied, you can lodge a complaint with the Information Commissioner's Office (ICO): Information Commissioner's Office Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF Website: https://ico.org.uk/make-a-complaint
We maintain internal records of processing activities and regularly review our compliance with data-protection obligations. If required, we appoint a Data Protection Officer or responsible person to oversee compliance and data governance.