AreaBack to home

Legal

Privacy Policy

How ITSAREA LTD collects, uses and protects personal data on its public websites and enquiry forms.

Last updated: 16 July 2026

1. Who we are

This website is operated by ITSAREA LTD ("Area", "we", "our", or "us"), a company registered in England and Wales under company number 17179127. Our registered office is at 71–75 Shelton Street, Covent Garden, London, WC2H 9JQ, United Kingdom.

For the purposes of the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018, ITSAREA LTD is the controller of personal data processed as described in this policy.

Questions and data protection requests can be sent to [email protected].

2. Scope of this policy

This policy applies to the public website at itsarea.com and to public landing, legal, account-access and enquiry pages served from costportal.itsarea.com (together, the “Site”).

It covers only the public website processing described below. Additional terms and privacy information may apply when a customer or authorised user signs in to an Area product. Where a customer agreement governs our processing on behalf of an organisation, that organisation is responsible for telling its users how their personal data is used.

3. Personal data we collect

Information you provide

If you submit our Request Access or enquiry form, we collect your name, email address and message. These fields are required so that we can understand and respond to your enquiry. You may also choose to provide your telephone number and company name. Please do not include confidential project information or special category personal data in the free-text message.

If you contact us by email, we receive your email address and the information contained in your correspondence. If you use account access pages, we process the information needed to authenticate you and keep the service secure.

Information collected automatically

Our hosting and security providers process limited technical records when you access the Site. These may include your IP address, request date and time, requested URL, browser and device information, referring page, response status and approximate location derived from your IP address. We use these records to deliver, secure and diagnose the Site.

We do not run PostHog, advertising trackers or non-essential website analytics on the public Site.

4. How we use your personal data and our legal basis

We process personal data for the following purposes:

  • Responding to enquiries and access requests – where necessary to take steps at your request before entering into a contract, and otherwise for our legitimate interest in communicating with prospective customers and business contacts.
  • Operating and securing the Site – for our legitimate interests in delivering a reliable website, preventing misuse, investigating errors and protecting our systems.
  • Account access and authentication – where necessary to provide a service requested by you, perform a contract, and protect accounts and systems.
  • Meeting legal requirements – where processing is necessary to comply with a legal obligation or establish, exercise or defend legal claims.

We do not use information submitted through the public enquiry form for automated decision-making, profiling or unrelated marketing.

5. Who we share personal data with

We do not sell personal data. We disclose it only where necessary to the following recipients:

  • Website delivery and security providers – including Vercel and Cloudflare, which provide hosting, content delivery, domain and security services.
  • Enquiry data infrastructure – Convex, which stores and processes submissions made through the public enquiry form.
  • Email and productivity providers – where needed to receive correspondence and respond to you.
  • Professional advisers, authorities and courts – where reasonably necessary to obtain advice, protect legal rights or comply with law.
  • A purchaser or successor – if our business or assets are sold, merged or reorganised, subject to appropriate confidentiality and data protection safeguards.

Service providers acting as our processors may use personal data only to provide their contracted services to us and must protect it in accordance with applicable data protection law.

6. International transfers

Some service providers process information in the European Economic Area, the United States or other countries outside the United Kingdom. Where UK data protection law requires a transfer safeguard, we rely on UK adequacy regulations, the UK International Data Transfer Agreement, the UK Addendum to the EU Standard Contractual Clauses, or another lawful mechanism. You may contact us for further information about the safeguard relevant to your data.

7. How long we keep personal data

We apply the following retention periods and criteria:

  • Records in the public enquiry-form database are automatically deleted after 24 months. If an enquiry develops into a customer or other business relationship, relevant information may also form part of separate correspondence or business records retained under the applicable customer terms, legal obligation or limitation period.
  • Email correspondence is normally retained for up to 24 months after our last substantive exchange, unless it forms part of an ongoing customer relationship or must be kept for legal reasons.
  • Hosting and security records are retained only for the operational period configured with the relevant provider and as needed to investigate security incidents. We regularly review access and retention settings for these records.
  • Records needed to establish, exercise or defend legal claims are retained for the applicable limitation period.

At the end of the applicable period, information is deleted or anonymised unless continued retention is required by law.

8. Cookies and device storage

The public Site does not use analytics or advertising cookies. It uses only storage that is necessary to provide requested functionality, maintain security and support account access. This may include authentication and security cookies when you use sign-in pages, and local device storage used to remember a colour-theme preference you select.

These technologies are not used to track you across unrelated websites or to build advertising profiles. If we introduce non-essential analytics, advertising or similar technologies, we will update this policy and request consent before using them where required by law.

9. Your rights

Depending on the circumstances, UK data protection law gives you the right to:

  • be informed about our use of your personal data;
  • request access to your personal data;
  • ask us to correct inaccurate or incomplete data;
  • ask us to erase data in certain circumstances;
  • ask us to restrict processing in certain circumstances;
  • receive portable data in certain circumstances;
  • object to processing based on legitimate interests; and
  • withdraw consent where consent is the basis for processing, without affecting earlier lawful processing.

To exercise a right, email [email protected]. We may need to verify your identity and will normally respond within one month.

You may complain to the UK Information Commissioner's Office (ICO). We would appreciate the opportunity to address your concern first.

Website: ico.org.uk
Helpline: 0303 123 1113
Address: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF

10. Security

We use appropriate technical and organisational measures designed to protect personal data from unauthorised access, accidental loss, alteration or disclosure. Access to enquiry information is restricted to authorised administrators. No internet transmission or electronic storage system can be guaranteed to be completely secure.

11. Third-party websites

The Site may link to third-party websites or services. We do not control their privacy practices and encourage you to read their privacy notices before providing personal data.

12. Children

The Site and our products are intended for business and professional users and are not directed at children. We do not knowingly collect personal data from children through the Site. If you believe a child has provided personal data, contact [email protected].

13. Changes to this policy

We review this policy regularly and may update it when our practices or legal obligations change. We will publish revisions on this page and change the “Last updated” date. If a change materially affects how we use information already collected, we will take reasonable steps to bring it to the attention of affected individuals before the new use begins.

14. Contact

ITSAREA LTD
71–75 Shelton Street, Covent Garden, London, WC2H 9JQ, United Kingdom
Email: [email protected]

© 2026 ITSAREA LTD. Registered in England and Wales, company no. 17179127.