data protection statement

scope

this statement describes how iTTD LTD protects personal data across ittd.works, the .logic platform, and related services. it complements our privacy policy.

roles and responsibilities

for website enquiries and account administration data, iTTD LTD is the data controller. for customer data processed inside the .logic platform, customers are the controller and iTTD LTD acts as the processor.

data processing terms and subprocessor lists are provided under a Data Processing Addendum (DPA) on request.

security controls

• encryption in transit (TLS) and at rest where supported
• role-based access controls and least privilege
• segregation of customer environments where appropriate
• audit logging for sensitive access and key actions
• backup and recovery routines with periodic testing
• vendor risk review for critical subprocessors

data retention

platform data is retained for the duration of an active contract and for a limited period afterwards to support export and closure. for ittd.works website data, register interest submissions are retained for up to 24 months and site analytics events for up to 90 days. retention purges are logged for audit purposes.

incident response

we maintain incident response procedures for security and data events. where a personal data breach is likely to result in risk to individuals, we notify affected customers and regulators without undue delay in line with UK GDPR requirements.

international transfers

data is primarily hosted in reputable cloud environments. where processing occurs outside the UK/EEA, we apply appropriate safeguards such as standard contractual clauses or other approved transfer mechanisms.

customer controls

customers can request access, correction, export or deletion of personal data in line with their role as data controller. we support these requests through agreed processes and contractual terms.

contact

data protection queries should be sent to privacy@ittd.works.