Privacy Statement

Helios IT complies with all personal data laws and protects the rights and freedoms of individuals whose information we collect and process.

We’ll tell you:

what legislation guides us when processing your data;
what your data subject rights are and how to exercise them;
why we are processing your data, and whether you have to provide it to us;
how long we intend to store your data for;
whether there are other recipients of your personal data;
whether we intend to transfer it to another country; and
whether we engage in automated decision-making or profiling.

This statement concerns all personal data processing functions, including those conducted for customers, clients, employees, and suppliers, as well as any other personal data processed from various sources.

References to ‘we’ or ‘us’ means Helios IT and our group companies incorporating:

Helios IT Limited
Helios IT

What Legislation Guides Us When Processing Your Data?
We process data primarily related to UK subjects, making us subject to the UK GDPR and Data Protection Act 2018. We are registered with the Information Commissioner’s Office.

Helios It Ltd – ICO Registration Ref: ZB752957

Data Protection Principles

All personal data processing must adhere to the Data Protection Principles as established in the UK GDPR, outlined below.

Our policies ensure compliance with these Principles.

Personal data must be processed lawfully, fairly, and transparently
Personal data can only be collected for specific, explicit, and legitimate purposes
Personal data must be adequate, relevant, and limited to what is necessary for processing
Personal data must be kept accurate and, where necessary, kept up to date
Personal data must be kept in a form such that the Data Subject can be identified only as long as is necessary for processing
Personal data must be processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures
The GDPR includes provisions that promote accountability and governance. These complement the regulation’s transparency requirements. Accountability requests us to proactively demonstrate that we comply with the principles.

We will ensure adherence to GDPR principles by establishing and maintaining data protection policies, implementing technical and organizational measures, and adopting methodologies such as Data Protection by Design, Data Protection Impact Assessments, breach notification procedures, and incident response plans.

What Are Your Data Subject Rights And How Can You Exercise Them?
The GDPR provides the following rights for individuals in relation to their personal data;

The right to be informed
The right of access
The right of rectification
The right to erasure
The right to restrict processing
The right to data portability
The right to object
Rights in relation to automated decision making and profiling

Data Subject Rights Requests

We acknowledge your rights as a data subject as detailed above. If you wish to request the exercise of your rights concerning personal information we hold about you, please contact our Data Protection Officer at dataprotection@heliosit.co.uk.

Why Do We Process Your Personal Data

compliance with legal, regulatory and corporate governance obligations and good practice
operational reasons, such as recording transactions, training and quality control
ensuring the confidentiality of commercially sensitive information
statistical analysis
checking references
processing customer or third-party data
marketing our business and those of our group companies
analysing purchasing preferences and improving services
providing customer services

What Is The Purpose Of The Processing And How Is The Information Provided?
Most of the personal information we process is provided directly by you for one of the following purposes:

You have made a query regarding our services
You are a current user of our services
You wish to attend, or have attended, an event
You subscribe to our e-newsletter
You have applied for a job, placement, or internship with us.

Personal information is also collected indirectly in the following scenarios:

We may ask for your information during the application vetting process.

An employee has listed your contact details as an emergency contact or reference.

What Is The Lawful Basis For Processing Your Personal Information?
Article 6 of the UK GDPR sets out the lawful bases for processing, at least one of these must apply whenever processing personal data:

(a) Consent: the individual has given clear consent for you to process their personal data for a
specific purpose;

We need your explicit consent to process certain information. Your agreement will always be clear, following regulatory guidelines.

(b) Contract: the processing is necessary for a contract you have with the individual, or because they have asked you to take specific steps before entering into a contract;

For instance, if you sign an employment contract with us, we need to process your personal details to ensure accurate payment. This processing is required by the contract and recorded in our Processing Activities log.

(c) Legal Obligation: the processing is necessary for you to comply with the law (not including
contractual obligations);

As an employer, we process personal data to meet our legal duty of disclosing employee salary details to HMRC.

(d) Vital Interests: the processing is necessary to protect someone’s life;

This is applicable only to processing that is essential for an individual’s life. Consequently, this lawful basis has a very limited scope and generally pertains solely to life-and-death situations.

(e) Public Task: the processing is necessary for you to perform a task in the public interest or for
your oƯicial functions, and the task or function has a clear basis in law;

This basis mainly applies to public bodies and some private entities working for them. Helios IT is not expected to process personal data under this basis.

(f) Legitimate Interests: the processing is necessary for your legitimate interests or the legitimate interests of a third party, unless there is a good reason to protect the individual’s personal data which overrides those legitimate interests.

We process marketing data under legitimate interests in certain cases, where consent is not required by other legislation such as the Privacy and Electronic Communications Regulation (PECR). Legitimate interest is an appropriate basis when data is used in ways that data subjects would reasonably expect based on their interaction, and which have a minimal impact on privacy.

Cookies
When you use our website, we may gather information about you through Internet access logs, cookies and other technical means.

‘Cookies’ are text files placed on your computer to collect Internet log information and user behaviour information.

Some of the cookies we use are essential for parts of the site to operate and have already been set. You may find that blocking certain common cookies may result in aspects of our website being unviewable.

To find out more about the cookies we use and how to delete them, please view our cookie policy here.

Direct Marketing

We will use your information to notify you about our services and those of our partners via post, email, or other electronic means. This will only happen if you have shown interest and given consent.

You can withdraw your consent to use of personal data for marketing at any time by contacting us at marketing@heliosit.co.uk

Third Party Processors

Periodically, we engage third-party data processors to provide certain services on our behalf. We maintain contractual agreements with these data processors, stipulating that they may only process your personal information as per our explicit instructions. They are prohibited from sharing your personal information with any organization other than ours. Furthermore, they are required to store your data securely and retain it only for the duration specified by us. Third-party processors will be designated and approved in individual statements of work (SOWs) for businesses and at the point of data collection for individuals.

Digital Marketing Service Providers

We periodically engage digital marketing agents to perform marketing activities on our behalf. Such activities may involve the compliant processing of personal information. Our designated data processors include:

Digi Spark. You can contact Digi Spark and view their privacy policy here.

Children

Personal data related to children is subject to particular protections under the UK GDPR. Our services are not directly offered to children, nor do we proactively gather their personal information.

International Transfers
International transfers of personal data means information has been sent received/processed in a third country, a third country is a country or territory outside of the UK. The Data Protection Act 2018 places limits on the circumstances when we can share:

the transfer must be necessary for any of the law enforcement purposes
the transfer has to be based on either a finding of adequacy in respect of the third country, or where other appropriate safeguards are in place, or if not, that the transfer is for certain specific special circumstances. Helios IT apply relevant Standard

Contractual Clauses

the transfer is to a relevant authority in the third country, or is a ‘relevant international organisation;, i.e. an international body that carries out functions for any of the law enforcement purposes.

Where personal data is transferred outside the UK/EEA, we ensure that an International Transfer Risk Assessment has been carried out. We align this assessment with the relevant ICO guidance.

How to make a complaint

Please contact the Data Protection Officer for any questions regarding the handling of personal data. Responses to requests will be provided within one calendar month.

This privacy notice does not extend to the practices of other organisations’ websites that we may link to. We recommend that you review the privacy notices of those websites to understand how they handle personal information.

Data Protection Officer
Helios IT Ltd
Linenhall Exchange
1st Floor, 26 Linenhall Street
Belfast
BT2 8BG
E: dataprotection@heliosit.co.uk
Last updated: January 2026