Privacy policy

We are committed to respecting your privacy and complying with data protection law.

This privacy policy aims to help you understand how we collect, use, and protect your information.

Who are we and why do we process personal data?

We are Leito Ltd Limited a software development company based in Bedfordshire, United Kingdom and will process your data in one of the following ways:

• You are a Leito Ltd customer and are already using our Service Manager platform.
• You are an employee, former employee or have applied for a role with us.
• You are a supplier to Leito Ltd.
• You are a prospective customer and are exploring the products and services that Leito Ltd can deliver to your organisation.

We’ve provided more detail in the sections below on how we use and manage your information.

However, if you do not have a direct contract with Leito Ltd, and you do have a direct relationship with one of our business customers e.g. As a customer of that business, then you should review their data privacy information and contact them in the first instance.  It is likely that they are the data controller and will be best placed to help you. The contact information is typically contained in their privacy policy, which is usually provided on their website.

You are a customer with Leito Ltd:

As a business customer, we will process data that you input about your leads, customers, suppliers, and employees. In some instances, you may arrange for others to input data on your behalf.  Our role therefore is that of a data processor.

The data is collected from you via our desktop application, websites, mobile apps, trackers, import services, system integrations and webservices API via our integration products. Contracts with Leito Ltd constitute written instructions to process the data that you send to us or arrange for others to send to us. 

What customer data do we process?

If you are a customer of Leito Ltd, then we process two types of data:

• data that you provide to us about your customers, enabling you to deliver products and services to your customers.
• data that is required for us to deliver our contract to you, for example, contact information of your employees.

Where we are processing personal data to fulfil our legal obligations to our business customers, the data that we process and store on your behalf has determined them. Typically, our business customers process:

• name, and other identity data.
• address and contact details.
• timesheets.
• skills, qualifications.
• personal or business vehicle details.
• locations and journeys collected via vehicle tracking and other mobile devices.
• signatures.
• job-related photographs which typically would not include images of people or identity documents.
• phone call recordings and meeting videos.
• other business, personal and possibly sensitive personal data as determined by our business customers.

To deliver our contract to you, we will process information for business administration purposes e.g. Invoicing, shipping and installation of products and delivery of services. Information about you is collected when calls are made to the support helpdesk e.g. Name, contact telephone numbers, email address. We may use this information for credit checking.

Like many organisations, we utilise technology to deliver great service to all our customers, in a sustainable way that is timelier and more accessible than if we had to visit everyone in person. e.g. Through products such as Microsoft Teams & Team Viewer. In some instances, we will record telephone conversations and web-based meetings for quality and training purposes. If you would prefer this information not to be collated, please inform your host at the beginning of any call.

Customer use of our integration products

If you are a Leito Ltd business customer, you may purchase our integration products or services with third party providers such as Microsoft, Sage, Freeagent, QuickBooks and Xero. By ordering these services and using these products we understand that you are instructing us as a data processor to pass personal data to/from your third-party provider. In these instances, Leito Ltd is not responsible for the data processing practices of third-party providers. We encourage you to review your third-party providers’ respective privacy notices before connecting.

You are an employee or a former employee at Leito Ltd

If you are an employee or former employee, then we are defined as the data controller. If you would like to understand more about how your data is processed, then please refer to the employee privacy handbook. This document provides further detail on how your information is collected and used.

If you are unable to find or access this information, or have queries then please contact info@leito.org

You are a prospective employee at Leito Ltd

If you have applied for a position with Leito Ltd, we need to process certain information about you. We only ask for details that will genuinely help us to consider you for a role, such as:

• name
• contact details including telephone numbers, email address and postal address
• CV / work history
• work preferences including role, geographical area, salary
• publicly available information, or information provided by you, in relation to professional history, educational background, employment history, skills and experience, professional certifications and affiliations, educational and professional qualifications

With your permission, we may ask you to provide information relating to your gender, ethnicity, sexual orientation, disability, religion, and belief. By collecting and analysing equality and diversity data, we can ensure our recruitment practices are providing fair access and opportunities for all, and that we are able to meet our obligations under the equality act 2010.

We will store your personal data in our applicant tracking system for 12 months from the date of your initial application/submission. After the 12 months has expired, your data will automatically be deleted from our records except in circumstances where you are part of a live application process or you have updated your details, or you have asked to be considered for future opportunities with the organisation. In these instances, the retention period will be extended by a further 3 months. You have the right to delete your personal information at any time.

More information is available for you in our Employee Privacy Handbook, or you may contact info@leito.org for further assistance or write to the address below.

You are a supplier to Leito Ltd

If you are a supplier to Leito Ltd, then we will hold information that allows us to administer our contract with you. This will include contact details such as your email address, a contact telephone number and banking details to ensure that we can pay you for the goods or services that we receive.

If you are a subcontractor or supplier with Leito Ltd, you may contact info@leito.org for further assistance or write to the address below.

You are a prospective Leito Ltd customer

We maintain a marketing database of prospective and current customer data where consent has been given, and not withdrawn or expired, or where we have reason to believe there is legitimate business interest in us keeping potential prospects and existing customers informed of our company, products, and services.

This information can be collected directly from our website when a visitor signs up to hear more about our products and services, or from other publicly available sources such as LinkedIn, or from referrals or from events that we may attend or host.

We may record calls that we make to prospective customers for quality and training purposes. We believe that we have a legitimate interest to do this to monitor and improve the content of the calls that are made to prospects. Our call recordings are retained for no longer than 12 months.

If you would like a transcript of any calls that are made to you, then please contact us at the details below.

Our approach to the processing of your data

Regardless of whether you are a customer, an employee, or a supplier, we are custodians of your data. We are committed to maintaining the confidentiality, integrity and availability of your data.  The following sections outline our approach to keeping your information safe.

Disclosure of your information to third parties

We may disclose your information to our subsidiaries, and other third parties we engage to enable us to provide services to you. We use third parties to help us host our infrastructure and applications, communicate with customers, power our emails, support our business office activities as we believe they are the best in their field at what they do. An example of our third-party providers includes DWebs Ltd and Microsoft. Any personal data is shared only when strictly necessary and according to the safeguards and good practices detailed in this privacy policy.

Transfer and use of information inside and outside the UK and European Economic Area

Leito Ltd continually strives to maintain a high level of compliance with all applicable data privacy legislation and regulation in the United Kingdom, the European Economic Area and beyond.

As we have partners and services providers based outside of the UK, your personal data may be accessed or otherwise processed in other countries. We have implemented measures and safeguards to ensure that any transfer of data is compliant with our data protection laws. For example, we have implemented appropriate transfer mechanisms, such as standard contractual clauses, that are approved by the ICO and / or the EU. Prior to the appointment of any new third party, we perform a detailed privacy impact assessments and data transfer risk assessments to ensure the companies receiving your data can comply with these obligations. We continue to assess our suppliers and are mindful of the recent changes introduced by the EU and the UK with regards to data transfers to the USA. Please contact us if you wish to know more.

As an internet-based platform, our customers may also access our services and products while visiting countries outside of the EEA. In accordance with our contractual obligations to deliver service, we interpret this as an instruction to export the data. The data protection and other laws of countries outside the EEA may not be as protective of your information as those in the UK or the European Union.

Retention periods

Data processed by Leito Ltd is subject to data retention policy and processes which, where practicable, minimize the retention of data. We retain your data to comply with contractual, legislative, and regulatory obligations.

We will typically retain data on our systems for 12 months after the end of a contract with our customers unless they have requested that the data be held for a longer or shorter period. At the end of this period, the data will be removed from our systems.

In order that we can provide the best possible service to you, we have agreed and documented retention schedules that we consider to be relevant and proportionate to the service we are providing. If you would like more information on our retention periods, then please contact us at the addresses below.

Information security

Please be aware that communications over the internet, such as emails and file transfers, are not secure unless they have been encrypted. Browser access to Leito Ltd websites and applications that process personal data is encrypted.

Despite the encryption described above, your communications may route through several countries before being delivered – this is the nature of the internet – and Leito Ltd is therefore unable to guarantee the security of any information you transmit to or via our website.

Marketing & website activities

Leito Ltd does not sell, trade, or rent your information, and does not give or distribute it to any third parties except as described above.

Our website may contain links to other websites of interest. However, you should note that we do not have any control over these other websites. Once you have used any of these links to leave our site, we cannot be responsible for the protection and privacy of any information which you provide whilst visiting these sites and such sites are not governed by this privacy statement.

If Leito Ltd are marketing or contacting you directly, whether by email, telephone call or post, and you wish to be removed from our marketing database, then please contact us at info@leito.org

Leito Ltd.’s use of cookies and similar technologies

Leito Ltd websites use a mechanism called “cookies”. A cookie is a small amount of data, that includes an anonymous unique identifier (session ID), that is sent to your browser from a website’s computers and stored on your computer’s hard drive, if your browser settings permit it. In simple terms, there are two types of cookies:

• functional cookies are cookies that ensure the proper functioning of the website (e.g. cookies for login or registration, language preferences) and their installation does not require your permission.
• non-functional cookies are cookies that can be set for statistical, social, targeting, and commercial purposes. Installation of these cookies on your devices requires your permission and will only be applied once your permission has been provided via the cookie banner.

We also use technologies like cookies, called pixels, that perform a similar function to non-functional cookies. When you use the Leito Ltd websites, we will set and access cookies on your computer as described below to enhance your user experience and for your convenience in using the site. You can change your preferences at any time by following the link on the website to amend your cookie settings.

Microsoft add-in ‘cookies’

We use local storage (like cookies) to hold the users’ email addresses, names, user ids, an auto-logon access token for Service Manager, and the Service Manager Portal. This data is stored until you delete it by signing out of the add-in or clearing the browser’s stored data. Auto-logon access tokens for the Service Manager expire after 7 days. These are necessary cookies and support the functionality of Service Manager.

Analytics cookies

In addition, we use analytics tools to help understand how users use our sites. This information is used by us to improve your user experience and to identify potential new customers.

We use the following cookies on our website:

• Google tag manager (which enables Google Analytics and Google AdWords – see below)
• Google Analytics – for the purposes of understanding visitor traffic metrics and behaviour

The information generated by the Google Analytics cookie about your use of the websites is transmitted to google and used to evaluate and compile statistical reports about this use for Leito Ltd.

We will not apply analytics cookies or pixels without your permission, which is managed through the cookie banner on the website.

To opt out of being tracked by Google Analytics across all websites, visit Google Analytics opt out.

To find out more about cookies, including how to see what cookies have been set, visit www.aboutcookies.org or www.allaboutcookies.org.

Find out how to manage cookies on popular browsers:

• Google Chrome
• Mozilla Firefox
• Microsoft Edge
• Opera
• Apple Safari

To find information relating to other browsers, visit the browser developer’s website.

Change your consent

You can change your consent or amend your preferences at any time using the cookie button on the website. If you have any concerns, then please contact us.

Privacy support

We regularly review our privacy policy to reflect our changing business and evolving best practice. We reserve the right to amend or modify this privacy policy at any time, please check for the latest version on our website at www.servicemanager.software

Our data protection officer can be contacted dpo@leito.org

Our registered address is: 45a Station Road, Willington, Bedford, Beds, MK44 3QL

We will respond to your request promptly and comply with your wishes subject to applicable privacy and other legislation, and any relevant contractual terms and conditions.

If your primary contact is not with us, and is with a Leito Ltd business customer, please contact that business.