Effective Date: 8 July 2026 | Replaces version dated 10 July 2023
IndigoZest Limited (“we”, “our”, or “us”) values and respects the privacy of our clients, website visitors, and contacts (“you” or “your”). This Privacy Policy explains how we collect, use, retain, disclose, and protect your personal information when you interact with our website, products, and services (together, the “Services”).
We are committed to handling your personal information in accordance with the UK General Data Protection Regulation (“UK GDPR”) and the Data Protection Act 2018 (“DPA 2018”).
The data controller responsible for your personal information is:
IndigoZest Limited
Company Registration No. 7242603
Unit 7, Kings Park, Primrose Hill, Kings Langley, WD4 8ST
Telephone: 0333 305 5305
Email: hello@indigozest.co.uk
Our Data Protection Officer (DPO) is Nicolai Landschultz, Managing Director. You can contact our DPO at:
Email: dpo@indigozest.co.uk
When you contact us, request a quotation, purchase our products or services, or create an account, we may collect:
As part of delivering our home automation, home cinema, and lighting services, we and our technology partners (such as Control4, OvrC, and Lutron) may process data generated by installed systems in your property. This may include:
Where this data relates to your home environment, we treat it with the highest level of care. It is used solely to deliver and support your system, and is not sold or shared with third parties for marketing purposes.
When you visit our website, we may automatically collect:
Under UK GDPR, we must have a lawful basis for processing your personal information. The table below sets out how we use your data and the basis on which we do so.
Performance of a contract (Article 6(1)(b)):
Compliance with a legal obligation (Article 6(1)(c)):
Legitimate interests (Article 6(1)(f)):
When we rely on legitimate interests, we have assessed that our interests are not overridden by your rights. You may object to this processing at any time (see Section 7).
Consent (Article 6(1)(a)):
Where we rely on consent, you have the right to withdraw it at any time without affecting the lawfulness of processing carried out before withdrawal.
We do not sell your personal information. We may share it with third parties only in the following circumstances:
Service Providers:
We engage trusted third-party suppliers and sub-contractors to help us deliver our services (for example payment processors, installation partners, and technology platforms such as Control4 and OvrC). These parties are bound by contractual obligations to protect your personal information and may only use it for the specific purposes we specify.
Legal Compliance:
We may disclose your information where required to do so by law, regulation, or legal process, including in response to a valid court order or request from a competent authority.
Business Transfers:
In the event of a merger, acquisition, or sale of all or part of our business, your personal information may be transferred to the acquiring entity. We will notify you before your information becomes subject to a different privacy policy.
With Your Consent:
We may share your information with third parties where you have given us your explicit consent to do so.
Some of our third-party service providers are based outside the United Kingdom. Where we transfer your personal information to countries that have not been granted adequacy status by the UK Government, we ensure appropriate safeguards are in place to protect your information in accordance with UK GDPR.
The UK Government has recognised certain countries as providing an adequate level of data protection, meaning personal data may flow to those countries without additional safeguards. These include the European Economic Area (EEA), Switzerland, and several others. Where our processors are located in these countries, no further transfer mechanism is required.
Several of our key technology providers are based in the United States, including Google (Analytics, Tag Manager, and Workspace), Creston and Snap One / Control4. The United Kingdom and the United States maintain a data transfer arrangement known as the UK Extension to the EU-US Data Privacy Framework (the “UK-US Data Bridge”), which came into force on 17 October 2023.
Where a US-based processor is certified under the UK-US Data Bridge, we may transfer personal data to them in reliance on that arrangement. For any US processors not covered by the Data Bridge, we use the UK International Data Transfer Agreement (IDTA) or equivalent contractual safeguards.
Where we use processors in other countries (for example, Zoho, which is headquartered in India), we rely on the UK International Data Transfer Agreement (IDTA) or an Addendum to the EU Standard Contractual Clauses to provide appropriate safeguards for your personal data.
You may request a copy of the safeguards we have put in place for any international transfer by contacting our DPO using the details in Section 1.
We retain your personal information for as long as necessary to fulfil the purposes for which it was collected, and in accordance with our legal obligations. Specifically:
When personal information is no longer required, it is securely deleted or anonymised.
Under UK GDPR, you have the following rights in relation to your personal information:
To exercise any of these rights, please contact our DPO using the details in Section 1. We will respond within one calendar month. In complex cases, we may extend this by a further two months and will inform you if we do so.
You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO), the UK’s supervisory authority for data protection:
Information Commissioner’s Office
Website: ico.org.uk
Helpline: 0303 123 1113
Post: Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
Our website uses cookies and similar technologies to improve your browsing experience, analyse website usage, and support our marketing activities.
Essential cookies
These are necessary for the website to function and cannot be switched off. They are set in response to actions you take, such as setting your privacy preferences or filling in forms.
Analytics cookies
We use analytics tools (including Google Tag Manager and associated services) to understand how visitors interact with our website. This data is used in aggregate and helps us improve our content and user experience.
Marketing cookies
We may use cookies to deliver relevant advertising and to track the effectiveness of our marketing campaigns. These are placed only with your consent.
When you first visit our website, you will be asked to accept or decline non-essential cookies. You can change your preferences at any time via the cookie settings link in our website footer. You can also manage cookies through your browser settings, though this may affect the functionality of the site.
We employ appropriate technical and organisational measures to protect your personal information from unauthorised access, loss, disclosure, alteration, or destruction. These include access controls, encrypted communications, and regular security reviews.
No method of transmission over the internet or electronic storage is completely secure. Whilst we take all reasonable precautions, we cannot guarantee absolute security.
In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the ICO within 72 hours and, where required, inform you directly without undue delay.
Our Services are not directed at individuals under the age of 18. We do not knowingly collect personal information from children. If you believe we have inadvertently collected information from a child, please contact us immediately and we will take steps to delete it.
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or services. When we make material changes, we will update the effective date at the top of this policy and, where appropriate, notify you by email or through a notice on our website.
Your continued use of our Services after any changes take effect constitutes your acceptance of the updated policy.
If you have any questions, concerns, or requests relating to this Privacy Policy or our data protection practices, please contact our Data Protection Officer:
Nicolai Landschultz — Data Protection Officer
IndigoZest Limited
Unit 7, Kings Park, Primrose Hill, Kings Langley, WD4 8ST
Telephone: 0333 305 5305
Email: nicolai@indigozest.co.uk