Privacy and data protection notice

Privacy Policy

Last updated: 13 May 2026

This Privacy Policy explains in detail how Progressive Robot Ltd collects, uses, stores, shares, secures, retains and deletes personal information across our websites, mobile applications, software, portals, APIs, support channels, professional services, managed IT, cloud, cybersecurity, hosting, newsletters, events, recruitment and related services.

Company details

Legal entity
Progressive Robot Ltd
Company number
15400700
VAT number
506152326
Registered office
Egerton House, 55 Hoole Road, Chester, England CH2 3NJ
Contact address
220 Chester Business Park, Heronsway, Chester, Cheshire CH4 9GB, United Kingdom
Email
[email protected]
Telephone
01244911212
UK GDPR representative
Christopher Holloway — [email protected]
Supervisory authority
Information Commissioner’s Office (ICO), United Kingdom — https://ico.org.uk

1. Summary of key points

  • Who we are. Progressive Robot Ltd is the controller of personal information processed in connection with our own services. For services delivered for a customer, we usually act as processor under that customer’s instructions.
  • What we process. Identity, contact, account, contract, billing, technical, log, security, support, project, marketing, recruitment and content data.
  • Why. To deliver services, secure systems, support clients, manage contracts, communicate, comply with law and improve our business.
  • Lawful bases. Contract, legitimate interests, consent, legal obligation and (rarely) vital or public-interest grounds.
  • Sharing. Trusted sub-processors, professional advisers, customers, app stores, infrastructure providers, regulators and successors in business transactions.
  • Transfers. Personal information may be processed outside the UK and EEA under appropriate safeguards.
  • Security. Technical and organisational controls, including encryption, access control, logging, monitoring, backup and supplier assurance.
  • Your rights. Access, correction, deletion, restriction, portability, objection, withdrawal of consent and the right to complain to a regulator.

2. Scope and relationship with other documents

This Privacy Policy covers personal information that we control in connection with:

  • the public website at https://www.progressiverobot.com and any associated subdomains and microsites we operate;
  • mobile applications, desktop tools, browser extensions, embedded widgets and APIs we publish;
  • customer portals, admin consoles, dashboards, ticketing systems and authenticated areas;
  • professional services including software development, web development, mobile app development, IT consulting, cloud engineering, network design, server administration, data centre operations, virtualisation, IT operations, IT service management (ITSM), help desk, ITIL-based service support, change management, asset management, project management, security operations, vulnerability assessment, penetration testing, incident response, business-IT alignment, governance and strategy;
  • sales, proposals, statements of work, onboarding, invoicing, renewals and account management;
  • marketing, newsletters, events, surveys, webinars, social media and analytics;
  • recruitment, supplier qualification, partner programmes and business administration.

This policy works alongside our Cookie Policy, Terms and Conditions, Terms of Use, End User Licence Agreement and any contract, statement of work or data processing agreement that applies to your relationship with us. Where there is a conflict between a signed contract and this policy, the contract wins for that relationship.

3. Controller and processor roles

Progressive Robot Ltd is normally the controller of personal information about prospects, customers, suppliers, applicants, website visitors and recipients of marketing communications. Where we process personal information solely on behalf of a customer (for example, when administering a customer’s servers, applications, databases or end-user accounts) we act as processor. In that case the customer is the controller and our processor obligations are governed by the relevant contract or data processing agreement.

4. Categories of personal information we collect

Category Examples Typical source
Identity Name, job title, employer, role, professional profile, photo (where you provide one), signature. You, your organisation, public sources.
Contact Email, phone, address, billing address, social handles, preferred channel. You, your organisation, business directories.
Account and access Account ID, username, password hash, MFA settings, API keys, OAuth tokens, role and permission data, audit logs, session metadata. You, our systems.
Commercial Enquiries, quotes, proposals, orders, statements of work, change orders, contracts, invoices, statements, VAT/tax details, subscription terms. You, our finance systems.
Technical IP address, browser, OS, device class, device identifiers, network metadata, approximate location, referrer, request headers, language, timezone, screen size. Your device, browser, network.
Usage and analytics Pages viewed, time on page, navigation paths, downloads, search terms, content engagement, email opens/clicks where measured, form events, cookie choices. Cookies, analytics tags, server logs.
Service and project data Specifications, tickets, designs, code, deployment metadata, test results, defects, meeting notes, support communications, acceptance records. You, project tooling.
Security telemetry Authentication events, MFA outcomes, firewall and WAF events, IDS/IPS events, EDR signals, vulnerability findings, abuse reports, anti-fraud signals. Security tools, infrastructure.
Marketing Newsletter subscription status, campaign engagement, event registration, survey responses, consent records. You, marketing platforms.
Recruitment CVs, work history, qualifications, references, right-to-work, interview notes, salary expectations, location preferences. You, recruiters, references.
User-submitted content Files, code, text, images, screenshots, recordings, comments and other content you upload or send. You.
Sensitive information Not collected by default. May be processed where lawful and necessary (e.g. accessibility needs, security incident details, regulated industry requirements). You, with a lawful basis.

5. Sources of personal information

We may obtain personal information directly from you, from people authorised by your organisation, from devices and browsers, from cookies and similar technologies, from third-party services (CRM, ticketing, analytics, identity providers, calendar/email integrations), from publicly available sources (Companies House, business directories, professional networks, press), from referrals, from payment and app-store providers, from infrastructure and security tools, and from customers who instruct us to deliver services involving their systems or end users.

6. Purposes and lawful bases

Purpose What it involves Lawful basis
Service delivery Creating accounts, providing software and services, fulfilling statements of work, support and managed services. Contract; legitimate interests.
Security and abuse prevention Authentication, MFA, logging, monitoring, threat detection, fraud prevention, incident response, brute-force/abuse protection, bot mitigation. Legitimate interests; legal obligation.
Billing and administration Quotes, invoices, payments, refunds, tax/VAT records, debt recovery, supplier and finance management. Contract; legal obligation; legitimate interests.
Communications Replying to enquiries, project updates, service notices, policy changes, support messages. Contract; legitimate interests; consent where required.
Marketing Newsletter, event invitations, campaigns, social retargeting where used, measurement. Consent; legitimate interests; soft opt-in for existing customers where lawful.
Improvement and analytics Performance, diagnostics, A/B testing, content improvement, product feedback, reporting. Legitimate interests; consent for non-essential analytics where required.
Legal compliance Tax, accounting, regulatory, sanctions, court orders, AML/KYC where applicable. Legal obligation; legitimate interests.
Business transactions Due diligence, merger, acquisition, financing, restructuring, sale of business or assets. Legitimate interests; legal obligation.
Recruitment Reviewing applications, interviews, assessments, references, offers. Contract steps; legal obligation; legitimate interests; consent for sensitive data where required.

7. Cookies, analytics and similar technologies

We use cookies, pixels, tags, beacons, scripts, SDKs, local storage, session storage, device identifiers, tracking URLs and similar technologies for: site operation, security, consent records, preferences, performance monitoring, error reporting, forms, embedded content, marketing measurement and aggregate analytics. Strictly necessary technologies operate without consent because they are required to deliver the website or a service you request. Non-essential technologies are used where we have a lawful basis, including consent where required. See the Cookie Policy for the full breakdown.

8. Sub-processors and recipients

We use trusted service providers (sub-processors) to operate the Services. Categories include:

  • Hosting and infrastructure: cloud platforms, content delivery networks, DNS, edge security and email infrastructure providers.
  • Communications: email delivery, calendar, video conferencing, helpdesk and ticketing platforms.
  • Security: WAF, anti-bot, EDR, SIEM, vulnerability scanning, certificate, secret management and backup providers.
  • Productivity: document, code, design, project management and version control platforms.
  • Analytics and marketing: analytics, attribution, newsletter and consent platforms (used where lawful).
  • Payments and finance: payment processors, accounting, invoicing and bookkeeping providers.
  • Professional services: lawyers, accountants, auditors, insurers and consultants.
  • App stores and platforms: Apple App Store, Google Play and similar where applicable.

We do not sell personal information for money. We require sub-processors to maintain appropriate security, confidentiality and data-protection commitments.

9. International data transfers

Some sub-processors, support teams or infrastructure may be located outside the United Kingdom or European Economic Area. Where we transfer personal information internationally we rely on appropriate safeguards, including UK adequacy regulations, the European Commission’s adequacy decisions, Standard Contractual Clauses, the UK International Data Transfer Agreement (IDTA) or Addendum, transfer risk assessments, supplementary technical and organisational measures, encryption, pseudonymisation and contractual restrictions on onward transfers.

10. Security measures

We use administrative, technical and organisational measures appropriate to the risk, including, where relevant to a given system:

  • Identity and access: role-based access control, least-privilege provisioning, joiner-mover-leaver process, MFA on administrative accounts, password complexity and rotation, SSO where supported, periodic access reviews.
  • Encryption: TLS in transit, encryption at rest for managed services that support it, encrypted backups, encrypted device storage, secret management for credentials and API keys.
  • Network and platform security: firewalls, WAF, anti-DDoS, rate limiting, bot mitigation, segmentation, hardened images, patching, configuration baselines.
  • Application security: secure development practices, dependency scanning, code review, vulnerability management, secret scanning, security testing and (where in scope) penetration testing.
  • Logging and monitoring: centralised logs for authentication, administrative actions and security events; alerting for suspicious activity; retention appropriate to risk.
  • Backups and resilience: regular backups for systems we operate, periodic restore tests where in scope, separation of environments.
  • Supplier management: due diligence on key sub-processors, contractual security commitments, periodic review.
  • People controls: confidentiality obligations, role-appropriate training, acceptable use policies, leavers process.

No system is fully secure. You are responsible for protecting your own credentials, devices, networks and user permissions.

11. Personal data breaches

We maintain procedures to detect, contain, investigate and respond to personal data breaches. Where we are the controller and the breach is likely to result in a risk to individuals, we will notify the relevant supervisory authority within the timeframes required by law and, where required, affected individuals. Where we act as processor we will notify the controller without undue delay in accordance with the contract.

12. Retention

We keep personal information only for as long as reasonably necessary. Typical (non-binding) ranges, subject to the actual contract, regulatory regime and legitimate business needs, include:

  • Enquiries and prospects: up to 24 months after last meaningful contact.
  • Customer contract records and project data: duration of the relationship plus 6 years (or longer where required by law or limitation periods).
  • Invoices, tax and accounting records: at least 6 years from the end of the financial year.
  • Marketing preferences and consent records: while the preference is current plus a reasonable record of the consent.
  • Recruitment records for unsuccessful candidates: typically up to 12 months unless we have your consent to keep them longer.
  • Security and audit logs: retained for periods appropriate to risk and any regulatory or contractual requirements.
  • Backups: retained on backup cycles and overwritten or deleted in line with normal backup processes.

When information is no longer required we delete, anonymise, aggregate or securely archive it.

13. AI, automation and profiling

We may use automation, analytics and AI-assisted tools to support coding, documentation, support triage, monitoring, diagnostics, productivity, content quality and service improvement. Where AI tools are used:

  • they are configured, where reasonably practicable, to avoid using your data to train third-party models;
  • sensitive, regulated or confidential information should not be submitted to AI tools unless permitted by contract and law;
  • outputs are reviewed by a human before being relied on for material decisions;
  • we do not intentionally use personal information to make solely automated decisions producing legal or similarly significant effects unless permitted by law with appropriate safeguards and information.

14. Children

Our Services are intended for business users and people aged 16 or over. We do not knowingly collect personal information from children under 16 without appropriate consent. If you believe a child has provided personal information, contact us so we can investigate.

15. Your rights and how to exercise them

Depending on your location and the circumstances, you may have the right to:

  • request access to your personal information;
  • request correction of inaccurate or incomplete information;
  • request deletion (subject to legal and contractual retention rules);
  • restrict or object to certain processing;
  • data portability for information you provided to us;
  • withdraw consent where consent was the lawful basis;
  • object to direct marketing at any time;
  • not be subject to a solely automated decision with legal or similarly significant effect, subject to legal exceptions;
  • complain to a supervisory authority.

How to make a request. Email [email protected] or write to the address above. Please include the details we need to identify you and respond. We may need to verify your identity. We aim to respond within one month and will tell you if we need longer. There is normally no charge unless your request is manifestly unfounded, excessive or repetitive.

16. Marketing choices

You can unsubscribe from marketing emails at any time using the unsubscribe link or by contacting us. We may still send non-marketing service messages about accounts, contracts, security, invoices, technical issues and policy changes. Cookie choices can be changed using the cookie banner and browser settings.

17. Linked services and content

Our Services may link to third-party websites, plugins, app stores, payment platforms, social networks, video providers, maps, fonts and analytics tools. Their privacy and security practices are governed by their own policies. Review those policies before providing them with personal information.

18. Changes to this policy

We may update this policy from time to time. The updated version will be indicated by a new “Last updated” date and will take effect when posted unless stated otherwise. Material changes may also be notified through the website, app, email or other reasonable method.

19. Contact

For privacy questions, requests or complaints, contact Progressive Robot Ltd at [email protected], contact our representative Christopher Holloway at [email protected], call 01244911212, or write to Progressive Robot Ltd, 220 Chester Business Park, Heronsway, Chester, Cheshire CH4 9GB, United Kingdom. You may also lodge a complaint with the Information Commissioner’s Office at https://ico.org.uk.

Progressive Robot: Your Gateway to Comprehensive IT Solutions — Specializing in Web Development, Mobile App Development, and Expert IT Services.

Twitter Facebook Pinterest-p Ovaicon-instagram Linkedin Youtube Whatsapp Github

Links

Newsletter

Signup for our latest news & articles. We won’t give you spam mails.

Contact

© All Copyright 2026 by Progressiverobot.com

VAT Number ( 506152326 )

Progressive Robot Microsoft Solutions Partner logo with four-color square icon and text reading Microsoft Solutions Partner
Progressive Robot AMD Adaptive Computing Partner Elite badge logo
Progressive Robot NVIDIA Partner badge
vmware Partner
cisco partner
AWS Partner
IBM Partner
HP Partner
Dell partner
Juniper partner
CHAT