Privacy Policy

Effective Date: 14th April 2026

1. Introduction

Welcome to Revolve ITAD Solutions Ltd (“we,” “our,” or “us”). We are committed to protecting your personal data and respecting your privacy. This Privacy Policy explains how we collect, use, process, and safeguard your information when you use our website or engage our IT Asset Disposal (ITAD) services.

2. Our Role in Data Protection

Due to the nature of our business, we handle data in two distinct ways:

• As a Data Controller: When we collect your contact information, billing details, or website usage data to manage our business relationship with you.
• As a Data Processor: When we handle, wipe, or physically destroy IT assets (such as hard drives, laptops, and servers) on your behalf. The data residing on these assets belongs to you (the Data Controller), and we process it strictly in accordance with your instructions and our secure data destruction protocols.

3. Information We Collect

We may collect and process the following types of data:

• Identity and Contact Data: Names, business email addresses, phone numbers, and job titles of our clients and business partners.
• Financial and Transaction Data: Billing addresses, payment details, and records of services purchased.
• Asset Documentation: Asset serial numbers, collection manifests, and data destruction certificates.
• Technical and Usage Data: IP addresses, browser types, and website usage statistics collected via cookies when you visit our website.

4. How We Use Your Data

We use your personal data as a Data Controller for the following purposes:

• To provide and manage our ITAD, collection, and logistics services.
• To issue asset tracking reports and certificates of data destruction.
• To process payments and manage billing.
• To communicate with you regarding service updates, compliance, or customer support.
• To comply with our legal, environmental, and regulatory obligations.

5. Legal Basis for Processing (UK GDPR)

We rely on the following legal bases to process your personal data:

• Performance of a Contract: To deliver the IT asset disposal services you have requested.
• Legal Obligation: To retain records required for tax, environmental, or compliance audits.
• Legitimate Interests: To improve our services, manage our business efficiently, and market relevant business services to you (which you can opt out of at any time).

6. Data Destruction and IT Asset Processing

When you entrust us with data-bearing devices, we process them strictly in accordance with your instructions.

• No Access Policy: We do not access, copy, review, or use the personal or corporate data stored on your end-of-life assets for our own purposes.
• Data Erasure Standards: All data is permanently and irreversibly destroyed. We offer flexible data destruction tiers to meet varying compliance and budget requirements:
  • Standard Erasure (Default): By default, data-bearing devices undergo a secure wipe using industry leading software. This process is fully compatible with the industry-recognized NIST SP 800-88r2 (Purge) standard, ensuring data cannot be recovered.
  • Certified Erasure: For clients requiring advanced compliance reporting and verifiable audit trails, we offer certified data wiping using industry-leading Blancco software (available for an additional fee). This also conforms to the NIST 800-88 standard but provides tamper-proof, serialised certificates for each individual asset.
  • Custom Erasure Standards: If your organization requires compliance with a different specific data destruction standard (e.g. DoD 5220.22-M), we can accommodate these requests. Pricing for custom standards will vary based on the specific requirements.
• Physical Destruction: Where software wiping is not possible (e.g., heavily damaged or failed drives) or if explicitly requested and paid for by the client, we utilize secure physical destruction methods.
• Audit Trail: Upon completion of our data destruction processes, we provide formal documentation or a Certificate of Destruction (depending on the chosen service tier) for your compliance and data protection records.

7. Data Sharing and Third Parties

We do not sell your personal data. To operate our business efficiently and securely, we may share necessary information with trusted third-party data processors who act on our behalf. These include:

• Business Operations & IT Systems: * WordPress: Our website content management system.
  • Novafox ERP: Our Enterprise Resource Planning system used to manage customer relationships, logistics, asset tracking, and generate your audit reports/certificates.
  • HubSpot: Our Customer Relationship Management (CRM) platform used to manage communications, client onboarding, and marketing.
  • Microsoft Office 365: Our internal infrastructure for secure email communications and document management.
• Approved Downstream Partners: Specialised recycling facilities for processing end-of-life materials (e-waste). We ensure these partners are strictly vetted and compliant with environmental and data protection standards.
• Regulatory Authorities: We may disclose your data if required by law, court order, or environmental auditing bodies (e.g., the Environment Agency).

Note: All third-party service providers are bound by strict data processing agreements to ensure your data is kept secure and is only used for the purposes we specify.

8. Data Security

We implement robust technical and organisational measures to protect both your corporate contact data and the IT assets in our custody. Assets are handled securely from the point of collection through to final processing, refurbishment, or recycling, ensuring unauthorised access is prevented.

9. Data Retention

We retain your contact and transaction data only for as long as necessary to fulfill the purposes we collected it for, including satisfying any legal, accounting, or reporting requirements. Certificates of destruction and audit trails are kept for 7 years to support your compliance needs.

10. Your Rights

Under the UK GDPR, you have the right to:

• Request access to the personal data we hold about you.
• Request correction of inaccurate or incomplete data.
• Request erasure of your personal data (subject to legal retention requirements).
• Object to or restrict the processing of your data.
• Request the transfer of your data to another party.

11. Contact Us

If you have any questions about this Privacy Policy or how we handle your data, please contact us at:

Revolve ITAD Solutions Ltd Address: Unit4, Copley Valley Business Park, Copley Valley Road, Sowerby Bridge, HX6 2WA

Email: hello@RevolveITAD.co.uk