Quick Access
Client Portal | VoIP Portal | Raise a Ticket
UK GDPR & PECR

Privacy Policy

How we collect, use, and protect your personal data — including our use of cookies and Google Analytics.

Effective: 1 May 2026 Last reviewed: April 2026 Applies to: hightidegroup.net

1. Who we are

High Tide Group Limited is the data controller for personal data collected through this website and in connection with our services. We are registered with the ICO and regulated by Ofcom as a Communications Provider.

DetailInformation
Registered nameHigh Tide Consulting Ltd T/A High Tide Group
Company number06602595
Registered addressGreenbank, Stranton, Hartlepool, TS24 7QT, England
ICO registration numberZA931231
Privacy contactprivacy@hightidegroup.net
Telephone01429 818 332

2. What personal data we collect

Information you give us

  • Name, email, phone number and company name when you contact us or use our contact form
  • Billing and payment information when you take a service
  • Communications you send us, including emails and support tickets
  • Information needed to manage your services (site addresses, technical contacts, call records for VoIP)

Information we collect automatically

  • Website usage data via Google Analytics (pages visited, time on site, device type, approximate location) — only with your consent
  • IP address and server logs for security and fraud prevention
  • Cookie data as described in Section 4

Information from third parties

  • Business contact details from public sources or referrals where we have legitimate interest in contacting you about our services

3. Why we use your data and our lawful basis

PurposeLawful basis
Responding to enquiries and providing quotesLegitimate interests / pre-contractual steps
Delivering and managing contracted servicesPerformance of a contract
Sending invoices and processing paymentsPerformance of a contract / legal obligation
Customer support and complaint handlingPerformance of a contract / legal obligation
Retaining call data records (CDRs) for VoIP servicesLegal obligation — Ofcom GC C4.3 (12 months minimum)
Analysing website traffic via Google AnalyticsConsent
Keeping our network and systems secureLegitimate interests
Marketing to existing customersLegitimate interests (soft opt-in) / consent where required
Complying with legal and regulatory obligationsLegal obligation

4. Cookies & Google Analytics

We use two types of cookies on this website.

CategoryCookie name(s)PurposeDurationConsent?
Necessary htg_cookie_consent Stores your cookie preference 1 year No
Analytics _ga, _ga_* Google Analytics — anonymised usage data Up to 2 years Yes — consent only
We do not load Google Analytics until you accept cookies. If you decline, no analytics data is sent to Google. IP anonymisation is enabled.

Google Analytics data may be stored on servers in the USA. Google LLC is certified under the EU-US Data Privacy Framework. See Google's Privacy Policy for details.

Change your cookie preferences

Click below to reset your preference — the consent banner will reappear on your next page load.

5. Who we share your data with

We do not sell your personal data. We share it only where necessary:

RecipientPurposeLocation
Managed service & infrastructure suppliersDelivering contracted services — bound by data processing agreementsUK / EEA
Google LLCGoogle Analytics (consent only, IP anonymised)USA (DPF certified)
Payment processorsInvoice and payment processingUK
Regulatory & law enforcement bodiesWhere required by law (Ofcom, ICO, police)UK
CISAS (ADR scheme)Where a complaint is referred to dispute resolutionUK
We do not identify our underlying infrastructure or network suppliers in customer-facing communications. For data subject access requests relating to data held by third parties on our behalf, contact us directly and we will coordinate.

6. How long we keep your data

Data typeRetention periodReason
Enquiry and contact form data3 years from last contactLegitimate interests
Customer account and service records7 years from end of contractHMRC / Companies Act
Call data records (VoIP)Minimum 12 monthsOfcom General Condition C4.3
Complaint recordsMinimum 12 months from resolutionOfcom General Condition C4
Google Analytics dataUp to 14 months (GA4 default)Consent — anonymised
Server and security logs90 daysLegitimate interests — security
Financial records7 yearsHMRC legal obligation

7. How we protect your data

As a Cyber Essentials Plus certified organisation, we apply appropriate technical and organisational measures including:

  • Encrypted data transmission (TLS/HTTPS) across all web services
  • Access controls limiting data access to only those who need it
  • Regular security patching and vulnerability management
  • Staff training on data protection and information security
  • Incident response procedures for potential data breaches

In the event of a personal data breach likely to risk your rights and freedoms, we will notify the ICO within 72 hours and inform affected individuals without undue delay.

8. Your rights under UK GDPR

To exercise any right, contact us at privacy@hightidegroup.net. We will respond within one calendar month.

Right of access

Request a copy of the personal data we hold about you.

Right to rectification

Ask us to correct inaccurate or incomplete data.

Right to erasure

Ask us to delete data where there is no longer a lawful basis to hold it.

Right to restrict processing

Ask us to pause processing in certain circumstances.

Right to portability

Receive your data in a commonly used format where processing is by consent or contract.

Right to object

Object to processing based on legitimate interests, including direct marketing.

Automated decisions

We do not make solely automated decisions with significant effects on individuals.

Withdraw consent

Where processing is based on consent, you can withdraw at any time without affecting prior processing.

Right to complain: You can lodge a complaint with the ICO at ico.org.uk or call 0303 123 1113. We would appreciate the chance to address your concerns directly first.

9. Children's data

Our website and services are directed at businesses and adults. We do not knowingly collect data from children under 13. If you believe we have done so inadvertently, contact us at privacy@hightidegroup.net and we will delete it promptly.

10. Changes to this policy

We may update this Privacy Policy to reflect changes in our practices or legal obligations. Material changes will be reflected in the "Last reviewed" date above. Continued use of our website after an update constitutes acknowledgement of the revised policy.

11. Contact us

For any questions about this Privacy Policy or to exercise your data subject rights:

High Tide Group Limited — Privacy Team

Email
privacy@hightidegroup.net

Telephone
01429 818 332

Post
High Tide Group Limited, Hartlepool, England

We aim to respond to all data protection enquiries within one calendar month as required by UK GDPR Article 12.