Privacy Policy

Last Updated: January 1, 2025

Introduction

This Privacy Policy explains how Movebot (“we,” “us,” or “our”) collects, uses, protects, and shares your personal information when you use our data migration services, visit our website (movebot.co.uk), or interact with our migration platform and migration partner network.

We are registered in England and our registered office is at P.O Box 156, United Kingdom KT8 8FR. Movebot is a registered trademark in the United Kingdom with trademark UK00004107238 under Class 9 & 42.

Important Information

Our Commitment to Privacy: Movebot recognizes the critical importance of protecting personal and confidential information, especially given the nature of our data migration services. We are committed to transparency, data protection compliance, and maintaining the highest security standards.

Scope: This Privacy Policy covers personal data we process as a data controller when you use our services, visit our website, or interact with us directly. For data we process on your behalf during migrations, separate data processing agreements apply.

Children’s Privacy: Our services are not intended for children under 16, and we do not knowingly collect personal data from children.

Updates: We review this policy regularly and will notify you of material changes via email or website notice. Your continued use of our services after changes take effect constitutes acceptance of the updated policy.

What Information We Collect

We collect personal information through various means to provide and improve our migration services:

Information You Provide Directly

Account and Registration Data:

  • Name, job title, and company information
  • Business email address and phone number
  • Billing address and payment information
  • Account credentials and authentication details

Service-Related Information:

  • Migration source and destination details
  • Technical requirements and configuration preferences
  • Support requests and communication history
  • Feedback, survey responses, and testimonials

Business Communications:

  • Correspondence via email, phone, or chat
  • Meeting and consultation notes
  • Contract negotiations and legal communications

Information We Collect Automatically

Technical Data:

  • IP address, browser type, and device information
  • Website usage patterns and page interactions
  • Login times, session duration, and feature usage
  • Performance metrics and error logs

Migration Metadata:

  • Data volumes, transfer rates, and migration statistics
  • Error reports and troubleshooting logs
  • System performance and optimization data
  • Audit trails and compliance records

Information from Third Parties

Business Partners and Integrations:

  • Information from authorized representatives at your organization
  • Technical details from connected platforms and services
  • Referral information from partners and resellers

How We Use Your Information

We process your personal data for the following purposes, based on legitimate business interests, contractual necessity, or legal compliance:

Service Provision and Account Management

  • Creating and managing your account (Contract performance)
  • Providing migration services and technical support (Contract performance)
  • Processing payments and billing (Contract performance)
  • Communicating about service status and updates (Legitimate interest)

Service Improvement and Development

  • Analyzing usage patterns to improve our platform (Legitimate interest)
  • Developing new features and migration capabilities (Legitimate interest)
  • Conducting research and analytics on migration trends (Legitimate interest)
  • Optimizing performance and troubleshooting issues (Legitimate interest)

Business Operations and Compliance

  • Maintaining security and preventing fraud (Legitimate interest)
  • Complying with legal and regulatory requirements (Legal obligation)
  • Managing business relationships and communications (Legitimate interest)
  • Protecting our rights and property (Legitimate interest)

Marketing and Communications (with consent where required)

  • Sending relevant product updates and newsletters (Consent/Legitimate interest)
  • Providing educational content about data migration (Legitimate interest)
  • Inviting you to events, webinars, or surveys (Consent)
  • Sharing case studies and success stories (Consent)

Data Processing During Migrations

Processor Relationship: When performing data migrations, we typically act as a data processor on your behalf. In these cases:

  • We and/or migration partners process migration data strictly according to your documented instructions
  • We and/or migration partners implement appropriate technical and organizational security measures
  • We and/or migration partners maintain confidentiality and limit access to authorized personnel only
  • We and/or migration partners assist with data subject rights requests and regulatory compliance
  • We and/or migration partners delete or return data upon completion or termination as instructed

Security During Migration: All data in transit is encrypted using enterprise-grade encryption protocols. Temporary data processing occurs in secure, isolated environments with restricted access and comprehensive logging.

Information Sharing and Disclosure

We may share your personal information in the following circumstances:

Service Providers and Partners

  • Cloud infrastructure providers for hosting and data processing
  • Payment processors for billing and transaction management
  • Technical support vendors for specialized assistance related to your data migration requirements.
  • Professional services firms for legal, accounting, and audit purposes (if applicable)

Business Transfers

  • In connection with mergers, acquisitions, or sale of business assets
  • Due diligence processes with appropriate confidentiality protections

Legal Requirements

  • To comply with applicable laws, regulations, or court orders
  • To respond to lawful requests from public authorities
  • To protect our rights, property, or safety, or that of others
  • To investigate suspected fraud or security incidents

With Your Consent

  • For purposes you have specifically authorized
  • When sharing testimonials or case studies (with explicit permission)
  • As part of your form submission you accept we may use your data to discuss migration requirements with our dedicated team of partners which may include contracted engineers, partners, MSP’s & MSSP’s where applicable.

International Data Transfers

Transfer Mechanisms: We may transfer your personal data outside the UK/EEA to provide our services. When we do, we ensure appropriate safeguards through:

  • Adequacy decisions by relevant data protection authorities
  • Standard Contractual Clauses approved by the European Commission
  • International Data Transfer Agreements with appropriate safeguards
  • Certification schemes and codes of conduct where applicable

Third Country Processing: Our primary service providers are located in the England, Scotland, Wales & Ireland. We maintain records of all international transfers and the safeguards in place.

Data Security and Retention

Security Measures

We implement comprehensive security controls including:

  • Encryption of data at rest and in transit using AES-256 and TLS 1.3
  • Access controls with multi-factor authentication and role-based permissions
  • Network security with firewalls, intrusion detection, and monitoring
  • Physical security at data centers with 24/7 surveillance and access controls
  • Regular security audits and penetration testing
  • Incident response procedures with notification protocols

Data Retention

We retain personal data only as long as necessary for:

  • Account data: Duration of business relationship plus 7 years for accounting/tax purposes
  • Migration metadata: 2 years after migration completion for support purposes
  • Marketing data: Until consent is withdrawn or legitimate interest expires
  • Legal compliance: As required by applicable laws and regulations

Secure Deletion: When retention periods expire, we securely delete data using industry-standard methods to prevent recovery.

Your UK Privacy Rights

Under UK GDPR and applicable data protection laws, you have the following rights:

Access and Portability

  • Right of access: Request copies of your personal data and information about our processing
  • Right to data portability: Receive your data in a structured, machine-readable format

Correction and Deletion

  • Right of rectification: Correct inaccurate or incomplete personal data
  • Right to erasure: Request deletion of your personal data in certain circumstances

Processing Controls

  • Right to restrict processing: Limit how we use your data in specific situations
  • Right to object: Object to processing based on legitimate interests or for direct marketing
  • Right to withdraw consent: Withdraw consent for processing where applicable

Automated Decision-Making

  • Right not to be subject to automated decision-making, including profiling with legal effects

Exercising Your Rights

To exercise these rights, contact us at [privacy@movebot.co.uk] with:

  • Clear identification of yourself and your request
  • Verification of your identity (for security purposes)
  • Specific details about the data or processing in question

We will respond within one month, or notify you if additional time is needed for complex requests.

Cookies and Online Tracking

We use cookies and similar technologies to:

  • Essential cookies: Enable core website functionality and security
  • Analytics cookies: Understand website usage and improve user experience
  • Marketing cookies: Provide relevant content and measure campaign effectiveness

Cookie Management: You can control cookie preferences through your browser settings or our cookie preference center. Some cookies are essential for website functionality and cannot be disabled.

Detailed information about our cookie usage is available in our separate Cookie Policy.

Data Breach Notification

In the event of a personal data breach that poses risks to your rights and freedoms:

  • We will notify relevant supervisory authorities within 72 hours where required
  • We will inform affected individuals without undue delay when high risks are involved
  • We will provide clear information about the nature of the breach and our response
  • We maintain detailed incident response procedures and breach registers

Third-Party Services and Links

Our website and services may contain links to third-party websites, applications, or services. We are not responsible for the privacy practices of these third parties. We encourage you to review their privacy policies before providing any personal information.

Integration Partners: When you connect our services with third-party platforms, separate privacy policies and terms of service may apply to your use of those platforms. Your dedicated and assigned migration partner may issue separate terms of service as part of the project plan which you will need to review/accept as part of the approved migration.

Business Changes

If we undergo a merger, acquisition, or sale of assets, your personal data may be transferred to the new entity. We will:

  • Provide advance notice of such transfers
  • Ensure the new entity honors existing privacy commitments
  • Offer choices regarding the transfer where legally possible

Contact Information

Privacy Inquiries

For questions about this Privacy Policy or our data practices:

Data Protection Officer

Our Data Protection Officer can be reached at:

Complaints and Concerns

We encourage you to contact us first with any privacy concerns. You also have the right to lodge a complaint with the supervisory authority:

Information Commissioner’s Office (ICO)

  • Website: www.ico.org.uk
  • Phone: 0303 123 1113
  • Post: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF

Legal Basis for Processing

We process personal data under the following legal bases:

  • Contract: To perform our obligations under service agreements
  • Legitimate Interest: For business operations, security, and service improvement
  • Legal Obligation: To comply with laws and regulations
  • Consent: For marketing communications and optional features (where required)

Definitions

Personal Data: Information relating to an identified or identifiable natural person.

Data Controller: The entity that determines the purposes and means of processing personal data.

Data Processor: The entity that processes personal data on behalf of a data controller.

Data Subject: The individual to whom personal data relates.

This Privacy Policy is designed to be transparent and comprehensive. If you have questions about any section or need clarification about our data practices, please contact us at privacy@movebot.co.uk.