Privacy Policy
Your privacy matters to us. This policy explains how TotalSoft IT Solutions collects, uses, and protects your personal data.
Last updated: 19 February 2026
1. Who We Are
TotalSoft IT Solutions Ltd ("we", "us", "our") is the data controller responsible for your personal data. We are a UK-based digital agency providing:
- Professional website design and development for clients
- Facebook / Meta advertising management services
- Garage Management Software (SaaS) — a cloud-based platform for automotive businesses
- Other SaaS products and software solutions
Contact us about privacy:
Email: info@totalsoft.co.uk
Phone: +44 7459 184247
Address: United Kingdom
2. What Data We Collect
2.1 Data You Provide Directly
- Contact form submissions — your name, email address, phone number, and any message you send us
- Business enquiries — company name, project details, budget information
- SaaS account registration — for our Garage Management Software and other SaaS products: name, email, business name, billing address, payment details (processed securely via our payment provider)
- Client data (web design) — when you engage us to build a website, we may handle content, imagery, and business information you supply
2.2 Data Collected Automatically
- Analytics data — device type, browser, pages visited, time on site, referring URLs (via Google Analytics or similar)
- Cookies and tracking pixels — including the Meta (Facebook) Pixel for advertising attribution. See our Cookie Policy
- IP address and location data — approximate geographic location derived from your IP address
- Log data — server logs including access times, errors, and technical identifiers
2.3 Data Collected via Facebook / Meta Ads
When we run advertising campaigns on your behalf (or our own), Meta collects data through the Meta Pixel, Conversions API, or Custom Audiences. This may include hashed email addresses, page views, and events on your website. You should review Meta's Privacy Policy for full details of how Meta processes this data.
2.4 SaaS Product Data (Garage Management Software & Others)
When you use our SaaS products, we collect and store data you input into the platform, including customer records, vehicle information, job sheets, invoices, and financial data. You remain the data controller for the data you input; we act as your data processor under a Data Processing Agreement (DPA) available on request.
3. How We Use Your Data
| Purpose | Legal Basis (UK GDPR) |
|---|---|
| Responding to enquiries and providing quotes | Legitimate interests / Pre-contractual steps |
| Delivering web design, development, and IT services | Performance of a contract |
| Managing your SaaS subscription (Garage Software etc.) | Performance of a contract |
| Running Facebook / Meta advertising campaigns | Performance of a contract / Legitimate interests |
| Sending service updates, invoices, and support communications | Performance of a contract |
| Marketing communications about our services (with opt-out) | Legitimate interests / Consent |
| Website analytics and performance monitoring | Legitimate interests / Consent |
| Fraud prevention, security, and legal compliance | Legal obligation / Legitimate interests |
| Retargeting advertising via Meta Pixel and Custom Audiences | Consent |
4. Who We Share Your Data With
We do not sell your personal data. We may share data with:
- Meta Platforms (Facebook / Instagram) — for advertising, Pixel tracking, and Custom Audience creation
- Google — Google Analytics for website analytics; Google Workspace for business communications
- Cloud and hosting providers — e.g., AWS, Vercel, or similar — for storing and serving our websites and SaaS products
- Payment processors — such as Stripe, to securely handle subscription and invoice payments for our SaaS products
- Email service providers — for transactional and marketing emails
- Legal and professional advisers — solicitors, accountants, where required
- Law enforcement or regulators — when required by law
Client websites: If we build your website, you (the client) are the data controller for all data collected on your site. We act as a data processor during development and, if applicable, hosting. A Data Processing Agreement (DPA) can be provided on request.
5. International Data Transfers
Some of our third-party service providers (e.g., Meta, Google, AWS) may process data outside the UK or EEA. Where this occurs, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses (SCCs) or UK Adequacy Decisions.
6. How Long We Keep Your Data
- Enquiry / contact data — up to 2 years after last contact
- Client project data — for the duration of the contract plus 6 years (for legal/tax compliance)
- SaaS account data — for the duration of your subscription plus 30 days after cancellation (allowing data export), then securely deleted unless legally required to retain
- Financial records — 7 years (HMRC requirement)
- Analytics data — typically 26 months (Google Analytics default; configurable)
- Marketing preferences — until you opt out or withdraw consent
7. Your Rights Under UK GDPR
You have the following rights regarding your personal data:
📋 Right of Access
Request a copy of the personal data we hold about you.
✏️ Right to Rectification
Request correction of inaccurate or incomplete data.
🗑️ Right to Erasure
Request deletion of your personal data ("right to be forgotten") where no legal basis for retention exists.
⏸️ Right to Restrict Processing
Request that we limit how we use your data in certain circumstances.
📦 Right to Data Portability
Receive your data in a machine-readable format to transfer to another provider.
🚫 Right to Object
Object to processing based on legitimate interests, including for direct marketing.
🔄 Right to Withdraw Consent
Withdraw consent at any time where processing is based on consent.
🤖 Rights Re: Automated Decisions
Not to be subject to solely automated decisions that significantly affect you.
To exercise any of these rights, contact us at info@totalsoft.co.uk. We will respond within one month. You also have the right to lodge a complaint with the Information Commissioner's Office (ICO).
8. Cookies & Tracking
We use cookies and similar tracking technologies on our website and, where applicable, within our SaaS products. This includes the Meta Pixel for advertising attribution and Google Analytics for website performance. For full details, see our Cookie Policy.
9. Children's Privacy
Our services are intended for businesses and adults aged 18 and over. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us immediately.
10. Data Security
We implement appropriate technical and organisational measures to protect your personal data, including encryption in transit (TLS/HTTPS), secure cloud infrastructure, access controls, and regular security reviews. No method of transmission over the internet is 100% secure; however, we take all reasonable steps to protect your information.
11. Changes to This Policy
We may update this Privacy Policy from time to time. The "Last updated" date at the top of this page will reflect any changes. We encourage you to review this policy periodically. Continued use of our services after changes constitutes acceptance of the updated policy.
12. Contact Us
For any privacy-related questions, requests, or concerns: