Privacy Policy

1 Aim of this policy

This privacy policy explains how Box-it Ireland uses and protects any personal information that we receive or collect from you when you visit our website or premises, when we promote or deliver our products and services to you, or when we communicate or deal with you on any other matter. This includes personal information about yourself and your choices about what marketing information you want us to share with you.

This policy also tells you about your privacy rights and how the law, the General Data Protection Regulation (GDPR) protects you.


2 Scope of this policy

This policy applies to all personal information that Box-it holds on its customers, prospective customers, prospective employees, suppliers, consultants and any other interested parties, either in physical or electronic format, including online.

It also includes other information that we collect about you that does not directly personally identify you, for example the pages you have visited on our website.

It does not relate to any information that we process on behalf of our customers.


Employee privacy

This policy does not cover personal information relating to employees. This is covered in a separate Employee privacy policy which can be downloaded from our staff intranet.


Links to third-party websites

This privacy policy only applies to the Box-it website. The Box-it website contains links to other websites hosted by third parties. If you click on links to other websites, you should read their own privacy policies or notices.

3 Policy statement

3.1 Our privacy promise

Box-it is committed to safeguarding your privacy. If we ask you to provide certain personal information, you can be assured that it will only be used in accordance with this privacy policy.

We promise:

  • to keep your data safe and private
  • never share your information outside of the Box-it group, unless required to do so by law or to fulfil our contract with you
  • not to sell your data
  • to give you ways to manage and review your marketing choices at any time.

Your privacy is also protected by law (the GDPR).

3.2 Who we are and how to contact us

Box-it, is a leading document management provider. Our registered business address is: 46 Megargy Road, Magherafelt, County Londonderry, Northern Ireland, BT45 5HP.

If you have any queries about this privacy policy or the information we hold about you, please contact our Data Protection Officer using the contact details below.

Telephone: 02879 633298

Address: Data Protection Officer, Box-it Ireland, 46 Megargy Road, Magherafelt, County Londonderry, Northern Ireland, BT45 5HP.


3.3 The information we collect from you and how we use it

The GDPR says that we are allowed to use personal information only if we have a proper reason to do so. It says we must have one or more of these reasons:

  • when you consent to it
  • to fulfil a contract we have with you
  • when it is our legal duty
  • when it is in our legitimate interest (this means we have a business or commercial reason of our own to use your information).

The table below shows how we may use your personal information, and the reasons we rely on to do so. If we ever intend to use your information for different purposes or reasons, we will provide you with further information before we make those changes.

The information we collect What we do with it Our reasons (legal basis for processing) Who we share it with
Contact information
(For example names, email addresses and telephone numbers)
Serving you as a customer
• To fulfil our contractual responsibilities to deliver products and services, such as fulfilling your orders
• To communicate with you about our products and services including service-related announcements, billing, changes to services
• To respond to your enquiries and provide customer support
• To invoice you for our services
Serving you as a prospective customer
• To respond to your enquiries
• To communicate with you about our products and services
To welcome you to our premises
• To ensure that all visitors to our sites are recorded for health and safety and information security purposes
To promote our products and services
• To make decisions about what products, services and offers we think you may be interested in
To requests products or services from you
• To check your credentials before we hire you as our supplier, contractor, consultant
• To place an order or ask questions about a product or service you provide to us
To improve our products and services
• To request feedback on products and services, for example through customer surveys
• Your consent
• Legitimate interests
• Fulfilling contracts
• Our regional offices (for enquiries or orders)
• Our external PR agency ‘Kingston PR’ (to obtain Case Studies on your approval)
• Our external Telemarketing agency ‘Smart Marketing’ (to communicate with you)
Contractual information
(Details about the products and services we provide to you or those you provide to us)
Serving you as a customer
• To fulfil our contractual responsibilities to deliver products and services, such as fulfilling your orders and requests for changes to our products and services
• To manage the invoicing of your account
Hiring you as our supplier/consultant/contractor
• To check that you meet our information security, quality, environmental and business continuity requirements
• Legitimate interests
• Fulfilling contracts
• Our regional offices
Account information
(Account number, contact information, sales and purchase information, details of pricing, fees and charges relating to your account, transactions on your account including payments)
Serving you as a customer
• To invoice you for our products and services
• To manage fees and charges on your accounts
• To send communications relating to your account
To promote our products and services
• To make decisions about what products, services and offers we think you may be interested in
To buy products and services
• To pay you for products and services purchased
• Legitimate interests
• Fulfilling contracts
• Box-it accounts and sales departments
Registration information (Security details you create and use to connect to our services, these could include one or more of the following: username, password, email address, IP addresses if restricted access is required) • To give you access to our online services for our products and services • Legitimate interests
• Fulfilling contracts
• Box-it IT department
• Box-it Customer Services department
Complaint information (identity of complainant and any other individuals involved) • To investigate and resolve complaints • Legitimate interests • To the individual who the complaint is about
(Images of you on our premises)
• To protect the security of our premises
• To protect the security of information held on our premises
• Legitimate interests • Our IT and Facilities management departments
Job applicants, current and former employees (Personal/contact details, CV, previous experience, education, referees, answers to application or interview questions, equal opportunities information – optional, shortlists) • To process your job application and keep you informed of its progress
• To assess your suitability for the role you have applied for

• If you are successful, to issue you with a contract and set you up in our payroll systemsPlease refer to our separate Employee privacy policy for full details of how we use employee information.
• Legitimate interests
• Fulfilling contracts
• HR partners (outsourced third party)
Cookies • To ensure that our website functions correctly
• To improve your experience of using our website
• Legitimate interests • Our marketing department
Any permissions, consents or preferences that you give us
• To allow us to contact you about our products and services • Consent • Our marketing department
Usage information
Information about when you interact with our websites and services, the pages you visit, what you click on, when you perform those actions
When someone visits we use Google Analytics to collect standard internet log information and details of visitor behaviour patterns. We do this to find out things such as the number of visitors to the various parts of the site. This information is only processed in a way which does not identify anyone. We do not make any attempt to find out the identities of anyone visiting our website.

We use a third-party provider, Mailchimp, to deliver our e-newsletters. We gather statistics around email opening and clicks using industry-standard technologies to help us monitor and improve our e-newsletter. For more information, please see Mailchimp’s privacy policy.

• Legitimate interests • Our IT and marketing departments
Log data
User account activity and events within Box-it applications, such as email addresses, the files viewed, orders placed, the date and timestamps of activities, changes made by the user to their account, such as description of boxes.
• To fix bugs and troubleshoot product functionality
• To create new services, features, content or make recommendations
• To track behavior at the aggregate/anonymous level to identify and understand trends in the various interactions with our services
• Legitimate interests • Our IT department

3.4 Where we collect information from

Your personal information is collected from any of these sources:

  • from the data you give us, as described in the table above
  • from event logs on user activity within our applications as described in the table above
  • from outside organisations such as companies who introduce you to us through marketing lists, if you have given your permission to those organisations to share your information with us
  • We gather statistics around email opening and click through rates via MailChimp. You can unsubscribe at any time. For more information please see MailChimp’s privacy notice.

3.5 Sharing information

We will only share your personal information in the ways set out in this privacy policy and in the following circumstances:

  • to entities or individuals within the Box-it group of companies who have a legitimate interest in the information
  • to third-parties who use your personal information to provide certain services such as Box-it sales and marketing campaigns, recruitment and HR functions
  • to business partners in order to fulfil our contractual responsibilities to deliver products and services, such as fulfilling your orders
  • to any buyer in the event that we sell any part of our business or its assets
  • to any regulatory, statutory or legal enforcement body when we are required to meet any applicable law, regulation, legal process or enforceable government request

We enter into confidentiality and data processing terms with any third parties or business partners to ensure that they comply with high levels of confidentiality and best practice in privacy and security standards.

We will not:

  • sell or trade your personal information
  • share or transfer your personal information outside of the EU.

3.6 How long we keep your personal information

We will only keep your personal information for the following time periods:

  • for as long as you have given your consent (where consent is the reason we are using your information).
  • for as long as is necessary for the performance of the contract or service, and in accordance with our own retention policy.
  • for up to one year after you stop being a customer in order to respond to a question or complaint. We may also keep your data for longer than one year if we are required to do so for legal or regulatory reasons or to adhere to our own retention policy.

Information that we hold on behalf of our customers

If you have an account with Box-it, we do not delete or destroy any information that we hold on your behalf unless we receive a written instruction from you. Our customers are responsible for setting and managing their own time periods for the retention of their information.


3.7 Your rights

You have certain legal rights relating to the personal information we hold on you. These include the right to:

  • access the personal information we hold on you
  • request that we restrict how we use your personal information
  • withdraw your consent or object to how we process your personal information
  • request that it is corrected, updated, amended or deleted in appropriate circumstances
  • request that it is transferred to another location.

If you would like to exercise any of your rights, please contact our Group Data Protection Officer using the contact details above, see 3.2 Who we are and how to contact us.

We will respond to your request within one month of receiving your request.

Keeping your information accurate and up to date

We want to ensure that your personal information is accurate and up to date. Please inform us if any of your personal information is inaccurate or needs updating.


We would like to send you information about our products and services which might be of interest. If you have consented to receive marketing information from us, you may opt out at any time by contacting our Data Protection Officer.


Box-it Ireland meets the highest standards when collecting and using personal information. For this reason, we take any complaints about this very seriously.

If you are dissatisfied with how we have handled any aspect of your privacy or personal information, please contact our Group Data Protection Officer in the first instance. We also welcome any suggestions for improvement.

You may also contact the regulator, the Information Commissioner’s Office (ICO), you will find their contact details on the ICO website (

If you choose not to give us your personal information

If we are requesting your personal information because it is necessary and relevant to the product or service we are delivering, and you withhold this information, it is likely that we will not be able to deliver the product or service, or there will be a delay in doing so.

We sometimes ask for information that is useful, but not required by law or a contract. We will make this clear when we ask for it. You do not have to give us these extra details and it won’t affect the products or services you have with us.

We will always ask for your consent before we send you marketing information, you can refuse this or opt out at any time.


3.8 Cookies

Cookies are small text files which are placed on the device you are using to browse our website.

The Box-it website uses session cookies (also called transient cookies) only. Session cookies last only for the duration of your visit, stored in temporary memory, and are erased when you close your browser. They facilitate tasks such as allowing a website to identify that a user of a particular device is navigating from page to page, supporting website security or basic functionality. This data does not contain personal details about you or your business, but it is still protected by this Privacy policy.

You can block or restrict cookies set by any website – including the Box-it website – through your browser settings. However, in a few cases some of our website features might not function as a result. If you need help and support to block cookies, visit

To find out more about how we use cookies, please see our Cookie policy.


4 Changes to our privacy policy

This policy is reviewed at least annually for appropriateness and effectiveness, or whenever significant changes occur.

We will inform you whenever we make any changes to this policy.