Privacy Policy
Effective date: 09 April 2026 | Last updated: 09 April 2026
This policy explains how Zenith Monitoring handles personal data for website enquiries and service-related communications under UK GDPR.
1. Who this policy applies to
This Privacy Policy explains how Zenith Monitoring ("we", "us", "our") collects and uses personal data when you visit our website or contact us about our services.
Zenith Monitoring provides one-off IT monitoring setup and configuration services for businesses in Northern Ireland and across the UK.
2. Personal data we collect
When you submit our website contact form, we may collect:
- Name
- Email address
- Phone number (optional)
- Company name (optional)
- Message content (which may include business/technical context you provide)
We may also process limited technical website data (for example, basic server logs) required for security, availability, and troubleshooting.
3. How we collect data
We collect data:
- Directly from you when you submit the contact form
- Directly from you when you contact us by phone, email, or video call (for example your name, contact details, and anything you tell us about your environment, requirements, or project scope)
- During pre-sales discussions or project delivery when you grant us remote access to your systems (for example via VPN, jump host, or another client-approved method). In those sessions we may incidentally see or use personal data that appears in your environment only as needed to perform the agreed work—such as account names, identifiers, hostnames, or contact details shown in tools, directories, or monitoring interfaces. We do not use remote access to copy your data to our own systems for unrelated purposes
- Automatically through normal website/server operation (for example, security and access logs)
4. Why we process your data and lawful basis (UK GDPR)
We process personal data for the following purposes:
- To respond to enquiries and discuss potential projects — Article 6(1)(b) UK GDPR (steps prior to entering a contract).
- To deliver the monitoring and related IT services we agree with you — including using your contact details and project information, and personal data we encounter in your environment during remote access (for example when configuring monitoring, producing documentation, or running handover sessions), only as needed to perform the agreed work. Article 6(1)(b) UK GDPR (performance of a contract, or steps taken at your request before a contract is in place).
- To keep this website available and secure — for example limited technical logs, protecting the site from abuse, and resolving faults or security issues. This is not used to profile you for advertising. Article 6(1)(f) UK GDPR (legitimate interests in running a safe, reliable business website).
- To meet legal or regulatory obligations where applicable — Article 6(1)(c) UK GDPR.
5. Special categories of data
Please do not submit special category personal data (for example, health data) through the website contact form unless strictly necessary. If such data is provided, we will process it only where a valid legal basis applies.
6. Use of third-party service providers
Our contact form uses Web3Forms to transmit enquiry submissions to us. This means form data is processed by that provider on our behalf as part of the website enquiry workflow.
Where we use third-party processors, we select providers with appropriate security and contractual protections.
7. Checkmk and data handling
Zenith Monitoring uses Checkmk (open-source monitoring software) in client projects.
- We typically deploy and configure Checkmk within the client's own environment (or another environment designated by the client).
- Monitoring data generated by Checkmk is ordinarily stored in that client-controlled environment, not on a Zenith Monitoring-operated public service.
- Zenith Monitoring does not send your monitoring data to Checkmk GmbH by default simply by using open-source software.
- If a project includes integrations, hosted components, or third-party plugins that transfer data externally, this is agreed in writing as part of project scope and data processing terms.
8. Data Sharing
We do not sell personal data.
We only share personal data with trusted service providers who help us deliver our services (such as hosting, email or billing providers). These service providers can only use the data to carry out the tasks we instruct them to and are not permitted to use it for their own purposes.
We may also share personal data where required by law, or when necessary to protect our business or to establish, exercise or defend legal claims.
9. International transfers
If personal data is transferred outside the UK, we implement appropriate safeguards required by UK data protection law (for example adequacy regulations or approved contractual clauses).
10. Retention
We retain enquiry data only as long as necessary for responding to your enquiry, follow-up communications, and legal/accounting record-keeping requirements.
Retention periods vary by context. Data no longer required is securely deleted or anonymised.
11. Security
We take the security of personal data seriously and use appropriate technical and organisational measures to protect it. These include:
- Full-disk encryption on all company devices
- Strong authentication, including complex passwords and device-level security
- Automatic security updates for the operating system and installed software
- Up-to-date antivirus and endpoint protection
- Least-privilege access controls, ensuring data is only accessible when required
- Secure storage and handling practices, including encrypted backups
- Device lock and inactivity timeouts to prevent unauthorised access
- Use of the client's approved VPN when accessing their systems or environments, ensuring all connections are encrypted and compliant with their security requirements
These measures help ensure that personal data is protected against loss, misuse, unauthorised access, and other security risks.
12. Your rights (UK GDPR)
Subject to legal conditions, you may have rights to access, correct, erase, restrict, or object to processing of your personal data, and rights to portability where applicable.
To exercise your rights, contact us via our contact form.
You also have the right to complain to the UK Information Commissioner's Office (ICO): https://ico.org.uk.
13. Cookies and tracking
At the time of this policy, we do not intentionally use advertising trackers. If analytics or non-essential cookies are introduced, this policy and any consent mechanisms will be updated accordingly.
14. Children's data
Our services are intended for business users and not directed at children.
15. Changes to this policy
We may update this Privacy Policy from time to time. The latest version will always show the "Last updated" date at the top of this page.
16. Third-party software notice (including Checkmk)
Our services may involve third-party software, including open-source tools such as Checkmk. Use of third-party software in client environments may be subject to those third parties' own licences and policies.
For transparency, we recommend reviewing: https://checkmk.com and related legal/licensing pages on their website.