Privacy Policy

Effective Date: 16/02/2026
Last Updated: 16/02/2026

1. Who We Are

This website is operated by:

Tristan Bend, trading as TAB Innovations
Sole Trader, registered in the United Kingdom.
Business Address: 4 Woodpecker Close, PO9 2SF
Email: tristan@tabinnovations.com

For the purposes of UK data protection law, we act as:

  • Data Controller in relation to personal data collected through our website and business operations.

  • Data Processor when providing automation services to clients and processing their customer data on their behalf.

We are registered with the Information Commissioner's Office under registration number: [Insert ICO Number].

2. Scope of This Policy

This Privacy Policy explains:

  • What personal data we collect

  • How we use it

  • Our lawful bases for processing

  • How we protect it

  • Your rights under UK GDPR

This policy applies to visitors of our website and clients of our services.

3. What Personal Data We Collect

A. Website Visitors & Enquiries

We may collect:

  • Name

  • Email address

  • Phone number

  • Business name

  • Enquiry details

  • IP address

  • Browser/device information

  • Cookie and analytics data

B. Prospective & Existing Clients

We may collect:

  • Contact details

  • Business details

  • Billing information

  • Contractual communications

  • Project-related information

C. Client Customer Data (When Delivering Services)

When providing automation systems, we may process data belonging to our clients’ customers, including:

  • Customer names

  • Email addresses

  • Phone numbers

  • Booking details

  • Enquiry information

In these circumstances:

  • The client is the Data Controller

  • We act strictly as a Data Processor

We only process such data in accordance with client instructions.

4. How We Use Personal Data

We may use personal data to:

  • Respond to enquiries

  • Provide our services

  • Deliver proposals and quotations

  • Manage client relationships

  • Send service-related communications

  • Improve our website performance

  • Comply with legal and tax obligations

  • Send marketing communications (where lawful)

5. Lawful Bases for Processing

Under UK GDPR, we rely on the following lawful bases:

Contractual Necessity

To provide services agreed with clients.

Legitimate Interests

For:

  • Responding to business enquiries

  • B2B marketing communications

  • Improving our services

We ensure our legitimate interests do not override individual rights.

Consent

Where you opt in to receive marketing communications.

Legal Obligation

For accounting, tax compliance, and regulatory requirements.

6. Data Sharing

We do not sell personal data.

We may share data with trusted third-party service providers where necessary to operate our business, including:

  • CRM providers such as HubSpot

  • Automation platforms such as Zapier

  • Analytics providers such as Google Analytics

  • Website hosting providers

  • Accountants and professional advisers

  • Payment processors

All third parties are required to process data securely and lawfully.

7. International Data Transfers

Some of our service providers may process data outside the United Kingdom.

Where data is transferred internationally, we ensure appropriate safeguards are in place, including:

  • Standard Contractual Clauses

  • Adequacy decisions

  • Contractual data protection agreements

8. Data Retention

We retain personal data only for as long as necessary:

  • Enquiry data: Up to 24 months

  • Client contractual records: Minimum 6 years (for HMRC compliance)

  • Marketing data: Until you unsubscribe

  • Client customer data: As instructed by the client

When data is no longer required, it is securely deleted or anonymised.

9. Data Security

We take appropriate technical and organisational measures to protect personal data, including:

  • Secure cloud-based systems

  • Encrypted data transmission (HTTPS)

  • Restricted access controls

  • Strong password policies

  • Secure third-party providers

While we take reasonable steps to protect data, no system is completely secure.

10. Cookies & Tracking Technologies

Our website uses cookies and similar technologies.

These may include:

  • Essential cookies (required for website functionality)

  • Analytics cookies

  • Performance cookies

You can control cookie preferences through your browser settings or our cookie consent banner.

For more information, please refer to our Cookie Policy.

11. Marketing Communications

Where permitted by law, we may send business-related marketing communications.

You may:

  • Unsubscribe at any time

  • Withdraw consent

  • Object to direct marketing

All marketing emails include an unsubscribe option.

12. Your Rights

Under UK GDPR, you have the right to:

  • Access your personal data

  • Request correction of inaccurate data

  • Request erasure of your data

  • Restrict processing

  • Object to processing

  • Request data portability

  • Withdraw consent (where applicable)

To exercise your rights, contact us at: tristan@tabinnovations.com

You also have the right to lodge a complaint with the Information Commissioner's Office.

13. Data Processor Role (Client Services)

When we provide automation systems to hospitality businesses:

  • We act as a Data Processor

  • Our client remains the Data Controller

  • We process customer data solely to deliver agreed services

  • We implement appropriate security safeguards

  • We do not use client customer data for our own purposes

A separate Data Processing Agreement may apply between us and our clients.

14. Third-Party Links

Our website may contain links to third-party websites. We are not responsible for their privacy practices.

15. Changes to This Policy

We may update this Privacy Policy periodically.

The updated version will be published on this page with a revised “Last Updated” date.