At a glance
- We are Daizy Tech Ltd, an IoT platform provider based in Oxfordshire, UK.
- We collect personal data to provide you with access to the Daizy platform and support your use of it.
- We do not sell your personal data. We share it only where necessary to deliver our services.
- We process your data lawfully under UK GDPR, primarily on the basis of contract performance.
- You have rights over your data. We will respond to requests within one calendar month.
- Questions? Contact us at contact@daizy.io.
1. Who We Are
Daizy Tech Ltd (‘Daizy’, ‘we’, ‘us’, ‘our’) is an IoT management platform provider. We help service providers and enterprise customers design, deploy, and manage IoT projects across a range of industry and public sectors.
Daizy Tech Ltd is the data controller for personal data collected through our website (daizy.io), platform (portal.daizy.io) and application environments (checksight.net). For personal data processed through the platform on behalf of your organisation, Daizy acts as a data processor and your organisation is the data controller.
| Registered name | Daizy Tech Ltd |
| Registered office | Unit 7 Stanley Court, Richard Jones Road, Witney, Oxfordshire, OX29 0TB, United Kingdom |
| Contact email | contact@daizy.io |
| Telephone | +44 1202 798335 |
| ICO registration | ZA788659 |
2. Scope of This Policy
This Privacy Policy applies to:
- Personal data collected when you visit daizy.io or use the Daizy platform at portal.daizy.io
- Personal data collected when you contact us, request a demo, or engage with us commercially
- Personal data processed through the Daizy platform on behalf of your organisation (where Daizy acts as data processor)
This policy does not apply to third-party websites linked from our website, or to services operated by your organisation using data exported from Daizy.
If you are an employee or contractor of Daizy Tech Ltd, a separate Employee Privacy Notice applies to you.
3. Personal Data We Collect
We collect the following categories of personal data:
| Category | Data Collected |
| Identity data | First name, last name, job title, organisation name |
| Contact data | Email address, telephone number, business address |
| Account data | Username, password (hashed), account preferences, role and permissions within your organisation |
| Usage data | Login times, platform activity logs, features accessed, session duration, IP address |
| Technical data | Browser type, device type, operating system, time zone |
| IoT device data | Sensor readings, device telemetry, location data, event and alert data processed through the platform on behalf of your organisation. This is typically not personal data but may become so where it relates to identifiable individuals (e.g. occupancy or GPS tracking of personnel) |
| IoT project data | Asset location names, addresses, latitude/longitude, asset meta-data |
| Communications data | Records of support requests, emails, and other communications with Daizy |
| Marketing preferences | Your opt-in/opt-out preferences for marketing communications |
We do not intentionally collect special category data (health, biometric, racial or ethnic origin, religious beliefs, etc.) through the platform. If your IoT deployment involves special category data — for example, health monitoring — please contact us to discuss appropriate safeguards and we will update our data processing agreement accordingly.
We do not knowingly collect personal data from children under the age of 13. Our platform is a business service intended for professional use only.
4. How We Collect Personal Data
We collect personal data through the following means:
- Directly from you — when you create an account, contact us, submit a support request, or sign up for communications
- Automatically — through your use of our website and platform, including login events, usage logs, and IP addresses
- From your organisation — where your organisation has a Daizy subscription and creates a user account for you
- Through cookies and similar technologies — see Section 10 for our Cookie Policy
5. Lawful Basis for Processing and Purposes
UK GDPR requires us to have a lawful basis for processing your personal data. The table below sets out each purpose for which we process personal data, the lawful basis we rely on, and how long we retain that data.
| Purpose | Lawful Basis | Retention |
| Account creation and management | Contract performance — necessary to create and manage your Daizy account (Art. 6(1)(b)) | Duration of account plus 6 years |
| Providing the Daizy platform and services | Contract performance — necessary to deliver the IoT management platform you have subscribed to (Art. 6(1)(b)) | Duration of subscription plus 6 years |
| Billing and invoicing | Contract performance; Legal obligation (Art. 6(1)(b) and (c)) | 7 years (UK tax law) |
| Customer support and communications | Contract performance; Legitimate interests (Art. 6(1)(b) and (f)) | Duration of account plus 3 years |
| Platform security, fraud prevention, and abuse detection | Legitimate interests — protecting the platform and our customers (Art. 6(1)(f)) | Duration of account plus 2 years |
| Platform improvement and analytics | Legitimate interests — improving our services (Art. 6(1)(f)) — anonymised/aggregated where possible | Anonymised on account closure |
| Legal compliance and regulatory obligations | Legal obligation (Art. 6(1)(c)) | As required by law |
| Marketing and product updates (where opted in) | Consent (Art. 6(1)(a)) — you may withdraw at any time | Until consent withdrawn |
| Processing IoT device data on behalf of customers | Contract performance; Data processing agreement with the customer organisation (Art. 6(1)(b) / Art. 28) | Per customer data processing agreement |
| Legitimate interests
Where we rely on legitimate interests as our lawful basis, we have assessed that our interests are not overridden by your rights. You have the right to object to processing on this basis — see Section 8 for how to exercise your rights. |
6. Who We Share Your Data With
We do not sell, rent, or trade your personal data. We share personal data only in the following circumstances:
6.1 Sub-processors
We use trusted third-party service providers (sub-processors) who process personal data on our behalf. All sub-processors are contractually bound to handle data securely and only for the purposes we specify.
6.2 Legal and regulatory disclosure
We may disclose personal data to law enforcement, regulatory authorities, or courts where we are legally required to do so, or where necessary to protect our legal rights, prevent fraud, or ensure the safety of individuals.
6.3 Business transfers
If Daizy Tech Ltd is involved in a merger, acquisition, or sale of assets, personal data may be transferred to the acquiring entity. We will notify you before your data is transferred and becomes subject to a different privacy policy.
6.4 With your organisation
If you access the Daizy platform through your employer or a contracting organisation, that organisation (as the data controller) may have access to your account data and activity within the platform as part of their platform administration.
7. International Data Transfers
Daizy primarily processes personal data within the United Kingdom and the European Economic Area (EEA).
Where personal data is transferred to a sub-processor located outside the UK/EEA (for example, certain US-based services), we ensure an appropriate safeguard is in place, which may include:
- UK International Data Transfer Agreement (IDTA)
- EU Standard Contractual Clauses (SCCs) with UK addendum
- Adequacy regulations made by the UK Secretary of State
8. Your Rights Under UK GDPR
You have the following rights in relation to your personal data. To exercise any of these rights, please contact us at contact@daizy.io. We will respond within one calendar month. We may need to verify your identity before processing your request.
| Right | What It Means | How to Exercise |
| Right of access | You may request a copy of the personal data we hold about you. | contact@daizy.io |
| Right to rectification | You may ask us to correct inaccurate or incomplete personal data. | contact@daizy.io |
| Right to erasure | You may ask us to delete your personal data where there is no legitimate reason for us to continue processing it. Note: this right is not absolute and may be limited where we have legal obligations to retain data. | contact@daizy.io |
| Right to restriction | You may ask us to suspend processing of your data in certain circumstances, for example while we verify its accuracy. | contact@daizy.io |
| Right to data portability | Where processing is based on consent or contract and carried out by automated means, you may request your data in a structured, commonly used, machine-readable format. | contact@daizy.io |
| Right to object | You may object to processing based on legitimate interests. We will stop processing unless we can demonstrate compelling legitimate grounds. | contact@daizy.io |
| Right to withdraw consent | Where processing is based on consent (e.g. marketing), you may withdraw consent at any time. Withdrawal does not affect the lawfulness of processing before withdrawal. | Unsubscribe link or contact@daizy.io |
| Right to lodge a complaint | You have the right to lodge a complaint with the UK Information Commissioner’s Office (ICO) at any time. We would ask that you contact us first so we can try to resolve your concern. | ico.org.uk or 0303 123 1113 |
We will not charge a fee for responding to rights requests unless the request is manifestly unfounded or excessive, in which case we may charge a reasonable administrative fee or refuse to act on the request.
9. How We Protect Your Data
We take information security seriously. Daizy applies the following controls to protect personal data:
- Encryption in transit — all data transmitted between your browser and our platform uses TLS 1.2 or higher
- Encryption at rest — personal data stored in our systems is encrypted at rest
- Access controls — access to personal data is restricted to authorised Daizy personnel on a need-to-know basis, using role-based access control
- Security monitoring — we monitor for security events, unusual activity, and service health
- Vulnerability management — we conduct regular vulnerability assessments and apply security patches promptly
- Supplier security — all sub-processors are assessed for security compliance and bound by contractual security requirements
- Staff training — all Daizy personnel receive information security awareness training
- Incident response — we maintain a documented incident response process. In the event of a personal data breach likely to affect your rights and freedoms, we will notify you when required by applicable law
No internet transmission is completely secure. Whilst we take all reasonable steps to protect your personal data, we cannot guarantee absolute security.
10. Cookies and Similar Technologies
Our website (daizy.io) and platform (portal.daizy.io) use cookies and similar technologies. The table below summarises the types of cookies we use:
| Category | Legal Basis | Purpose |
| Strictly necessary | Registered user | Required for the platform to function — session management, authentication, security tokens. Cannot be disabled. |
| Analytics / performance | Consent | Help us understand how visitors use our website so we can improve it. Data is anonymised or aggregated where possible. |
| Marketing / tracking | Consent | Used only where you have given consent. May include third-party analytics or remarketing tools. |
You can manage cookie preferences through your browser settings or our cookie consent tool. Disabling certain cookies may affect the functionality of the platform. For more information on cookies, visit allaboutcookies.org.
11. Data Retention
We retain personal data only for as long as necessary to fulfil the purpose for which it was collected, to comply with legal obligations, or to resolve disputes.
As a general rule:
- Account data is retained for the duration of your account plus 6 years following account closure (to comply with contract law limitation periods)
- Financial and billing records are retained for 7 years (UK tax and accounting obligations)
- Marketing contact records are retained until you unsubscribe or withdraw consent
- Security and access logs are retained for 2 years
- Support correspondence is retained for 3 years from last contact
Where data is no longer required, it is securely deleted or anonymised in line with our data retention and disposal procedures.
12. Data We Process on Behalf of Customers
When you use the Daizy platform to manage IoT devices and process sensor data, your organisation is the data controller for any personal data within that IoT data. Daizy acts as a data processor.
In this capacity:
- We process IoT data only on your organisation’s instructions
- We will not use your IoT data for our own purposes
- We will notify you promptly in the event of a data breach affecting your data
- We will assist you in responding to data subject rights requests relating to your IoT data
- We will delete or return your data on termination of your license
The terms of our data processing relationship are governed by a Data Processing Agreement (DPA), which forms part of your Daizy license terms. If you do not have a signed DPA in place, please contact contact@daizy.io.
13. Marketing Communications
You can unsubscribe at any time by:
- Clicking the unsubscribe link in any marketing email
- Emailing contact@daizy.io with ‘Unsubscribe’ in the subject line
Withdrawing from marketing does not affect the lawfulness of any processing carried out before your withdrawal, and does not affect your ability to use the Daizy platform.
We do not use your personal data for automated decision-making or profiling that produces legal or similarly significant effects.
14. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in law, our practices, or our services. When we make material changes, we will:
- Update the effective date at the top of this document
- Notify registered platform users via email or an in-platform notification
- Post the updated policy on daizy.io/privacy-policy
Continued use of the Daizy platform after notification of material changes constitutes acceptance of the updated policy, to the extent permitted by law.
15. Contact Us and Complaints
15.1 Contact Daizy
For any questions, concerns, or rights requests relating to this Privacy Policy or the personal data we hold about you, please contact:
| contact@daizy.io | |
| Post | Unit 7 Stanley Court, Richard Jones Road, Witney, Oxfordshire, OX29 0TB, UK |
| Response time | Within one calendar month of receipt |
15.2 ICO — UK Supervisory Authority
If you are not satisfied with our response, or if you believe we are processing your personal data unlawfully, you have the right to lodge a complaint with the Information Commissioner’s Office (ICO):
- Website: ico.org.uk
- Helpline: 0303 123 1113
- Post: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, SK9 5AF
We would ask that you contact us in the first instance so we have the opportunity to address your concern directly.
Daizy Privacy Policy. Updated March 2026. V2.0
