These terms are provided for transparency. The contractual document signed with each Customer before deployment is the controlling version. Always review with your own legal counsel before agreeing.
Legal
Last updated: 17 May 2026 · Version 1.1
OpsWork is operated by Saqib Engineering Ltd, a company incorporated in England and Wales under Companies House registration number 15866031, trading as OpsWork. Registered office: Unit 17b Bradmarsh Business Park, Rotherham S60 1BY, United Kingdom. VAT registration: GB 491767937.
For all privacy-related questions, contact [email protected]. We will respond within five working days and resolve any formal request within one calendar month in accordance with UK GDPR.
Saqib Engineering Ltd is not currently required to appoint a statutory Data Protection Officer under UK GDPR Article 37. Privacy responsibility sits with Saqib Shah, Managing Director.
We act in two distinct capacities:
(a) Data Controller — in respect of personal data submitted through this website, demo forms, sales correspondence and customer contract administration.
(b) Data Processor — in respect of customer data processed by the OpsWork product operating inside the customer-controlled Microsoft 365 tenant and Azure subscription. Our processor obligations are governed by the Data Processing Agreement signed before deployment.
Through the website and sales process: your name, work email address, business telephone number, job title, company name, the content of any message you send us, and any information you choose to share during a demo. We collect technical data required to operate the website securely: IP address, browser user-agent string, device type, pages visited, and timestamps. This is retained in server logs for 30 days.
Through the OpsWork product: customer data is processed inside the customer's own Microsoft 365 tenant and Azure subscription. We do not receive or retain customer content outside of agreed support windows. Further detail is in the Data Processing Agreement.
We do not knowingly collect data from children. The Service is not directed at or intended for any person under 18 years of age.
We do not solicit special category personal data (UK GDPR Article 9). Customer-side processing through the OpsWork product may include special category data (for example, HR records processed by the Paul agent) — this is processed inside the customer's own tenant under the customer's controller obligations. We do not access such data unless explicitly authorised for support.
We rely on the following lawful bases:
(a) Legitimate interest — responding to business enquiries, operating and securing the website, communicating with customers about their subscription, business development outreach within PECR limits.
(b) Performance of contract — delivering the OpsWork Service under the subscription and Master Services Agreement.
(c) Legal obligation — compliance with UK statutory record-keeping, tax, and regulatory requirements.
(d) Consent — for optional marketing communications, which you can withdraw at any time by emailing [email protected] or via the unsubscribe link in any marketing message.
The OpsWork product uses AI agents to prepare drafts and decisions for review. Within the customer environment, no client-facing, irreversible or material action is taken without explicit human approval. Customers are the controllers of any automated processing within their tenants and are responsible for related data subject rights handling.
We do not subject visitors to this website to automated decision-making that produces legal or similarly significant effects. We do not use customer data or any data collected via this website to train, fine-tune or otherwise improve any AI model.
We use your data to: respond to enquiries and quotation requests; deliver onboarding and ongoing service; administer your subscription, billing and account; provide support; meet legal and regulatory obligations; analyse and improve website performance and security; and, where you have consented, send marketing communications about new features, content and events.
We only send marketing communications by electronic means where you have consented, or where you are an existing customer receiving information about services similar to those you have purchased and have not opted out (PECR soft opt-in).
You can opt out at any time by emailing [email protected] or clicking the unsubscribe link in any marketing email. Opt-outs are honoured within 5 working days.
We do not sell, rent or trade personal data. We share personal data only with:
(a) Sub-processors necessary to deliver the Service. Our operational sub-processors are: Microsoft Corporation (Microsoft 365, Azure, Azure OpenAI), Cloudflare Inc. (website hosting and DNS).
(b) Professional advisers (accountants, lawyers, auditors, insurers) under appropriate confidentiality obligations.
(c) Authorities where required by law, regulation or court order.
The current sub-processor list is published at opswork.uk/sub-processors and provided to customers on request as part of the procurement documentation. Material changes to the sub-processor list are notified to customers in advance.
Customer data processed through the OpsWork product remains inside the customer-controlled Microsoft 365 tenant and Azure subscription. We deploy product workloads into UK South Azure region. Where any onward transfer outside the UK or European Economic Area is necessary (for example, Microsoft's global service operations), we rely on the UK Addendum to EU Standard Contractual Clauses or another appropriate UK GDPR Article 46 transfer mechanism.
Website enquiry records: retained 24 months from last meaningful contact, then deleted or anonymised.
Customer contract records (including correspondence, contract documents and financial records): retained 7 years after termination of the subscription, in accordance with the Companies Act 2006 and HMRC record-keeping requirements.
Server access and security logs: retained 30 days then deleted.
Marketing data: retained until you opt out, then suppressed indefinitely to honour your opt-out.
You have the right to: be informed about how your data is used; access your personal data; rectify inaccurate data; request erasure (in defined circumstances); restrict or object to processing; data portability; not be subject to solely automated decision-making with legal effect; and withdraw consent where processing relies on consent.
To exercise any of these rights, email [email protected] with sufficient information for us to identify your records. We will respond within one calendar month, extendable to three months in complex cases where we will inform you of the reason within the first month.
This website uses strictly necessary cookies only — for session integrity and security. We do not use third-party advertising cookies, social media tracking pixels, or cross-site tracking technologies. We do not display any third-party advertising.
We maintain appropriate technical and organisational measures (UK GDPR Article 32) including: encrypted transmission (TLS 1.2+), encrypted storage where applicable, least-privilege access controls, signed and timestamped audit logs, Entra ID identity for product agents, Azure Key Vault for secrets, and regular review of access. Further detail is in the Security architecture page and the Data Processing Agreement.
We carry appropriate professional indemnity and cyber liability insurance. Details can be provided to customers under non-disclosure during procurement.
This website may contain links to third-party websites and services. We are not responsible for the privacy practices or content of those websites and the inclusion of any link is not an endorsement. You should review the privacy policies of any third-party service before sharing personal data.
If you are dissatisfied with how we handle your personal data, please contact [email protected] first. You also have the right to lodge a complaint with the UK Information Commissioner's Office (ICO) at ico.org.uk.
We may update this Privacy Policy from time to time. The "Last updated" date at the top of this page indicates the date of the most recent revision. Material changes will be notified to customers via email and to website visitors via a notice on this page for at least 30 days.
For privacy questions: [email protected]
For general enquiries: [email protected]