Policy’s & Documents

INDIGO IT Environmental Policy

View the INDIGO IT 2021 carbon report here

INDIGO IT Environmental Policy 2023

Environmental Policy INDIGO IT is committed to providing a quality service in a manner that ensures a safe and healthy workplace for our employees and minimises our potential impact on the environment. We will operate in compliance with all relevant environmental legislation, and we will strive to use pollution prevention and environmental best practices in all we do. Our Policy, therefore, is to

  • Integrate the consideration of environmental concerns and impacts into our decision making and activities
  • Minimise our waste and then reuse or recycle as much of it as possible
  • Minimise energy and water use within our buildings and processes to conserve supplies and Minimise the consumption of natural resources
  • As far as is possible, purchase products and services that do the least damage to the environment.
  • Promote environmental awareness among our employees and encourage them to work in an environmentally responsible manner and
  • Train, educate and inform our employees about environmental issues that may affect their work
  • Communicate our environmental commitment to clients, customers and the public and encourage them to support it
  • Where required by legislation or where significant health, safety or environmental hazards exist, develop and maintain appropriate emergency and spill response programs

INDIGO IT Azure Cloud Usage

Emissions Savings through Microsoft Azure Cloud 2021

Carbon Report 2021

Our Carbon report for 2021 showed a carbon footprint of 82.5 tons for the year, Although INDIGO has been working hard to reduce its Carbon Footprint this is the first year of formal measuring our carbon footprint using a Carbon report. As you can see, we already have a much better footprint per employee than most UK businesses in our field but INDIGO is committed to further reducing this and achieving a carbon-neutral Footprint by 2025

INDIGO IT 5 years to carbon-neutral Targets

2021 = 8.3 tonnes of C02 per employee

2022 = 7.0 tonnes of Co2 per employee (Target)

2023 = 5.5 tonnes of Co2 per employee (Target)

2024 = 3.0 tonnes of Co2 per employee (Target)

2025 = 1.5 tonnes of Co2 per employee (Target)

How will we achieve our Carbon targets?

INDIGO aim to cut our carbon output not just offset our footprint by using electric vehicles to this end in 2022 we have launched the Company Car scheme this year with only Electric Vehicles available

INDIGO now offer homeworking to all mid to senior-level employees

INDIGO has created several new tools and processes including but not limited to INDIGO AI in order to proactively remotely support staff before they have a critical system failure and reduce the need for onsite support.

INDIGO is migrating all its customers to Cloud-based platforms where we can manage there the whole infrastructure remotely without the need for onsite system access. This reduces the need to travel to the site

INDIGO is offering Training by teams instead of locally to reduce the need for staff and trainers to travel

INDIGO is also prepared to use Carbon offsetting services and tree planting to offset and remaining carbon footprint after all the above measures have been maximized

The full report is available at www.indigoit.co.uk/INDIGO-IT-Carbon-Footprint-Report-2021

Effective Date: January 1, 2021


Modified 25/04/2022 Operations Director

Mathew Elson

Email: matt.elson@indigo-it.com

Anti-slavery and human trafficking policy

It’s everyone’s responsibility to look out for the signs of exploitation. Concerns can arise through our own observations or through our customers reporting concerns about others in the communities we operate. INDIGO IT has a policy in place, Safeguarding and Vulnerable People Policy, within which we set out the process we will follow to alert the appropriate authority to potential criminal/exploitative behaviour.

Staff members should consider carefully for example when tender prices seem too low compared to other bidders. This could indicate staff working for the contractor are being underpaid. Other concerns might be when contractors seem to have a transient workforce which could imply poor employment terms or trafficking of some kind, or it could be the physical appearance of workers, looking scruffy, malnourished and/or showing signs of injuries or other forms of abuse. These examples won’t always mean people are being exploited but unless we set out to assurance ourselves this isn’t the case we won’t know.

The HR Team will ensure as part of our onboarding process that anyone joining INDIGO can provide the documentation necessary to prove they have the right to work in UK. In addition, the team will ensure our working arrangements are fully aligned to current UK legislation and best practice including The Working Time Regulations and Nation Living and Minimum Wage standards.

Act now – don’t wait

The prevention, detection and reporting of modern slavery in any part of our business or supply chain is the responsibility of us all. Staff will be expected to avoid any activity that might lead to, or suggest, a breach of this policy.

Should you believe or suspect that a conflict with this policy has or will take place, you must act by contacting any INDIGO IT Director or your line manager as soon as possible.

You are encouraged to raise concerns about any issue or suspicion of modern slavery in any part of our business or supply chain of any supplier tier at the earliest possible stage.

If you are unsure about whether a particular act, the treatment of workers more generally, or their working conditions within any tier of our supply chains constitutes any of the various forms of modern slavery, raise it with your line manager or the Governance Team.

INDIGO values being Open and will support anyone who raises genuine concerns in good faith under this policy, even if they turn out to be mistaken. We are committed to ensuring no one suffers any detrimental treatment as a result of reporting in good faith their suspicion that modern slavery of whatever form is or may be taking place in any part of our own business or in any of our supply chain.

The consequence of getting it wrong

We want to feel proud of everything we do ourselves and through our suppliers, therefore the consequence of breaching this policy has the potential to be severe.

Any member of staff who breaches this policy will face disciplinary action, which could result in dismissal for misconduct or gross misconduct. We may terminate our relationship with other individuals and organisations working on our behalf if they breach this policy.

Other Related Policies and Guidance

This policy links to other policies INDIGO has in place, including but not limited to:

  • Whistleblowing
  • Code of Conduct
  • Equality and Diversity Policy
  • Disciplinary Policy
  • Recruitment Policy
  • Procurement Framework
  • Safeguarding and Vulnerable People Policy

As a business, we try hard to keep all these related policies aligned with each other. If you do spot any inconsistency, please do contact the Author at your earliest opportunity and make your concerns known. Your support to keep information clear and consistent will always be welcomed.

Policy Approval

As this policy is a core component of how INDIGO manages its business the document will be evaluated by the INDIGO IT Board Management Team and the INDIGO Working Group.

Support and Further Guidance

This policy has been drafted with input from staff across INDIGO IT. If you have any concerns on how to interpret or follow its requirements, it’s your responsibility to make your concerns known to your manager or a director.


Each INDIGO IT team member has a responsibility to work in a way that’s consistent with the expectations set out in the documents and its implied intent. Should you witness or become aware of anyone consciously or unconsciously not following this policy you must alert your line manager or member of the leadership team as soon as is reasonably practical.

INDIGO IT LTD respects your privacy. This Privacy Policy covers INDIGO’s practices for the INDIGO IT websites or mobile applications (“Sites”) that link to this Policy as well as to the products, services and web-based applications provided by INDIGO IT (our “Products”). This Policy, including the following individual Privacy Notices that may be presented at the time and/or in the context in which INDIGO collects certain Personal Data, describes our privacy practices. These individual Privacy Notices supplement and are incorporated into this Privacy Policy to describe in more detail the Personal Data collected, its purposes and our practices concerning certain business functions

Privacy Requests and Marketing Preferences

If you would like to submit an individual privacy request as or on behalf of an individual, please click contact us and email at the address available.

If you would like to opt-out of receiving general marketing communications from us in the future or to update your communication preferences, by clicking the link at the bottom of the email or social post. 

Please note that you may not opt-out of receiving communications from us related to your use, support or payment for our Products.

What is Personal Data

Personal Data is information relating to identified or identifiable individuals (including individual representatives of companies, such as employees or administrators). INDIGO collects Personal Data to market, sell, provision, manage and support our Products and to run our business. INDIGO, Inc. is the controller of such Personal Data, and unless otherwise noted, the remainder of this Privacy Policy applies to INDIGO’s collection and use of Personal Data for which we are a controller.

INDIGO also processes Personal Data we receive in our role as a service provider for our customers who use our Products. We are a processor of such Personal Data that is submitted to us by our customers who are authorized to do so by the controllers of such data or who are the controllers of such data. If you would like to inquire about or exercise any rights you may have concerning data that is provided to us in our capacity as a processor, you should reach out to that INDIGO customer directly. We are not responsible for the privacy or data security practices of our customers, which may differ from those outlined in this Privacy Policy.

Information that does not and cannot be used to directly or indirectly identify an individual is not Personal Data. This can be aggregated information about a group or category of data or data that has been de-identified so that it cannot be attributed to any individual. We may use and share such information to improve our Sites and our products, develop new products, understand and/or analyse usage, demand, and general industry trends, develop and publish white papers, reports, and generally for any purpose related to our business. Our practices described in this Privacy Policy do not apply to nor restrict our collection and use of such data.

When and for what purposes do we collect Personal Data

INDIGO collects Personal Data when someone visits our Sites, fills out a form or provides information on our Sites or websites hosted on our behalf, submits an email or other inquiry to us, communicates with us in person, by phone or by email, enters a contest, visits our offices, applies for employment, posts on one of our community forums, provides feedback, registers for or attends an INDIGO event or webinar, purchases or uses a Product, registers for or logs on to one of the product management portals that are restricted to registered users, or requests support for a Product.

We use Personal Data to fulfil the purpose for which the data is collected, such as to provide a requested product demonstration, manage an event or product registrations, or process billing for our Products. We also use Personal Data we collect to maintain the security of Sites and Products and to run and manage our business.

Please consult our Privacy Notices for more details about the types of Personal Data we collect for certain business functions, when it is collected and the purposes for which it is collected.

How does INDIGO Collect Personal Data?

We collect Personal Data from several categories of sources.

We collect Personal Data that you give us directly such as when you fill out a form, sign in as a visitor to our office, apply for employment, purchase a Product, register for an event or otherwise communicate with us.

We collect Personal Data from other sources such as public databases, third party providers of business contact information, third party websites that we make available to you, recruitment services, social media sites, and public websites.

We also use information-gathering tools such as cookies and similar technologies that automatically collect information that may contain Personal Data from your computer or mobile device when you use our Products, visit our Sites or interact with emails from us.

How we may share Personal Data

INDIGO may share Personal Data in the following circumstances:

to and among corporate subsidiaries and affiliates for the purposes described and consistent with the practices in this Policy;

to vendors, consultants or other service provider companies that provide services that help us with our business activities such as processing Customer payments, customer relationship management services, marketing, data analytics, security and enterprise resource planning. These companies are authorized to use Personal Data only as necessary to provide these services to us;

with other companies whose products or services we think may be of interest to you in joint marketing and support efforts. We will obtain your consent where required for such joint marketing efforts.

INDIGO may also disclose such Personal Data to a third party in the following limited circumstances:

as needed to enforce INDIGO’s Terms of Use, policies and any other contractual relationships with our customers;

when we have a good faith belief that the disclosure is necessary to prevent or respond to fraud, defend our Sites or Products against possible attacks, or protect the property and safety of INDIGO, our Customers or the public;

as required by law, such as to comply with a subpoena, warrant, regulatory oversight or similar legal process;

in connection with any potential sale, transfer, merger, consolidation or other transaction involving all or part of our company or its subsidiaries and affiliates.

Please consult our Privacy Notices for more details about the types of Personal Data we may share, the purposes for sharing it, and the categories of recipients.

International Transfers of Personal Information

We may transfer Personal Data to countries other than the country in which the information was originally collected. Those countries may not have the same data protection laws as the country in which the information was initially provided. When we transfer Personal Data to other countries, we will protect that Personal Data as described in this Privacy Policy.

Datto validates transfers of Personal Data, for which INDIGO is a controller, from the European Economic Area, Switzerland and the United Kingdom to the U.S. and areas other than the U.S. through the use of the European Commission Standard Contractual Clauses.

INDIGO’s Commitment to Securing Personal Data

INDIGO is committed to protecting all Personal Data we collect and use. To that end, we have implemented physical, administrative and technical safeguards to help us protect Personal Data under INDIGO’s control from unauthorized access, use and disclosure.

However, no system of electronic data collection, storage and retrieval can be made entirely impenetrable and by continuing to use our Sites and Products you acknowledge and accept that despite the security measures we employ, we do not guarantee that our Sites, Products and procedures are invulnerable to all security breaches or immune from viruses, security threats or other risks.

External Links/Third Party Websites

Datto’s Sites may provide links to and be accessed via links from third-party websites, including social media websites, whose privacy policies differ from those of INDIGO. Even if the third party is affiliated with INDIGO through a business partnership or otherwise, INDIGO is not responsible for the content, privacy policies, or practices of such third parties. We encourage you to review carefully the privacy policy of any website you visit.


Our Sites and Products are not for minors, and we do not knowingly attempt to solicit or receive any information from children. However, if a child under 18 provides INDIGO with Personal Data, the parent or guardian should contact INDIGO immediately by submitting a privacy request to info@indigo-it.com so we can delete such information.

GDPR / European Privacy

This European Privacy Notice supplements the information contained in the INDIGO IT

o Privacy Policy, the United Kingdom, you have the right to obtain information concerning your Personal Data. This includes the right to know whether or not we process personal data concerning you and, if this is the case, to access your data. In certain cases, you may request rectification, erasure or restriction of the processing of your data. Further, in certain cases, you also have a right to object to the processing of personal data and the right to data portability.

Legal Basis for processing your information

We collect and use the personal data described above in order to provide you with the Sites and Products reliably and securely. We also collect and use personal data for our legitimate business needs. To the extent we process your data for other purposes, we ask for your consent in advance or require that others acting on our behalf obtain such consent.

If the processing of your personal data is based on legitimate interests, you have the right to object to the processing on grounds relating to your particular situation or to the fact that the data are processed for direct marketing purposes. In the latter case, you have a general right to object.

If the processing of your personal data is based on your consent, you are entitled to withdraw your consent at any time. Please bear in mind that such withdrawal of consent only has future effects. It does not render invalid nor illegal the processing based on consent before it is withdrawn.

Please consult our Privacy Notices for more details about the types of Personal Data we may collect, the legal bases for our processing, and our privacy practices for individual business functions.

Profiling and Automated Decision-making

INDIGO combines Personal Data we collect to help us determine what products and services might be of interest to an individual and when that individual might be ready to make a purchase based on repeated interaction with INDIGO or its Sites. INDIGO personnel are involved in this process and no automated decisions are made that would result in legal effects or significantly affect an individual.

If you would like to request concerning your rights, please contact us at info@indigo-it.com

You also have the right to lodge a complaint with the competent supervisory authority. A list of the competent supervisory authority can be accessed at Data Protection Authorities – European Commission.

If you would like to inquire about or exercise any rights you may have concerning your Personal Data for which we are a processor that has been submitted to us through an INDIGO customer, you should reach out to that customer directly.

Controller and Controller’s Representative in the EU

Concerning data processing activities of Personal Data which are subject to the GDPR, INDIGO IT LTD 

Updates to our Privacy Policy

We may update this Privacy Policy from time to time. Please consult the “Effective Date” below to see when the Policy has been most recently updated. We encourage you to check this Policy frequently to see updates that may affect how your information may be used.

Effective Date: August 2, 2021

INDIGO IT Privacy Policy