Privacy Policy
Last updated: 1st February 2026
Sistemz is committed to protecting your privacy and ensuring that your personal data is handled securely and in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
This Privacy Policy explains how we collect, use, store, and protect your personal information.
1. Who we are
For the purposes of data protection law, Sistemz is the data controller.
2. What personal data we collect
We may collect and process the following types of personal data:
a) Information you provide to us
Name
Email address
Phone number
Business name
Any information you submit via contact forms, email, or bookings
b) Technical data
IP address (anonymised where possible)
Browser type and version
Device and operating system
Pages visited and time spent on our website
c) Client and service data
If you become a client, we may process:
Billing and invoicing information
Service history and support requests
System, device, or network information necessary to provide IT services
3. How we use your data
We use personal data to:
Respond to enquiries and provide information
Deliver IT support and related services
Manage client relationships and contracts
Process payments and invoices
Improve our website and services
Meet legal and regulatory obligations
We only use your data for the purposes for which it was collected.
3.1 Client-Specific Data Processing
When Sistemz provides IT support, consultancy, managed services, or related technical services, we may process personal data on behalf of our clients.
In these circumstances:
The client is the Data Controller
Sistemz acts as a Data Processor, unless otherwise agreed in writing
When Sistemz provides IT support, consultancy, managed services, or related technical services, we may process personal data on behalf of our clients.
In these circumstances:
The client is the Data Controller
Sistemz acts as a Data Processor, unless otherwise agreed in writing
3.2. Types of data we may process
Depending on the services provided, we may process:
Names, email addresses, and contact details of client staff or users
Login credentials (where required for support purposes)
Device, system, network, and configuration information
Email metadata and business communications
Backup data and system logs
Any personal data stored within client systems that we are authorised to access
We only access data that is strictly necessary to deliver the agreed services.
Depending on the services provided, we may process:
Names, email addresses, and contact details of client staff or users
Login credentials (where required for support purposes)
Device, system, network, and configuration information
Email metadata and business communications
Backup data and system logs
Any personal data stored within client systems that we are authorised to access
We only access data that is strictly necessary to deliver the agreed services.
3.3. Purpose of processing
Client data is processed solely for the purpose of:
Providing IT support and troubleshooting
System maintenance, monitoring, and optimisation
Backup, recovery, and disaster recovery services
Cybersecurity, threat detection, and incident response
Fulfilling contractual obligations
We do not use client data for any other purpose.
Client data is processed solely for the purpose of:
Providing IT support and troubleshooting
System maintenance, monitoring, and optimisation
Backup, recovery, and disaster recovery services
Cybersecurity, threat detection, and incident response
Fulfilling contractual obligations
We do not use client data for any other purpose.
3.4. Confidentiality and access controls
Sistemz ensures that:
All data is treated as strictly confidential
Access is limited to authorised personnel only
Staff and contractors are subject to confidentiality obligations
Access is logged and reviewed where applicable
Sistemz ensures that:
All data is treated as strictly confidential
Access is limited to authorised personnel only
Staff and contractors are subject to confidentiality obligations
Access is logged and reviewed where applicable
3.5. Security measures
We implement appropriate technical and organisational measures to protect client data, including:
Secure remote access tools
Encryption in transit and at rest where applicable
Strong authentication controls
Regular system updates and security reviews
We implement appropriate technical and organisational measures to protect client data, including:
Secure remote access tools
Encryption in transit and at rest where applicable
Strong authentication controls
Regular system updates and security reviews
3.6. Sub-processors and third-party tools
To deliver our services, we may use trusted third-party tools and service providers (sub-processors), such as:
Cloud platforms
Backup and security software providers
Remote support and monitoring tools
All sub-processors are assessed for data protection compliance and are only permitted to process data under our instructions.
To deliver our services, we may use trusted third-party tools and service providers (sub-processors), such as:
Cloud platforms
Backup and security software providers
Remote support and monitoring tools
All sub-processors are assessed for data protection compliance and are only permitted to process data under our instructions.
3.7. Data retention and deletion
Client data is retained only for the duration of the service agreement or as required to meet legal or contractual obligations.
Upon termination of services, client data will be securely returned, deleted, or anonymised in line with contractual terms and applicable law.
Client data is retained only for the duration of the service agreement or as required to meet legal or contractual obligations.
Upon termination of services, client data will be securely returned, deleted, or anonymised in line with contractual terms and applicable law.
3.8. Data breaches and incident response
In the event of a personal data breach affecting client data, Sistemz will:
Act promptly to contain and investigate the incident
Notify the client without undue delay
Provide relevant information to assist with regulatory reporting, where required
In the event of a personal data breach affecting client data, Sistemz will:
Act promptly to contain and investigate the incident
Notify the client without undue delay
Provide relevant information to assist with regulatory reporting, where required
3.9. Data Processing Agreements (DPAs)
Where required, Sistemz will enter into a Data Processing Agreement (DPA) with clients, outlining responsibilities, security measures, and compliance obligations in line with UK GDPR.
Where required, Sistemz will enter into a Data Processing Agreement (DPA) with clients, outlining responsibilities, security measures, and compliance obligations in line with UK GDPR.
4. Lawful bases for processing
Under UK GDPR, we rely on the following lawful bases:
Consent – where you have given clear permission (e.g. analytics cookies, marketing contact)
Contract – where processing is necessary to deliver services
Legal obligation – where we are required by law
Legitimate interests – for running and improving our business, where your rights are not overridden
5. Cookies and analytics
Our website uses cookies. Full details are available in our Cookie Policy.
We use Google Analytics to collect anonymous information about how visitors use our website. Analytics cookies are only set with your consent via our cookie banner.
6. Sharing your data
We do not sell your personal data.
We may share your data with trusted third parties where necessary, including:
Hosting and website service providers
Accounting and invoicing providers
IT and security service partners
Legal or regulatory authorities where required by law
All third parties are required to handle your data securely and lawfully.
7. Data security
We take appropriate technical and organisational measures to protect your personal data, including:
Secure systems and access controls
Encryption where appropriate
Limited access to personal data
Regular review of security practices
8. Data retention
We only retain personal data for as long as necessary for the purposes it was collected, including legal, accounting, or reporting requirements.
When data is no longer required, it is securely deleted or anonymised.
9. Your data protection rights
You have the right to:
Access your personal data
Request correction of inaccurate data
Request deletion of your data
Restrict or object to processing
Withdraw consent at any time
Request data portability
To exercise any of these rights, please contact us using the details above.
10. Third-party links
Our website may contain links to third-party websites. We are not responsible for their privacy policies or content.
11. Changes to this Privacy Policy
We may update this Privacy Policy from time to time. Any changes will be published on this page with an updated revision date.
12. Complaints
If you are unhappy with how we handle your personal data, please contact us first so we can try to resolve the issue.
You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO):
