Your data, your rights, our promises

1. Who we are

This policy applies to Aspire IT Services Ltd ("Aspire", "we", "us", "our"), the data controller responsible for your personal data.

• Registered address: 50 Invar Road, Swinton, Salford, Manchester M27 9HF
• Registered in England and Wales
• ICO registration number: Z2152237
• Privacy contact: use our privacy contact form for any data-protection or privacy queries
• General contact: contact form · 0161 8 505 505

We process personal data under UK GDPR (the United Kingdom General Data Protection Regulation, as amended), the Data Protection Act 2018, and the Privacy and Electronic Communications Regulations (PECR).

2. What information we collect

We collect three categories of personal data:

2.1 — Information you give us

When you contact us, request a quote, fill in a form, book a demo, sign up for a trade account, register for our newsletter, or buy something from us, you give us things like:

• Name, business email, phone number, company name and job role;
• Any details you choose to include in the message or enquiry;
• Billing and delivery information (for hardware purchases);
• Marketing preferences and consent choices.

2.2 — Information we collect automatically

When you visit our website or use our services, we automatically collect technical and usage data, including:

• IP address, approximate geographic location (country/region only), browser type, language and device type;
• Pages visited, time on page, referring URL, search terms used on our site;
• Cookie identifiers and similar tokens (see Cookies);
• Form-submission metadata (so we can spot abuse and improve the forms).

For customers we support, we also collect technical data about the IT systems you've asked us to manage — only what we need to keep your environment running.

2.3 — Information from third parties

We may receive information about you from:

• Companies House and credit-reference agencies (for trade-account credit decisions);
• Referrals and partners who recommend us to you;
• Publicly-available business directories (e.g. LinkedIn) for B2B outreach where you've made information public.

3. Why we use your data — and our lawful basis

UK GDPR requires us to identify a lawful basis under Article 6 for each thing we do with your personal data. Here's what we do, why, and the basis:

4. Cookies and similar technologies

Cookies are small text files stored on your device that help websites work properly. Some are essential — others (like analytics) are optional and need your consent under PECR.

4.1 — Categories we use

• Strictly necessary — site navigation, form submission, security. Always on.
• Analytics — how visitors use the site. Set only with consent.
• Functional — widgets, embeds (3CX, Sendmarc, Shopify, YouTube). Some set on user interaction only.

4.2 — Cookies currently used on this site

You can control cookies through:

• Our cookie banner (shown on first visit);
• Your browser settings (most browsers let you block or delete cookies);
• Tools like the Google Analytics Opt-Out add-on.

5. Third parties and sub-processors

We use a small number of trusted suppliers to deliver our website and services. Where these involve processing personal data on our behalf, they are bound by data-processing agreements:

We do not sell your personal data, and we do not share it with third parties for their own marketing purposes.

6. International data transfers

Some of our suppliers (above) are based outside the UK. Where personal data is transferred outside the UK, we make sure it's protected by one of the following safeguards required by Articles 44–49 of UK GDPR:

• A UK adequacy decision (for example, the EEA, Canada);
• The UK-US Data Bridge (for self-certified US providers);
• The UK International Data Transfer Agreement (IDTA) or the UK Addendum to the EU Standard Contractual Clauses (SCCs);
• Other UK-government-approved safeguards.

7. How long we keep your data

We only keep your personal data for as long as we need it for the purposes we collected it. As a guide:

• Website enquiry / form submission — up to 24 months from your last contact, then deleted or anonymised;
• Customer account & service records — for the lifetime of your account, plus 6 years to comply with HMRC and accounting rules;
• Marketing preferences — until you withdraw consent or 3 years of no engagement, whichever is sooner;
• Server & application logs — up to 12 months for security and troubleshooting;
• Backups — up to 90 days, then overwritten.

We may need to retain some data for longer if required by law, a regulator, or to defend a legal claim.

8. Your rights under UK GDPR

You have the following rights in relation to your personal data. Most of them are free to exercise:

8.1 — How to exercise your rights

Submit the privacy contact form below, or write to us at 50 Invar Road, Swinton, Salford, Manchester M27 9HF.

We'll respond within one month. If your request is complex we may extend by a further two months — and we'll always tell you within the first month if we need to. We may ask you to verify your identity before we share or change personal data.

8.2 — Complaints to the ICO

If you're unhappy with how we've handled your data, we'd like to know — but you also have the right to complain directly to the UK regulator:

• Information Commissioner's Office (ICO)
• Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF
• ico.org.uk · 0303 123 1113

9. Marketing communications

We may send marketing emails about our services where:

• You've opted in (consent), or
• You're an existing customer and we're telling you about similar services (PECR "soft opt-in"), and you can unsubscribe at any time.

Every marketing email contains a one-click unsubscribe link. We will never sell your contact details to third parties for their own marketing.

10. How we keep your data secure

We take security seriously — it's a core part of our day job. Our measures include:

• Encryption in transit (TLS) on the website and all forms;
• Encryption at rest for stored customer data;
• Role-based access controls and multi-factor authentication for staff;
• Regular vulnerability monitoring, patching and penetration testing;
• Cyber Essentials & ISO 9001 accreditations;
• Staff training on data-handling and phishing awareness.

10.1 — Data breach notification

If we ever suffer a personal-data breach that's likely to result in a risk to your rights or freedoms, we will report it to the ICO within 72 hours of becoming aware of it, as required by UK GDPR Article 33 — and to you, where required, without undue delay.

11. Children's data

Our website and services are aimed at businesses and business buyers. We don't knowingly collect personal data from anyone under the age of 16. If you believe a child has provided us with personal data, please contact us and we'll delete it.

12. Links to other websites

Our site may link to other websites (for example, manufacturer documentation, partner sites, our own shop on Shopify). We're not responsible for the privacy practices of those sites — check their own privacy policies before sharing personal information with them.

13. Changes to this policy

We may update this policy from time to time. When we make material changes, we'll update the "Last updated" date at the top and, where appropriate, tell you directly. Continued use of our website after an update means you accept the revised policy.

14. Contact us

To exercise any of your rights, ask a question about this policy, or raise a concern about how we handle your data, please use the privacy contact form below.

You can also write to us by post if you'd prefer:

• Post: Privacy, Aspire IT Services Ltd, 50 Invar Road, Swinton, Salford, Manchester M27 9HF
• Phone: 0161 8 505 505