Let's Talk Remote Help Network Status

Privacy Policy

Privacy Policy

Last updated: 6 May 2026
Version: 3.0

System Force IT Ltd (“we”, “us”, “our”) is committed to protecting and respecting your privacy. This Privacy Policy explains how we collect, use, store and disclose personal data when you visit our website at systemforce.co.uk (the “Site”) or otherwise interact with us. We process personal data in accordance with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and the Privacy and Electronic Communications (EC Directive) Regulations 2003 (PECR).

1. Who we are

System Force IT Ltd is a company registered in England and Wales (company number 5750412). Our registered office and main trading address is Units C1 and C2 Brearley Place, Baird Road, Quedgeley, Gloucester, GL2 2GB. Our VAT number is 869 9957 21.

For the purposes of UK data protection law, System Force IT Ltd is the data controller in respect of personal data we collect through this website and through our business activities.

2. How to contact us about your personal data

Our Data Protection Officer is Jez Walton. You can contact us about any aspect of this privacy policy or your personal data using the following details:

  • Email: dpo@systemforce.co.uk
  • Telephone: 01452 701355
  • Post: Data Protection Officer, System Force IT Ltd, Units C1 and C2 Brearley Place, Baird Road, Quedgeley, Gloucester, GL2 2GB

3. What personal data we collect

We may collect and process the following categories of personal data:

  • Contact details you provide via our website forms (name, email address, telephone number, company name, postal address)
  • Enquiry details describing the IT services or information you are interested in
  • Technical data including IP address, browser type and version, device identifiers, operating system, time zone setting, and pages visited (collected automatically via cookies and analytics tools — see Section 9)
  • Communications exchanged with us by email, telephone, online form or in writing
  • Service delivery data if you become a client (relevant business contacts, account configuration details, support ticket history)
  • Marketing preferences including consent to receive electronic marketing

We do not knowingly collect “special category” data (as defined by UK GDPR), data relating to children under 18, or data relating to criminal convictions through our website.

4. How we use your personal data and our lawful basis

We process personal data only where we have a lawful basis to do so. The lawful bases we rely on are:

  • Legitimate interests — to respond to enquiries, provide quotations, manage our supplier and customer relationships, develop our services, and protect the security of our IT systems
  • Performance of a contract — to provide IT services where you are or become a client
  • Consent — for direct electronic marketing and for non-essential cookies
  • Legal obligation — to meet statutory and regulatory requirements (HMRC, accounting, ICO, employment law)

We use your personal data for the following specific purposes: responding to your enquiry; providing the services or quotation you have requested; sending service-related communications; sending marketing communications where you have consented; protecting our website from fraud and abuse; producing aggregate, anonymised analytics; complying with legal obligations.

5. Marketing communications

We send marketing communications only where you have given us your specific, informed consent — typically by ticking an opt-in box, signing up for our newsletter or webinar, or where the “soft opt-in” applies under PECR for similar products to those you have already purchased from us. You can withdraw consent at any time by clicking the unsubscribe link in any marketing email or by emailing dpo@systemforce.co.uk.

6. Who we share your personal data with

We do not sell your personal data. We share personal data only where necessary, and only with categories of recipient including: our cloud and IT service providers (including Microsoft, our website hosting provider, our CRM provider, and our email marketing platform); our professional advisers (accountants, legal counsel, auditors); regulators where legally required (ICO, HMRC); and successors in the event of a sale, transfer or merger of our business.

All third parties processing personal data on our behalf are bound by written data processing agreements that comply with UK GDPR Article 28.

7. International data transfers

Most of our processing takes place within the UK and EEA. Where personal data is transferred outside the UK and EEA (for example, to certain Microsoft services or US-based analytics platforms), we ensure appropriate safeguards are in place — typically through UK adequacy regulations, the UK International Data Transfer Agreement, or the EU Standard Contractual Clauses with the UK Addendum.

8. How long we keep your personal data

We retain personal data for the following periods:

  • Enquiries that do not become clients — up to 24 months from last contact, then deleted
  • Client records — for the duration of our relationship plus 7 years (to meet HMRC and contractual record-keeping requirements)
  • Marketing data — until consent is withdrawn, then deleted within 30 days
  • Website analytics — see cookie retention periods in our cookie banner
  • Communications — typically up to 7 years for business records

9. Cookies and similar technologies

Our website uses cookies and similar technologies. Strictly necessary cookies do not require your consent. All other categories (analytics, performance, marketing) are set only after you provide consent through our cookie banner. You can review and change your cookie preferences at any time using the cookie settings link in the footer of our website.

The principal cookie categories we use are: strictly necessary cookies (session, security, form submission); analytics cookies (Google Analytics 4 — anonymised IP, used to understand site usage); functional cookies (Site Kit, embedded video preferences); and marketing cookies (Google Ads conversion measurement, where consented).

10. Your rights under UK GDPR

You have the following rights in relation to your personal data, which we will always work to uphold:

  • Right of access — to obtain a copy of personal data we hold about you
  • Right to rectification — to have inaccurate or incomplete data corrected
  • Right to erasure (“right to be forgotten”) — to have your data deleted in certain circumstances
  • Right to restriction — to limit our processing of your data
  • Right to data portability — to receive your data in a structured, commonly used format
  • Right to object — including to direct marketing and to processing based on legitimate interests
  • Right to withdraw consent at any time, where consent is the lawful basis
  • Rights relating to automated decision-making — we do not use your personal data for solely automated decisions with legal or similarly significant effects

To exercise any of these rights, please contact dpo@systemforce.co.uk. We will respond within one month of receiving a verifiable request, in line with UK GDPR. There is no fee for most requests, although we may charge a reasonable fee for manifestly unfounded or excessive requests.

11. How to complain

If you have concerns about how we handle your personal data, please contact us first using the details in Section 2 — we will work to resolve any issue. You also have the right to lodge a complaint directly with the Information Commissioner’s Office (ICO) at ico.org.uk, by phone on 0303 123 1113, or by post to Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF.

12. Security of your personal data

System Force IT Ltd is certified to UKAS-accredited ISO/IEC 27001:2022 and to Cyber Essentials. We apply technical and organisational controls including access control, encryption in transit and at rest, network segmentation, multi-factor authentication, audit logging, and structured incident response procedures. Personal data is stored within our certified Information Security Management System (ISMS).

13. Children

Our services are aimed at UK businesses. We do not knowingly market to or collect personal data from children under 18. If you believe we hold personal data about a child under 18, please contact dpo@systemforce.co.uk and we will investigate and delete it where required.

14. Changes to this Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements or other factors. The “Last updated” date at the top of this page indicates when the policy was last reviewed. Material changes will be notified through our website or by email where you have an active relationship with us.

Our separate Terms of Use govern your use of this website. For information about how we deliver our services to clients, please refer to the relevant Master Services Agreement or contract.