Legal

Privacy Policy

This policy explains how Expectech Ltd collects, uses, stores, and protects your personal data in accordance with UK GDPR and the Data Protection Act 2018.

📅 Effective Date: 21 November 2023 🔄 Last Updated: March 2025 🏢 Expectech Ltd — SC790037

1 Who We Are

Expectech Ltd is a company registered in Scotland (Company No. SC790037), with our registered office at 11 Tulip Drive, Glasgow, G77 6FT. We provide IT services and consultancy to businesses across Scotland and the United Kingdom.

For the purposes of the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018, Expectech Ltd is the Data Controller of your personal data.

📧 Data Controller Contact: expectechltd@gmail.com  |  📞 07886 896617

2 What Data We Collect

We may collect and process the following personal data:

  • Identity Data — first name, last name
  • Contact Data — email address, telephone number, business address
  • Enquiry Data — the content of messages you send us via our contact form
  • Technical Data — IP address, browser type, and pages visited (if analytics are enabled in future)
  • Communications Data — your preferences for receiving marketing and communications from us

We do not collect any special category data (such as health, racial origin, or financial data) unless explicitly required and agreed for a specific service engagement.

3 How We Collect Your Data

We collect personal data through the following means:

  • Contact forms on our website — when you submit an enquiry
  • Direct communications — emails, phone calls, or in-person meetings
  • Business relationships — when you become a client or supplier of Expectech Ltd
  • Referrals — when another party refers you to us with your knowledge and consent

4 Why We Use Your Data (Legal Basis)

We only process your personal data where we have a lawful basis to do so under UK GDPR:

  • Contractual necessity — to fulfil a contract with you or take steps at your request prior to entering a contract
  • Legitimate interests — to respond to enquiries, manage our business, and improve our services, where your interests and rights are not overridden
  • Legal obligation — to comply with legal or regulatory requirements
  • Consent — where you have given us explicit consent, such as for marketing communications (you may withdraw consent at any time)

5 How We Use Your Data

We use your personal data for the following purposes:

  • To respond to your enquiries and provide the IT services you have requested
  • To manage our client and supplier relationships
  • To send service updates, invoices, and relevant communications
  • To comply with legal and regulatory obligations
  • To improve our website and service delivery
  • To send marketing communications where you have consented to receive them

6 Data Sharing & Third Parties

We do not sell your personal data to third parties. We may share your data with trusted third-party service providers solely to operate our business and deliver our services:

  • Formspree Inc. — our contact form processor (subject to their own privacy policy)
  • Google LLC — for email communication via Gmail (subject to Google's privacy policy)
  • Professional advisers — including lawyers, accountants, and auditors where legally required
  • HMRC and regulatory bodies — where required by law

All third-party processors are required to handle your data securely and in accordance with applicable data protection laws.

7 Data Retention

We retain your personal data only for as long as necessary to fulfil the purpose for which it was collected, or as required by law:

  • Enquiry data — up to 12 months if no contract is formed
  • Client data — for the duration of the contract plus 6 years (in line with the Limitation Act 1980)
  • Financial records — 6 years as required by HMRC

When data is no longer required, it is securely deleted or anonymised.

8 Your Rights Under UK GDPR

You have the following rights regarding your personal data:

  • Right of access — to request a copy of the personal data we hold about you
  • Right to rectification — to request correction of inaccurate or incomplete data
  • Right to erasure — to request deletion of your personal data in certain circumstances
  • Right to restrict processing — to request we limit how we use your data
  • Right to data portability — to receive your data in a structured, machine-readable format
  • Right to object — to object to processing based on legitimate interests or for direct marketing
  • Right to withdraw consent — at any time where processing is based on consent

To exercise any of these rights, please contact us at expectechltd@gmail.com. We will respond within 30 days.

9 Data Security

We take the security of your personal data seriously and implement appropriate technical and organisational measures to protect it against unauthorised access, accidental loss, destruction, or damage. These measures include encrypted communications, access controls, and regular security reviews.

However, no method of transmission over the internet is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

10 International Transfers

Some of our third-party service providers may process data outside the UK. Where this occurs, we ensure appropriate safeguards are in place, such as standard contractual clauses approved by the UK Information Commissioner's Office (ICO), to protect your data to an equivalent standard.

11 Complaints

If you are unhappy with how we handle your personal data, please contact us first at expectechltd@gmail.com and we will do our best to resolve the matter.

You also have the right to lodge a complaint with the UK's data protection authority:

Information Commissioner's Office (ICO)
Website: ico.org.uk