Privacy Policy

1. Who We Are

Beacon Technology Services Ltd (Company No. 09847231) is the data controller for personal data collected through this website and our services. Our Data Protection Officer can be contacted at dpo@beacontechnologyservices.co.uk. Registered address: Innovation House, Pride Hill, Shrewsbury, SY1 1DQ.

2. Data We Collect

We collect data you provide directly (enquiry forms, email, phone calls), data collected automatically when you visit our website (IP address, browser type, pages visited via cookies and analytics tools), and data provided during service delivery (contact information, user account details, and technical system data necessary to deliver contracted services).

3. How We Use Your Data

We use your data to respond to enquiries, deliver contracted services, send service communications and invoices, improve our website and services, meet legal and regulatory obligations, and — with your explicit consent — send marketing communications about Beacon's products and services.

4. Legal Basis for Processing

We process your data under the following legal bases: Contract (delivering services you have engaged us for), Legitimate Interests (responding to enquiries, improving our services, fraud prevention), Legal Obligation (tax records, GDPR compliance requirements), and Consent (marketing emails — you may withdraw consent at any time by clicking unsubscribe or emailing dpo@beacontechnologyservices.co.uk).

5. Data Retention

Service delivery data is retained for 7 years after contract end in line with HMRC requirements. Website enquiry data is retained for 24 months. Marketing preferences are retained until you withdraw consent. Financial records are retained for 7 years as required by law.

6. Your Rights Under UK GDPR

You have the right to: access your personal data (Subject Access Request), correct inaccurate data, erasure ('right to be forgotten'), restriction of processing, data portability, and the right to object to processing. To exercise any right, contact dpo@beacontechnologyservices.co.uk. You also have the right to lodge a complaint with the Information Commissioner's Office at ico.org.uk. We will respond to all requests within one calendar month.

7. Cookies

Our website uses essential cookies (required for core functionality) and analytics cookies (Google Analytics 4, used to understand how visitors use our site). We do not use advertising or cross-site tracking cookies. You may manage your cookie preferences via the banner displayed on your first visit. Declining analytics cookies will not affect your ability to use the website.

8. Third-Party Sharing

We do not sell, rent, or trade your personal data. We share data only with: our cloud infrastructure providers (Microsoft Azure, hosted in UK data centres), our IT service management platform (ConnectWise Manage, UK instance), and when legally required by HMRC, the police, or court order. All third-party processors are subject to data processing agreements.

9. International Transfers

We do not routinely transfer personal data outside the UK or EEA. Where any transfer is necessary, we ensure appropriate safeguards are in place in accordance with UK GDPR requirements, including Standard Contractual Clauses or adequacy decisions.

10. Security

We hold ISO 27001 and Cyber Essentials Plus certifications. Personal data is encrypted in transit using TLS 1.3 and encrypted at rest. Access is controlled on a least-privilege basis with role-based access controls, and all staff complete annual security awareness training.

11. Changes to This Policy

We may update this policy periodically to reflect changes in our practices or legal requirements. The latest version will always be available at this URL. We will notify current clients of any material changes by email at least 14 days before they take effect. Last updated: 1 October 2025.