Powdertech Bicester Ltd

Privacy Policy

Powdertech Bicester Ltd Privacy Policy

Effective Date: August 7th, 2025
Next Review Date: August 7th, 2026

The terms "we", "us", and "our" refer to Powdertech Bicester Ltd, trading as Powdertech Surface Science (PSS).

1. Introduction

At Powdertech Surface Science, we are committed to protecting the privacy and security of personal data. This privacy policy outlines how we collect, store, use, and protect personal information in compliance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

2. Principles

We adhere to the following principles:

• Personal data is processed lawfully, fairly, and transparently.

• Data is collected only for specified, explicit, and legitimate purposes.

• We only collect data necessary for business purposes.

• Personal data is kept accurate and up-to-date.

• Data is stored securely and retained only as long as necessary.

3. Legal Basis for Processing

We process personal data based on the following lawful grounds:

• Contractual necessity: to fulfil contracts and quotations.

• Legal obligation: for employment and financial recordkeeping.

• Legitimate interests: in communicating with clients and prospects in a B2B context.

• Consent: for marketing emails where required.

4. Data We Collect

We may collect and process the following categories of personal data:

• Business contact information (name, company, email, phone number)

• Employment information (home address, next of kin, contact details)

• Transactional data (quotes, purchase/sales orders, project records)

• Marketing interactions (email interactions, opt-in preferences)

We do not collect or process special category data unless legally required.

5. How We Collect Data

• Direct enquiries via website, phone or email

• Commercial transactions and quotations

• Employee onboarding

We do not buy marketing lists or collect data from third-party advertisers.

6. Data Storage and Security

• Emails are hosted by a third-party provider with encryption and dual-location secure storage.

• Local business data is stored on a secure on-premise server, with no remote access.

• Backups are taken daily and stored securely off-site.

• Server protected by firewall, antivirus software, and UPS.

• Computer access is password-protected with quarterly password updates.

We regularly review our security practices in conjunction with our IT service provider.

7. Third-Party Processors

We use trusted third-party services who are compliant with UK GDPR, including:

• Transpond (email marketing): Transpond Privacy Policy

• Sage (accounting)

• Capsule CRM (sales/contact management)

Data Processing Agreements (DPAs) are in place with all providers.

8. Marketing Communications

We may send occasional email newsletters ("e-shots") using Transpond. You will receive these only if:

• You are an existing customer or enquirer (under PECR soft opt-in), or

• You have explicitly opted in.

You can unsubscribe at any time by using the link in our emails. Unsubscribed contacts are marked "opt-out" and no longer contacted for marketing.

9. Cookie and Tracking Policy

Our website may use cookies for basic functionality and analytics. We do not use Google Analytics. Lead Forensics may identify company names from fixed IP addresses. No personal data is collected via cookies.

A cookie banner allows you to manage your preferences in accordance with PECR and UK GDPR.

10. Data Retention

We retain data only as long as necessary:

• Financial records: 7 years (legal obligation)

• Project records/product guarantees: up to 40 years

• Marketing/contact data: Until opt-out or 2 years of inactivity

• Employee data: As required under employment law

11. Your Rights

You have the following rights regarding your personal data:

• Right to access

• Right to rectification

• Right to erasure ("right to be forgotten")

• Right to restrict processing

• Right to object

• Right to data portability

To exercise any of these rights, contact us using the details below.

12. Data Breaches

In the event of a data breach likely to result in a risk to individuals, we will:

• Notify the Information Commissioner's Office (ICO) within 72 hours

• Inform affected individuals when required

13. External Links

Our website may contain links to third-party websites. We are not responsible for their content or privacy practices.

14. Contact Us

To ask questions, exercise your rights, or make a complaint, contact:

Data Protection Contact
Powdertech Surface Science
sales@powdertech.co.uk
(+44) 01869 248 218

15. ICO Registration

Powdertech Bicester Ltd is registered with the Information Commissioner’s Office (ICO) under registration number [Insert ICO Number].

Last reviewed: August 7th, 2025