Legal
Privacy Policy
CefniTech Solutions Ltd — Company No. 13939951
1. Introduction
This Privacy Policy explains how CefniTech Solutions Ltd (trading as CefniTech) ("we", "our", or "us") collects, uses, stores, and protects personal data. We are committed to safeguarding your privacy and ensuring that personal data is handled in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
CefniTech Solutions Ltd is registered in England and Wales under company number 13939951. Our registered office is:
Suite 3281 Unit 3a,
34 to 35 Hatton Garden,
Holborn,
London,
England,
EC1N 8DX
We provide services including computer repairs, IT support (remote and on-site), managed IT services, cloud solutions, cyber security, and the sale of new and refurbished technology products.
CefniTech Solutions Ltd is the data controller for the personal data covered by this Privacy Policy.
Our Data Protection Lead is Gethyn Jones. You can contact us regarding this Privacy Policy or your personal data via:
Email: hello@cefnitech.co.uk
Phone: 07721 422537
2. Definitions
- Personal Data:Information relating to an identified or identifiable individual.
- Processing:Any operation performed on personal data, including collection, storage, use, disclosure, or deletion.
- Data Controller:The organisation that determines the purposes and means of processing personal data.
- Data Subject:The individual whose personal data is processed.
- UK GDPR:The United Kingdom General Data Protection Regulation.
- Data Breach:A security incident resulting in accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to personal data.
3. Our Approach to Data Protection
We are transparent about how personal data is collected and used. We only process personal data where there is a lawful basis, including:
- •Your consent
- •Performance of a contract or taking steps at your request before entering into a contract
- •Compliance with legal obligations
- •Legitimate business interests, such as service delivery, service improvement, fraud prevention, and record keeping
We regularly review our policies and procedures and take reasonable steps to ensure that personal data is kept accurate, secure, and only retained for as long as necessary.
4. Your Rights
Under the UK GDPR, you have the right to:
- •Be informed about how your personal data is used
- •Access your personal data
- •Request correction of inaccurate or incomplete personal data
- •Request deletion of your personal data where applicable
- •Object to or restrict certain processing
- •Request transfer of your personal data in a portable format where applicable
- •Withdraw consent where processing is based on consent
- •Lodge a complaint with the Information Commissioner's Office (ICO)
5. Data We Process, Purpose, and Retention
5.1 Customers and Clients
We collect only the personal data necessary to provide our services. Where we provide managed IT, cloud backup, or SaaS-related services, we may act either as a data controller for account and billing data, or as a processor in relation to customer content, depending on the nature of the service. We do not access customer content unless necessary to provide support, maintain the service, comply with legal obligations, or where authorised by the customer.
| Data | Purpose | Legal Basis | Retention |
|---|---|---|---|
| Name and contact details | Responding to enquiries, providing support, arranging services, and account management | Contract / Legitimate interest | Up to 6 years after the end of the relationship |
| Billing and payment details | Invoicing, payment processing, and financial record keeping | Contract / Legal obligation | 6 years |
| Device, service, or account information | Diagnostics, repair, support, service delivery, and maintaining service history | Contract / Legitimate interest | Up to 6 years |
| Employee or authorised user contact details | Providing business IT services and authorised access | Contract / Legitimate interest | Until access is removed or no longer required |
| Company details | Service records, administration, and compliance | Contract / Legal obligation / Legitimate interest | 6 years |
5.2 Suppliers and Contractors
| Data | Purpose | Legal Basis | Retention |
|---|---|---|---|
| Contact details | Supplier communication, procurement, and contract administration | Contract / Legitimate interest | Up to 6 years after the relationship ends |
| Company and payment details | Compliance, invoicing, payments, and financial records | Contract / Legal obligation | 6 years |
5.3 Enquiries
| Data | Purpose | Legal Basis | Retention |
|---|---|---|---|
| Name and contact details | Responding to enquiries and discussing potential services | Legitimate interest / Pre-contract steps | Up to 12 months |
| Enquiry details and communications | Responding to enquiries, preparing quotations, and improving services | Legitimate interest / Pre-contract steps | Up to 12 months |
6. Third-Party Data Sharing
We do not sell personal data. We may share limited personal data with trusted third parties where necessary to deliver services, process payments, host systems, provide cloud backups, obtain technical support, comply with legal obligations, or protect our legitimate business interests. Where third parties process personal data on our behalf, we ensure appropriate contractual and security measures are in place.
7. Data Security
- •Encrypted electronic data where appropriate
- •Secure backups with restricted access
- •Password-protected systems and multi-factor authentication where possible
- •Access controls and least-privilege principles
- •Staff awareness and training on security best practices
8. Data Breach Procedure
In the event of a personal data breach, we will investigate promptly, take reasonable steps to contain and remediate the issue, notify affected individuals where required, and report the breach to the ICO within 72 hours where legally necessary.
9. International Data Transfers
Where personal data is transferred outside the UK, we will ensure that appropriate safeguards are in place, such as adequacy regulations, standard contractual clauses, or other lawful transfer mechanisms.
10. Cookies and Website Data
Our website may use essential technical measures and may collect limited usage information such as IP address, browser type, device information, and basic analytics data for security, performance, and service improvement purposes. Where legally required, we will request consent before using non-essential cookies or similar technologies.
11. Updates to This Policy
This Privacy Policy may be updated periodically to reflect changes in legal requirements, business operations, or the way we process personal data. The latest version will always be available on our website.
12. Complaints and Contact
If you have any questions, concerns, or requests relating to this Privacy Policy or your personal data, please contact us. You also have the right to lodge a complaint with the Information Commissioner's Office (ICO).
Email: hello@cefnitech.co.uk
Phone: 07721 422537
ICO Website: ico.org.uk/make-a-complaint
ICO Phone: 0303 123 1113