Privacy Policy

How we collect, use, store, share and protect personal data

Last Updated: 15th June 2026

1. Introduction

Stembridge IT Ltd ("Stembridge", "we", "our", or "us") is committed to protecting and respecting your privacy.

This Privacy Notice explains how we collect, use, store, share and protect personal data when you:

  • Visit our website (https://www.stembridgeit.com/ )
  • Contact us by telephone, email, web form or other means
  • Purchase or enquire about our services
  • Receive marketing communications from us
  • Use services we provide; or
  • Otherwise interact with us

We process personal data in accordance with:

  • The UK General Data Protection Regulation (UK GDPR)
  • The Data Protection Act 2018
  • The Privacy and Electronic Communications Regulations (PECR); and
  • The Data (Use and Access) Act 2025 and related UK data protection legislation

2. Data Controller

Stembridge IT Ltd is the data controller for the personal data covered by this Privacy Notice.

Contact Details

Stembridge IT Ltd
London, United Kingdom

Telephone: +44 20 3743 7663
Email: info@stembridgeit.com

For any privacy-related enquiries, data protection requests or complaints, please contact us using the details in section 13.

3. Personal Data We Collect

Depending on how you interact with us, we may collect:

Identity Data

  • Name
  • Job title
  • Employer or organisation
  • Username or account identifiers

Contact Data

  • Email address
  • Telephone number
  • Business address
  • Correspondence details

Technical Data

  • IP address
  • Device identifiers
  • Browser type and version
  • Operating system
  • Website usage information
  • Cookie identifiers

Service Data

  • Support tickets
  • Service requests
  • System logs
  • Audit records
  • User account information
  • Security and authentication data

Marketing and Communications Data

  • Marketing preferences
  • Subscription information
  • Event registrations
  • Survey responses

Business and Contractual Data

  • Customer records
  • Supplier information
  • Contract details
  • Billing and payment information

We do not intentionally collect special category personal data unless required to deliver services or comply with legal obligations.

4. How We Collect Personal Data

We collect personal data:

  • Directly from you
  • Through our website and contact forms
  • Through communications with you
  • Through customer onboarding processes
  • From publicly available business sources
  • From referrals and business partners
  • Through cookies and similar technologies; and
  • Through the use of our managed IT and support services

5. Lawful Bases for Processing

We process personal data under one or more of the following lawful bases:

Contract

Where processing is necessary to:

  • Provide services
  • Deliver support
  • Manage customer relationships; or
  • Fulfil contractual obligations

Legitimate Interests

Where processing is necessary for:

  • Business administration
  • Customer relationship management
  • Service improvement
  • Cybersecurity and fraud prevention
  • Network and information security
  • Business development; and
  • Responding to enquiries

We ensure our legitimate interests do not override your rights and freedoms.

Legal Obligation

Where we are required to process personal data to comply with:

  • Tax and accounting obligations
  • Regulatory requirements
  • Law enforcement requests
  • Court orders; or
  • Other legal obligations

Consent

Where required by law, including for certain marketing communications and non-essential cookies.

You may withdraw consent at any time.

6. How We Use Personal Data

We use personal data to:

  • Respond to enquiries
  • Provide managed IT services
  • Deliver support and maintenance
  • Monitor and secure systems
  • Manage customer accounts
  • Process payments and contracts
  • Improve our services
  • Conduct business analytics
  • Send service-related communications
  • Send marketing communications where permitted
  • Meet legal and regulatory obligations; and
  • Protect our business, customers and systems from security threats

6.1 Clients with a Support Plan

To provide you with the support and assistance you are entitled to under your support plan we may record and store information including usernames and passwords you use for access to third party IT related services. We do this for the sole purposes of providing you with assistance in using these services and in configuring and resolving issues with them. We will, at your request, refrain from storing or using this information on the understanding that we will no longer be able to provide you with assistance without your direct intervention.

6.2 Clients with Cloud Services

Stembridge cloud services including but not limited to Stembridge Monitored Antivirus (EDR) and Stembridge Hybrid File Storage / Sync utilise small applications that run on your computers and / or other devices and send data to the servers of Stembridge's suppliers. It may be transferred to and stored at a location outside of the UK/EEA with adequate protection for such data transfers in accordance with European data protection legislation. By agreeing to engage our services you consent to this data transferal.

This data will only be used for the following purposes:

  • To administer, operate, maintain and improve the products and services
  • To provide you with information, newsletters and products or services that you request from us
  • To notify you about any changes or provide you with support
  • To allow you to purchase and download products and participate in interactive features of our services, when you choose to do so
  • For billing and accounting purposes
  • For internal purposes such as performing research and analysis and to provide anonymous reporting internally or externally
  • To prevent or take action against activities that are or may be in violation of the product end-user license agreement, the website Terms of Use or applicable law

If your data is to be used for any other purpose, we will disclose this to you at the point we request your information.

7. Automated Decision-Making and Profiling

We do not make decisions that produce legal or similarly significant effects solely through automated processing.

Where we use analytics, AI-assisted tools or automated systems to improve efficiency, these do not replace human decision-making regarding individuals.

8. Artificial Intelligence and Emerging Technologies

As an IT services provider, we may use AI-enabled technologies to support service delivery, cybersecurity monitoring, productivity, customer support and operational efficiency.

Where AI systems process personal data, we ensure appropriate safeguards are in place and comply with applicable UK data protection laws and the EU AI Act.

We do not use personal data for AI model training unless there is a lawful basis to do so.

9. Sharing Personal Data

We may share personal data with:

Service Providers

Including providers of:

  • Cloud hosting
  • Email systems
  • Security services
  • CRM systems
  • Helpdesk and support platforms
  • Communications services
  • Professional advisers; and
  • Business software

Business Partners

Where required to provide requested services.

Professional Advisers

Including lawyers, accountants, insurers and auditors.

Regulatory Authorities

Where required by law or regulation.

Corporate Transactions

In connection with mergers, acquisitions, restructures or business transfers.

All third parties are required to protect personal data and only process it in accordance with our instructions or applicable law.

We do not sell personal data.

10. International Transfers

Some suppliers may process personal data outside the United Kingdom.

Where personal data is transferred internationally, we ensure appropriate safeguards are in place, including:

  • UK International Data Transfer Agreements (IDTAs)
  • UK Addenda to Standard Contractual Clauses
  • Adequacy regulations; or
  • Other lawful transfer mechanisms

11. Data Retention

We retain personal data only for as long as necessary for the purposes for which it was collected.

Typical retention periods include:

CategoryTypical retention
EnquiriesUp to 24 months
Customer recordsDuration of contract plus 7 years
Financial records6 years plus current year
Marketing recordsUntil consent withdrawn or objection received
Support ticketsUp to 7 years
Security logsUp to 24 months unless required longer

Retention periods may be extended where required by law, regulation, litigation or legitimate business needs.

12. Security

We implement appropriate technical and organisational measures to protect personal data, including:

  • Access controls
  • Encryption where appropriate
  • Security monitoring
  • Staff training
  • Secure backup procedures
  • Vulnerability management; and
  • Incident response processes

No method of transmission or storage is completely secure, but we take reasonable steps to protect personal data against unauthorised access, loss, misuse or disclosure.

13. Right to Complain

If you have concerns about how Stembridge IT Ltd processes your personal data, you have the right to make a complaint directly to us.

You can make a complaint by:

Refer to our Data Handling Complaints Process for more information.

Note – If you remain dissatisfied after we have responded to your complaint, you have the right to complain to the Information Commissioner’s Office (ICO).

Website: www.ico.org.uk

Telephone: 0303 123 1113.

14. Your Other Rights

Under UK data protection law, you additionally have the right to:

  • Access your personal data
  • Correct inaccurate data
  • Request erasure of personal data
  • Restrict processing
  • Object to processing
  • Receive personal data in a portable format
  • Withdraw consent; and
  • Challenge certain automated processing activities

To exercise your rights, contact us using the details in Section 13.

We may request proof of identity before responding.

15. Direct Marketing

We may send marketing communications where:

  • You have consented; or
  • We are permitted to do so under applicable law

You can opt out at any time by:

  • Clicking the unsubscribe link in emails
  • Contacting us directly; or
  • Updating your communication preferences

16. Cookies and Similar Technologies

Our website uses cookies and similar technologies.

These may include:

  • Strictly necessary cookies
  • Analytics cookies
  • Functionality cookies; and
  • Marketing cookies

Where required by law, we obtain consent before placing non-essential cookies on your device.

Further information is available in our Cookie Policy.

17. Children

Our services and website are intended primarily for businesses.

We do not knowingly collect personal data from children under 13 without appropriate lawful grounds and parental involvement where required.

If you believe a child has provided personal data to us improperly, please contact us.

18. Changes to This Privacy Notice

We may update this Privacy Notice from time to time.

Any changes will be published on this page together with an updated revision date.

We encourage you to review this Privacy Notice periodically.