Privacy Policy
How we collect, use, store, share and protect personal data
Last Updated: 15th June 2026
1. Introduction
Stembridge IT Ltd ("Stembridge", "we", "our", or "us") is committed to protecting and respecting your privacy.
This Privacy Notice explains how we collect, use, store, share and protect personal data when you:
- Visit our website (https://www.stembridgeit.com/ )
- Contact us by telephone, email, web form or other means
- Purchase or enquire about our services
- Receive marketing communications from us
- Use services we provide; or
- Otherwise interact with us
We process personal data in accordance with:
- The UK General Data Protection Regulation (UK GDPR)
- The Data Protection Act 2018
- The Privacy and Electronic Communications Regulations (PECR); and
- The Data (Use and Access) Act 2025 and related UK data protection legislation
2. Data Controller
Stembridge IT Ltd is the data controller for the personal data covered by this Privacy Notice.
Contact Details
Stembridge IT Ltd
London, United Kingdom
Telephone: +44 20 3743 7663
Email: info@stembridgeit.com
For any privacy-related enquiries, data protection requests or complaints, please contact us using the details in section 13.
3. Personal Data We Collect
Depending on how you interact with us, we may collect:
Identity Data
- Name
- Job title
- Employer or organisation
- Username or account identifiers
Contact Data
- Email address
- Telephone number
- Business address
- Correspondence details
Technical Data
- IP address
- Device identifiers
- Browser type and version
- Operating system
- Website usage information
- Cookie identifiers
Service Data
- Support tickets
- Service requests
- System logs
- Audit records
- User account information
- Security and authentication data
Marketing and Communications Data
- Marketing preferences
- Subscription information
- Event registrations
- Survey responses
Business and Contractual Data
- Customer records
- Supplier information
- Contract details
- Billing and payment information
We do not intentionally collect special category personal data unless required to deliver services or comply with legal obligations.
4. How We Collect Personal Data
We collect personal data:
- Directly from you
- Through our website and contact forms
- Through communications with you
- Through customer onboarding processes
- From publicly available business sources
- From referrals and business partners
- Through cookies and similar technologies; and
- Through the use of our managed IT and support services
5. Lawful Bases for Processing
We process personal data under one or more of the following lawful bases:
Contract
Where processing is necessary to:
- Provide services
- Deliver support
- Manage customer relationships; or
- Fulfil contractual obligations
Legitimate Interests
Where processing is necessary for:
- Business administration
- Customer relationship management
- Service improvement
- Cybersecurity and fraud prevention
- Network and information security
- Business development; and
- Responding to enquiries
We ensure our legitimate interests do not override your rights and freedoms.
Legal Obligation
Where we are required to process personal data to comply with:
- Tax and accounting obligations
- Regulatory requirements
- Law enforcement requests
- Court orders; or
- Other legal obligations
Consent
Where required by law, including for certain marketing communications and non-essential cookies.
You may withdraw consent at any time.
6. How We Use Personal Data
We use personal data to:
- Respond to enquiries
- Provide managed IT services
- Deliver support and maintenance
- Monitor and secure systems
- Manage customer accounts
- Process payments and contracts
- Improve our services
- Conduct business analytics
- Send service-related communications
- Send marketing communications where permitted
- Meet legal and regulatory obligations; and
- Protect our business, customers and systems from security threats
6.1 Clients with a Support Plan
To provide you with the support and assistance you are entitled to under your support plan we may record and store information including usernames and passwords you use for access to third party IT related services. We do this for the sole purposes of providing you with assistance in using these services and in configuring and resolving issues with them. We will, at your request, refrain from storing or using this information on the understanding that we will no longer be able to provide you with assistance without your direct intervention.
6.2 Clients with Cloud Services
Stembridge cloud services including but not limited to Stembridge Monitored Antivirus (EDR) and Stembridge Hybrid File Storage / Sync utilise small applications that run on your computers and / or other devices and send data to the servers of Stembridge's suppliers. It may be transferred to and stored at a location outside of the UK/EEA with adequate protection for such data transfers in accordance with European data protection legislation. By agreeing to engage our services you consent to this data transferal.
This data will only be used for the following purposes:
- To administer, operate, maintain and improve the products and services
- To provide you with information, newsletters and products or services that you request from us
- To notify you about any changes or provide you with support
- To allow you to purchase and download products and participate in interactive features of our services, when you choose to do so
- For billing and accounting purposes
- For internal purposes such as performing research and analysis and to provide anonymous reporting internally or externally
- To prevent or take action against activities that are or may be in violation of the product end-user license agreement, the website Terms of Use or applicable law
If your data is to be used for any other purpose, we will disclose this to you at the point we request your information.
7. Automated Decision-Making and Profiling
We do not make decisions that produce legal or similarly significant effects solely through automated processing.
Where we use analytics, AI-assisted tools or automated systems to improve efficiency, these do not replace human decision-making regarding individuals.
8. Artificial Intelligence and Emerging Technologies
As an IT services provider, we may use AI-enabled technologies to support service delivery, cybersecurity monitoring, productivity, customer support and operational efficiency.
Where AI systems process personal data, we ensure appropriate safeguards are in place and comply with applicable UK data protection laws and the EU AI Act.
We do not use personal data for AI model training unless there is a lawful basis to do so.
9. Sharing Personal Data
We may share personal data with:
Service Providers
Including providers of:
- Cloud hosting
- Email systems
- Security services
- CRM systems
- Helpdesk and support platforms
- Communications services
- Professional advisers; and
- Business software
Business Partners
Where required to provide requested services.
Professional Advisers
Including lawyers, accountants, insurers and auditors.
Regulatory Authorities
Where required by law or regulation.
Corporate Transactions
In connection with mergers, acquisitions, restructures or business transfers.
All third parties are required to protect personal data and only process it in accordance with our instructions or applicable law.
We do not sell personal data.
10. International Transfers
Some suppliers may process personal data outside the United Kingdom.
Where personal data is transferred internationally, we ensure appropriate safeguards are in place, including:
- UK International Data Transfer Agreements (IDTAs)
- UK Addenda to Standard Contractual Clauses
- Adequacy regulations; or
- Other lawful transfer mechanisms
11. Data Retention
We retain personal data only for as long as necessary for the purposes for which it was collected.
Typical retention periods include:
| Category | Typical retention |
|---|---|
| Enquiries | Up to 24 months |
| Customer records | Duration of contract plus 7 years |
| Financial records | 6 years plus current year |
| Marketing records | Until consent withdrawn or objection received |
| Support tickets | Up to 7 years |
| Security logs | Up to 24 months unless required longer |
Retention periods may be extended where required by law, regulation, litigation or legitimate business needs.
12. Security
We implement appropriate technical and organisational measures to protect personal data, including:
- Access controls
- Encryption where appropriate
- Security monitoring
- Staff training
- Secure backup procedures
- Vulnerability management; and
- Incident response processes
No method of transmission or storage is completely secure, but we take reasonable steps to protect personal data against unauthorised access, loss, misuse or disclosure.
13. Right to Complain
If you have concerns about how Stembridge IT Ltd processes your personal data, you have the right to make a complaint directly to us.
You can make a complaint by:
- Emailing info@stembridgeit.com
- Completing our contact form on our website
- Calling our main office number
Refer to our Data Handling Complaints Process for more information.
Note – If you remain dissatisfied after we have responded to your complaint, you have the right to complain to the Information Commissioner’s Office (ICO).
Website: www.ico.org.uk
Telephone: 0303 123 1113.
14. Your Other Rights
Under UK data protection law, you additionally have the right to:
- Access your personal data
- Correct inaccurate data
- Request erasure of personal data
- Restrict processing
- Object to processing
- Receive personal data in a portable format
- Withdraw consent; and
- Challenge certain automated processing activities
To exercise your rights, contact us using the details in Section 13.
We may request proof of identity before responding.
15. Direct Marketing
We may send marketing communications where:
- You have consented; or
- We are permitted to do so under applicable law
You can opt out at any time by:
- Clicking the unsubscribe link in emails
- Contacting us directly; or
- Updating your communication preferences
16. Cookies and Similar Technologies
Our website uses cookies and similar technologies.
These may include:
- Strictly necessary cookies
- Analytics cookies
- Functionality cookies; and
- Marketing cookies
Where required by law, we obtain consent before placing non-essential cookies on your device.
Further information is available in our Cookie Policy.
17. Children
Our services and website are intended primarily for businesses.
We do not knowingly collect personal data from children under 13 without appropriate lawful grounds and parental involvement where required.
If you believe a child has provided personal data to us improperly, please contact us.
18. Changes to This Privacy Notice
We may update this Privacy Notice from time to time.
Any changes will be published on this page together with an updated revision date.
We encourage you to review this Privacy Notice periodically.