Privacy Policy

PRIVACY AND DATA PROTECTION POLICY

Date of Policy: 25/09/2025

This policy will be reviewed every 12 months at a minimum. 

Review Date: 25/09/2026

This Privacy & Data Protection Policy outlines how Acker-Tech LTD (“we”, “us”, “our”)

collects, uses, stores, shares, and protects personal data. 

It is designed to comply with the UK General Data Protection Regulation (UK GDPR), the

Data Protection Act 2018, and, where applicable, the EU General Data Protection

Regulation (EU GDPR).

We are committed to:

  • Complying with applicable data protection laws and best practices.
  • Protecting the rights and freedoms of individuals whose data we process.
  • Being transparent about how we collect, use, and store personal data.
  • Reducing the risk of data breaches and maintaining data security.
  1. Scope

This policy applies to all personal data we process, regardless of the format or the data

subject’s relationship with us (e.g. employee, customer, supplier, website visitor, or

other third party).

  1. Definitions
  • Personal Data: Information that can identify an individual directly or indirectly.
  • Processing: Any action performed on personal data, including collection, use,

sharing, storage, or deletion.

  • Data Subject: The individual to whom the personal data relates.
  • Data Controller: The entity that determines the purposes and means of

processing personal data.

  • Data Processor: A third party that processes personal data on behalf of the

controller.

  • Special Category Data: Sensitive personal data such as health information,

ethnicity, political opinions, etc.

  • Consent: A freely given, specific, informed and unambiguous indication of an

individual’s agreement to the processing of their data.

  1. Lawful Basis for Processing

We only process personal data where we have a lawful basis under data protection law.

This includes:

  • The data subject has given consent.
  • Processing is necessary for the performance of a contract.
  • We have a legal obligation.

It is necessary to protect vital interests.

  • It is necessary to carry out a task in the public interest.
  • It is in our legitimate interests (provided these are not overridden by the

individual’s rights).

Where consent is used, individuals can withdraw it at any time.

  1. Data Protection Principles

We adhere to the following principles:

  • Lawfulness, Fairness, and Transparency
  • Purpose Limitation
  • Data Minimisation
  • Accuracy
  • Storage Limitation
  • Integrity and Confidentiality

We also ensure data is not transferred internationally without appropriate safeguards

and that data subjects can exercise their rights.

  1. Accountability and Governance

Acker-Tech LTD is the Data Controller. We ensure compliance through:

  • Staff training on data protection.
  • Maintaining documentation of processing activities.
  • Conducting Data Protection Impact Assessments (DPIAs) where required.
  • Appointing a Data Protection Officer (DPO), if necessary.
  1. Special Category and Criminal Data

Where we process special category or criminal conviction data, we do so only when

legally permitted and with appropriate safeguards, including conducting DPIAs and

applying stricter access controls.

  1. Data Minimisation and Accuracy

We collect only the data we need and regularly review it for accuracy. Inaccurate or

outdated data is corrected or deleted promptly.

  1. Data Retention

Personal data is only retained for as long as necessary for the purpose for which it was

collected. Once no longer needed, it is securely deleted or anonymised in accordance

with our retention policy.

  1. Security Measures

We implement technical and organisational measures to protect data, including:

  • Secure access controls
  • Encryption and pseudonymisation
  • Firewalls and anti-malware tools
  • Regular security audits and monitoring
  1. International Data Transfers

Where personal data is transferred outside the UK or EEA, we ensure adequate

protection using:

  • UK IDTA (International Data Transfer Agreement)
  • EU Standard Contractual Clauses (SCCs)
  • Adequacy decisions
  • Other appropriate legal safeguards
  1. Personal Data Breaches

We assess all data breaches. If a breach is likely to pose a risk to individuals’ rights and

freedoms, we will:

  • Notify the Information Commissioner’s Office (ICO) within 72 hours (where

required).

  • Notify affected individuals if the risk is deemed high.
  • Document all breaches, regardless of severity.
  1. Your Data Protection Rights

You have the following rights:

  • Right to be informed
  • Right of access
  • Right to rectification
  • Right to erasure
  • Right to restrict processing

Right to data portability

  • Right to object
  • Rights in relation to automated decision-making and profiling
  • Right to withdraw consent at any time
  • Right to lodge a complaint with the ICO

To exercise these rights, please contact us using the details below.

  1. Record Keeping

We maintain records of:

  • Personal data we process
  • Legal bases for processing
  • Data sharing with third parties
  • Retention periods
  • Security measures in place
  • DPIAs and risk assessments
  1. Direct Marketing

We comply with the Privacy and Electronic Communications Regulations (PECR). This

means:

  • We obtain consent for electronic marketing unless relying on legitimate interest

or the soft opt-in for existing customers.

  • All marketing communications include a clear way to opt out.
  • Opt-out requests are respected immediately.
  1. Sharing Personal Data

We may share personal data with third parties, including service providers, only when:

  • Necessary for service delivery.
  • Described in our privacy notice.
  • Covered by a valid data processing agreement.
  • GDPR-compliant safeguards are in place, especially for international transfers.
  1. Cookies and Tracking Technologies

If you use our website, we may use cookies or similar technologies for functionality,

analytics, and marketing purposes.

We will:

  • Notify users via a cookie banner.
  • Seek consent where required by law.
  • Provide a clear Cookie Policy.
  • Allow users to manage their preferences at any time.
  1. Contact Us

If you have questions about this policy or wish to exercise your data protection rights,

please contact us:

Email: dataprotection@acker-tech.com

You also have the right to lodge a complaint with the UK Information Commissioner’s

Office (ICO) at www.ico.org.uk.

This policy may be updated periodically to reflect changes in law or our business

practices. Please review it regularly for any updates.