Name: Staple IT
Telephone: 01372 309 707

Grab a coffee, its the privacy policy!

Date of Policy - 13/05/2026

1. Who We Are

Staple IT is a managed IT services provider based in Epsom, Surrey. We provide IT support, cloud solutions, cybersecurity, consultancy and AI integration services to small businesses, sole traders, charities and community organisations across Surrey and beyond.

For the purposes of data protection law, Staple IT is the data controller for personal data collected through this website and in the course of providing our services.

Contact: hello@stapleit.co.uk | 01372 309 707 | stapleit.co.uk

Data Protection Officer: dpo@stapleit.co.uk

2. What Data We Collect

We collect personal data in the following ways:

Contact form submissions: your name, company name, email address, phone number, number of users or devices, and the nature of your enquiry.
Email and telephone enquiries: any personal information you choose to share with us when getting in touch.
Website analytics: anonymised data about how you use our website, collected via IONOS SiteAnalytics (see Section 6).
Google Maps: your IP address and approximate location, collected when you interact with the embedded map on our website (see Section 6).
Client data: in the course of delivering our services, we may process personal data on behalf of our clients under a separate Data Processing Agreement (DPA).

3. How We Use Your Data

We use the personal data we collect for the following purposes:

To respond to your enquiry and provide the services you have requested.
To communicate with you about your account, services or support arrangements.
To send you information about our services where you have indicated an interest or given consent.
To improve the performance and user experience of our website.
To comply with our legal and contractual obligations.

4. Legal Basis for Processing

We process your personal data on the following legal grounds under the UK General Data Protection Regulation (UK GDPR):

Contract: where processing is necessary to perform a contract with you or to take steps prior to entering into one.
Legitimate interests: where processing is necessary for our legitimate business interests, such as responding to enquiries and improving our services, provided these are not overridden by your rights.
Consent: where you have given us explicit consent to process your data, such as for marketing communications or the use of Google Maps on our website.
Legal obligation: where we are required to process data to comply with a legal obligation.

5. How Long We Keep Your Data

We retain personal data only for as long as is necessary for the purposes for which it was collected:

Enquiry and contact form data: retained for up to 2 years from the date of last contact, unless a client relationship is established.
Client data: retained for the duration of the contract and for up to 6 years thereafter in accordance with our legal and contractual obligations.
Website analytics data: retained for 8 weeks by IONOS SiteAnalytics before automatic deletion.
Google Maps data: retained only as long as necessary for the stated processing purposes, in accordance with Google’s privacy policy.

6. Third-Party Services on Our Website

Our website uses the following third-party services which may collect personal data:

Google Maps

We embed Google Maps on our website to display our location. When you interact with the map, Google Ireland Limited may collect your IP address and approximate location. This data is processed in the European Union and is subject to Google’s privacy policy. The legal basis for this processing is your consent (Art. 6(1)(a) UK GDPR). You may opt out at any time via Google’s privacy controls.

Data processor: Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland.
Privacy policy: https://policies.google.com/privacy
Opt-out: https://safety.google/privacy/privacy-controls/

IONOS SiteAnalytics

We use IONOS SiteAnalytics to understand how visitors use our website. This service collects anonymised data including your browser type, device type, operating system, pages visited and anonymised IP address. It does not use cookies and does not transfer data outside the European Union. Data is retained for 8 weeks before automatic deletion. The legal basis for this processing is your consent (Art. 6(1)(a) UK GDPR).

Data processor: IONOS SE, Elgendorfer Str. 57, 56410 Montabaur, Germany.
Privacy policy: https://www.ionos.co.uk/terms-gtc/privacy-policy/

7. Cookies & Consent

Our website displays a cookie consent banner when you first visit. This banner allows you to accept or decline the use of cookies and third-party services, including Google Maps and IONOS SiteAnalytics. IONOS SiteAnalytics does not use cookies and collects only anonymised data. Google Maps uses cookies to display map content and will only be loaded upon your consent. You can manage or withdraw your consent at any time through the cookie banner or your browser settings.

8. Data Sharing

We do not sell your personal data. We only share personal data with third parties in the following circumstances:

With service providers who assist us in delivering our services, such as our platform and software partners, under appropriate data processing agreements.
With third-party services embedded on our website, as described in Section 6.
Where required by law, regulation or legal process.
Where you have given explicit consent for us to do so.

9. Your Rights

Under UK GDPR, you have the following rights in relation to your personal data:

The right to access the personal data we hold about you.
The right to have inaccurate data corrected.
The right to have your data deleted, where there is no lawful basis for continued processing.
The right to restrict or object to processing in certain circumstances.
The right to data portability, where processing is based on consent or contract.
The right to withdraw consent at any time, where processing is based on consent.

To exercise any of these rights, please contact us at hello@stapleit.co.uk. We will respond within 30 days.

10. Data Breaches

In the event of a personal data breach, Staple IT will assess the risk to individuals and, where required under UK GDPR, notify the Information Commissioner’s Office (ICO) within 72 hours of becoming aware of the breach. Where a breach is likely to result in a high risk to your rights and freedoms, we will also notify you directly without undue delay. We maintain an internal record of all data breaches in accordance with our obligations under Articles 33 and 34 of the UK GDPR.

11. Data Security

We take the security of your personal data seriously. We implement appropriate technical and organisational measures to protect your data against unauthorised access, loss, destruction or disclosure. Where we share data with third-party processors, we ensure appropriate safeguards are in place.

12. Complaints

If you have concerns about how we handle your personal data, please contact us in the first instance at hello@stapleit.co.uk. If you remain unsatisfied, you have the right to lodge a complaint with the Information Commissioner’s Office (ICO), the UK’s supervisory authority for data protection.

ICO website: https://ico.org.uk
ICO helpline: 0303 123 1113

13. Changes to This Policy

We may update this privacy policy from time to time to reflect changes in our services, legal obligations or data processing activities. The date at the top of this document indicates when it was last updated. We encourage you to review this policy periodically.

14. Governing Law

This privacy policy is governed by the laws of England and Wales and is compliant with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.