Privacy Policy

Last updated: 1 November 2025

Silverside Web Solutions Ltd (“we”, “us”, “our”) is committed to protecting your personal data. This notice explains what we collect, why, how long we keep it, and your rights.

1) Who we are

2) What we collect

• Identification & contact data (name, email, phone, company, role).
• Website usage data (pages, device/browser info, approximate location from IP, referrers).
• Client system data we host/process (user accounts, logs, uploaded files) as defined by contract.
• Support data (emails, tickets, notes) and invoicing data (billing contact details, invoice history).
• We do not store full payment card numbers.

3) How we collect it

• Directly from you (forms, email, phone).
• Automatically via cookies/analytics (non-essential only with your consent).
• From clients who authorise us to process data on their behalf.
• From public sources where appropriate (e.g., Companies House).

4) Why we use it (lawful bases)

• Provide and support our services; respond to enquiries (Contract / Legitimate Interests).
• Operate, secure and improve our website/services (Legitimate Interests).
• Service communications (Contract/Legitimate Interests) and optional updates/marketing (Consent or Legitimate Interests for B2B; you can opt out anytime).
• Meet legal, tax and audit requirements (Legal Obligation).

5) Cookies & analytics

Essential cookies run automatically. Optional analytics (e.g., Google Analytics with IP anonymisation) run only if you click “Accept” on our cookie banner. You can change your choice via “Cookie settings” in the footer. See our Cookie Notice.

6) Sharing your data

We use trusted service providers (“processors”) for hosting, email, backups, security/monitoring and analytics. They process data under our instructions and contract (Article 28 terms). A current list of core processors is available on request. We may disclose data if required by law or to defend legal claims.

7) International transfers

Where data is transferred outside the UK, we use appropriate safeguards (UK IDTA or UK Addendum to EU SCCs) and conduct transfer risk assessments where required.

8) Retention

• Enquiries/support emails: up to 2 years.
• Access/security logs: up to 12 months.
• Client backups: typically 30–90 days unless the contract specifies otherwise.
• Contracts/invoices/tax records: 6 years (plus current year).

9) Security

Measures include MFA, least-privilege access, encryption in transit/at rest where appropriate, patching, monitoring, and regular backup/restore testing. Access is limited to authorised personnel.

10) Your rights

You can request access, correction, erasure, restriction or objection, and data portability (where applicable). Where processing is based on consent, you can withdraw it at any time. Email [email protected]. We aim to reply within one month.

You can complain to the UK Information Commissioner’s Office (ICO): ico.org.uk or 0303 123 1113. Please contact us first so we can try to resolve your concern.

11) Children

Our website/services are not directed to children and we do not knowingly collect children’s data.

12) Acting as processor for clients

For many client projects we act as a processor. We process personal data only on the client’s documented instructions and under a Data Processing Agreement. Clients are responsible for their own privacy notices.

13) Changes to this notice

We may update this notice. Material changes will be posted here with a new “Last updated” date.