Privacy Policy

Data Policy 

 

Esync Deep Ltd is committed to protecting your personal data and processing it in accordance with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018 (DPA 2018), and the Privacy and Electronic Communications Regulations 2003 (PECR).

Esync Deep Ltd acts as the Data Controller for personal data collected through this website. This means we determine the purposes and means of processing your personal information.

If you are located in the European Economic Area (EEA), please note that your data may be processed in the United Kingdom under the UK's adequacy framework.

 

Data We Collect

We may collect the following categories of personal data:

Category Examples How Collected

  • Identity Data Name, job title, organisation Contact forms, email enquiries
  • Contact Data Email address, phone number, postal address Contact forms, direct communication
  • Technical Data IP address, browser type, device type, pages visited, time on site Automatically via cookies and analytics tools
  • Usage Data How you navigate and interact with our website Analytics platforms
  • Marketing Preferences Opt-in/opt-out status for communications Forms, email interactions
  • Business Data Organisation details, sector, enquiry type Contact and partnership enquiry forms

We do not knowingly collect special category data (e.g. health data, biometric data, political opinions) through this website. If you are submitting a clinical research enquiry related to VCAA, please contact us directly and we will advise on appropriate data handling procedures.

 

Lawful Basis for Processing

Under UK GDPR, we process your personal data only when a lawful basis applies. The bases we rely on are:

Consent — where you have actively opted in, such as to receive marketing communications or newsletter updates. You may withdraw consent at any time by contacting us.

Legitimate Interests — to operate and improve our website, respond to enquiries, and engage in B2B business development activities, where these interests are not overridden by your rights.

Contractual Necessity — to perform a contract with you or take steps prior to entering a contract at your request.

Legal Obligation — where processing is necessary to comply with a legal requirement, such as financial record-keeping obligations.

 

 

Data Sharing & Third Parties

We do not sell, rent or trade your personal data. We may share data with trusted third parties only where necessary and under appropriate data processing agreements, including:

IT and hosting providers — for website operation and data storage

Analytics providers — such as Google Analytics, to understand website usage (subject to your cookie preferences)

Email and CRM platforms — to manage communications

Professional advisors — including legal, financial, and accounting advisors, under confidentiality obligations

Regulatory and public authorities — where required by law or court order

Where any third-party processor is located outside the UK, we ensure appropriate safeguards are in place, such as the UK International Data Transfer Agreement (IDTA) or equivalent standard contractual protections.

 

 

Data Retention

We retain personal data only for as long as necessary for the purposes for which it was collected or as required by applicable law. Our general retention periods are:

Website enquiries and contact data: Up to 2 years from last contact, unless an ongoing relationship exists

Marketing consent records: Until consent is withdrawn, plus 12 months thereafter

Financial and contractual records: 6 years from the end of the relevant financial year, in line with HMRC requirements

Technical/analytics data: As determined by the applicable analytics platform's retention settings (typically 14–26 months)

On expiry of the applicable retention period, personal data is securely deleted or anonymised.

 

 

Your Rights Under UK GDPR

You have the following rights in relation to your personal data. These rights are not absolute and may be subject to certain conditions or exemptions under UK law:

Right of Access — to request a copy of the personal data we hold about you (Subject Access Request)

Right to Rectification — to request correction of inaccurate or incomplete data

Right to Erasure — to request deletion of your personal data ("right to be forgotten"), in certain circumstances

Right to Restrict Processing — to request that we limit how we use your data

Right to Data Portability — to receive your data in a structured, machine-readable format

Right to Object — to object to processing based on legitimate interests or for direct marketing purposes

Rights Related to Automated Decision-Making — not to be subject to solely automated decisions with significant legal or personal effects

Right to Withdraw Consent — at any time, without affecting the lawfulness of prior processing

To exercise any of these rights, please contact us at the details in Section 14. We will respond within one calendar month. We do not charge a fee for standard requests, though we may charge a reasonable fee for manifestly unfounded or excessive requests.

If you are dissatisfied with our response, you have the right to lodge a complaint with the UK supervisory authority:

Information Commissioner's Office (ICO)

Website: ico.org.uk

Helpline: 0303 123 1113

Address: Wycliffe House, Water Lane, Wilmslow, SK9 5AF

 

Cookies & Tracking

This website uses cookies and similar tracking technologies in accordance with PECR 2003 and UK GDPR. A cookie is a small text file stored on your device when you visit a website.

Types of Cookies We Use

Type Purpose Consent Required?

Strictly Necessary Essential for the website to function (e.g. session cookies, security tokens) No — exempt under PECR

Performance / Analytics Understand how visitors use the site (e.g. Google Analytics) Yes

Functional Remember your preferences (e.g. language, region) Yes

Marketing / Targeting Deliver relevant advertising and track campaign performance Yes

When you first visit this website, you will be presented with a cookie consent banner. You may accept, reject, or manage your preferences at any time. Withdrawing consent will not affect the lawfulness of any prior cookie processing.

You may also control or delete cookies through your browser settings. Note that disabling certain cookies may affect the functionality of this website. For guidance on managing cookies, visit aboutcookies.org.

 

 

Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, loss, destruction, or alteration. These include secure server infrastructure, access controls, and regular security reviews.

However, no method of internet transmission or electronic storage is entirely secure. While we strive to protect your data, we cannot guarantee absolute security. In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the ICO within 72 hours as required by UK GDPR, and will notify affected individuals without undue delay where required.

 

Children's Privacy

This website is directed at business and professional audiences and is not intended for use by individuals under the age of 13. We do not knowingly collect personal data from children. If you believe we have inadvertently collected data from a child, please contact us immediately and we will delete it promptly.

Where our STEM education programmes involve engagement with under-18s, appropriate safeguarding and parental consent protocols are applied separately from this policy.

 

Changes to This Policy

We may update this Legal Notice and Privacy Policy from time to time to reflect changes in law, our business practices, or data processing activities. The "Last updated" date at the top of this page will always reflect the most recent version.

We encourage you to review this page periodically. Where changes are material, we will take reasonable steps to notify you — for example, by displaying a prominent notice on our website or by contacting you directly if we hold your contact details.

Continued use of this website after any changes constitutes your acceptance of the updated policy.

 

 

Contact & Complaints

For any questions, concerns, or requests relating to this policy or to exercise your data rights, please contact us:

Data Controller

Esync Deep Ltd

1a The Tad Centre, Middlesbrough, Teesside, England

Website: www.esyncdeep.com/contactus

We aim to respond to all legitimate requests within one calendar month. For complex or multiple requests, we may extend this by a further two months, and will inform you accordingly.

If you are not satisfied with our response, you have the right to escalate your complaint to the Information Commissioner's Office (ICO) — see details in Section 9 above.

© 2026 Esync Deep Ltd. All rights reserved. Registered in England and Wales.

This document does not constitute legal advice. For specific legal guidance, please consult a qualified solicitor.

 

We need your consent to load the translations

We use a third-party service to translate the website content that may collect data about your activity. Please review the details in the privacy policy and accept the service to view the translations.