Privacy Policy

1. Introduction

Penken Technology Ltd (“Penken Technology”, “we”, “us”, or “our”) is committed to protecting your personal data and respecting your privacy. This Privacy Policy explains how we collect, use, store, and share your personal information when you visit our website, contact us, or use our managed IT and cybersecurity services.

We are the data controller for the personal data we process about you. We are registered with the Information Commissioner’s Office (ICO) and operate in full compliance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

2. Who We Are

Data Controller: Penken Technology Ltd
Registered address: 52 Buckingham Road, Wilmslow, Cheshire East, SK9 5LB
Email: info@penkentechnology.com
Website: https://www.penkentechnology.com

If you have any questions about how we handle your personal data, please contact us using the details above.

3. What Personal Data We Collect

Depending on how you interact with us, we may collect the following categories of personal data:

3.1 Information you provide to us:

Name, job title, and company name
Contact details including email address, telephone number, and postal address
Information provided in enquiry forms, emails, or telephone conversations
Billing and payment information where applicable
Technical details you share when seeking IT support

3.2 Information collected automatically

IP address and browser type
Pages visited and time spent on our website
Referring URLs and device information
Cookie data (see Section 9 for our Cookie Policy)

3.3 Information from third parties

We may receive information about you from third parties such as business partners, referral sources, or publicly available information (e.g. LinkedIn) where this is relevant to providing our services.

4. How We Use Your Personal Data

We use your personal data for the following purposes and on the following legal bases:

Responding to enquiries and providing quotes — Legal basis: Legitimate interests / Pre-contractual steps
Delivering managed IT and cybersecurity services — Legal basis: Performance of a contract
Sending service updates and technical communications — Legal basis: Performance of a contract / Legitimate interests
Processing payments and managing accounts — Legal basis: Performance of a contract / Legal obligation
Sending marketing communications (where you have consented or we have a legitimate interest) — Legal basis: Consent / Legitimate interests
Improving our website and services — Legal basis: Legitimate interests
Complying with legal and regulatory obligations — Legal basis: Legal obligation
Fraud prevention and security — Legal basis: Legitimate interests / Legal obligation

5. Marketing Communications

Where you are an existing client or have enquired about our services, we may contact you with information about related services we offer, on the basis of our legitimate interests. In all other cases, we will only send marketing communications where you have given your explicit consent.

You have the right to opt out of marketing communications at any time by clicking the unsubscribe link in any email we send, or by contacting us directly at info@penkentechnology.com. Opting out will not affect any contractual communications necessary to deliver your services.

6. Who We Share Your Data With

We do not sell your personal data. We may share your data with the following categories of third parties:

IT and software vendors used to deliver our services (e.g. Microsoft, endpoint security providers, RMM platform providers)
Professional advisers including accountants and legal advisers, where necessary
Payment processors and banking providers
Regulators and law enforcement agencies where legally required
Cyber Essentials certification bodies and auditors

All third parties are required to handle your data in accordance with UK GDPR and are only permitted to use it for the specific purpose for which it was shared.

7. International Data Transfers

Some of our third-party service providers may process data outside the United Kingdom. Where this occurs, we ensure appropriate safeguards are in place, such as UK adequacy decisions or standard contractual clauses, to protect your personal data to the same standard as required under UK GDPR.

8. How Long We Keep Your Data

We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected, including meeting legal, accounting, or reporting obligations. Our general retention periods are:

Client records: 7 years from the end of the contract (for tax and legal purposes)
Prospect and enquiry data: Up to 2 years from last contact
Marketing consent records: Until consent is withdrawn, then up to 1 year
Website analytics data: Up to 26 months
Security and incident logs: Up to 12 months

9. Cookies

Our website uses cookies to improve your experience and help us understand how our website is being used. For full details of the cookies we use, the purposes for which we use them, and how to manage your preferences, please refer to our separate Cookie Policy, available on our website at www.penkentechnology.com/cookie-policy.

10. Your Rights Under UK GDPR

Under UK GDPR, you have the following rights regarding your personal data:

Right of access: You can request a copy of the personal data we hold about you (Subject Access Request).
Right to rectification: You can ask us to correct inaccurate or incomplete data.
Right to erasure: You can ask us to delete your data where there is no compelling reason for us to continue processing it.
Right to restrict processing: You can ask us to limit how we use your data in certain circumstances.
Right to data portability: You can ask us to provide your data in a structured, machine-readable format.
Right to object: You can object to us processing your data on the basis of legitimate interests or for direct marketing.
Rights related to automated decision-making: You have the right not to be subject to decisions based solely on automated processing that significantly affect you.
Right to withdraw consent: Where we rely on your consent, you can withdraw it at any time without affecting the lawfulness of prior processing.

To exercise any of these rights, please contact us at info@penkentechnology.com. We will respond within one calendar month. We may need to verify your identity before processing your request. There is no charge for most requests, though we may charge a reasonable fee for manifestly unfounded or excessive requests.

11. Complaints

If you are unhappy with how we handle your personal data, please contact us in the first instance so we can try to resolve your concern. If you remain dissatisfied, you have the right to lodge a complaint with the UK’s supervisory authority:

Information Commissioner’s Office (ICO)
Website: www.ico.org.uk
Helpline: 0303 123 1113

12. Security of Your Data

We take the security of your personal data seriously. As a Cyber Essentials Plus certified organisation, we have implemented appropriate technical and organisational measures to protect your data against accidental loss, unauthorised access, disclosure, alteration, or destruction. These measures include access controls, encryption, secure network configurations, and regular security reviews.

While we strive to protect your information, no method of transmission over the internet is completely secure. If you have reason to believe your data has been compromised, please contact us immediately.

13. Third-Party Links

Our website may contain links to third-party websites. We are not responsible for the privacy practices of those sites and encourage you to read their privacy policies before providing any personal data.

14. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable law. When we make significant changes, we will update the “Last Updated” date at the top of this page. We encourage you to review this policy periodically. Your continued use of our website or services after any changes constitutes your acknowledgement of the updated policy.