Effective Date: 16/09/2025

1. INTRODUCTION

Sistena Ltd (“we”, “us”, “our”) is committed to safeguarding the privacy of our clients, website visitors, and all individuals whose personal data we process.

This Privacy Policy explains how we collect, use, store, share, and protect your personal information, and sets out your rights under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

By using our website (https://www.sistena.co.uk) or engaging with our services, you agree to the practices described in this policy.

2. CONTROLLER

Data Controller: Sistena Ltd

Data Protection / Privacy Officer: Steve Barker

Registered Address: 2nd Floor Regis House, 45 King William Street, London, EC4R 9AN

Email: [email protected]

Telephone: 0330 133 0111

3. WHAT DATA WE COLLECT

We may collect and process the following categories of personal data:

  • Identity and Contact Data: Name, job title, company name, postal address, email address, and telephone number.
  • Technical Data: IP address, browser type and version, time zone settings, operating system, device model.
  • Usage Data: How you use our website, including downloads, page visits, and interaction with site content.
  • Communication Data: Information provided through our contact forms or email correspondence.
  • Cookies & Analytics Data: Information collected via cookies and analytics tools when you use our website.

We do not routinely collect special category data (e.g. health, race, religion).

4. HOW WE COLLECT DATA

  • Directly from you: When you fill in forms, email us, or otherwise interact with us.
  • Automatically: Through cookies, analytics, and tracking when you use our website.
  • From downloads: When you access documents, guides, or resources from our website.
  • From third parties: Such as analytics providers, hosting services, or IT suppliers.

5. PURPOSES AND LAWFUL BASIS FOR PROCESSING

We process personal data for the following purposes:

Purpose Lawful Basis
Responding to enquiries and providing services Contract / Legitimate interest
Managing client relationships and fulfilling contracts Contract
Website analytics, improvements, and user experience Legitimate interest
Marketing and newsletters (future use, only if opted

in)

 Consent
Compliance with legal and regulatory obligations Legal obligation
Security, fraud prevention, and safeguarding systems Legitimate interest / Legal

obligation

6. COOKIES AND TRACKING

Our website uses cookies and analytics tools to:

  • Improve site performance and user experience.
  • Understand how visitors use the website.
  • Track downloads and site engagement.

You will be informed about cookies when visiting the site, and you can manage preferences via your browser or cookie banner.

7. SHARING OF DATA

We do not sell personal data.

We may share personal data with trusted third parties, including:

  • IT suppliers and support services.
  • Hosting providers and website management services.
  • Analytics providers (e.g. Google Analytics).
  • Cloud services (e.g. Microsoft Azure, Microsoft 365).
  • CRM or client management platforms.

Where data is transferred outside the UK (e.g. to cloud services), we ensure appropriate safeguards are in place, such as Standard Contractual Clauses or adequacy decisions.

8. DATA RETENTION

We apply standard retention rules, retaining personal data only as long as necessary for the purposes it was collected. For example:

  • Enquiry/contact form data: typically retained for 12 months.
  • Client project data: typically retained for up to 7 years, in line with legal and accounting obligations.
  • Technical and analytics data: retained in accordance with service provider policies.

Once retention periods expire, data is securely deleted or anonymised.

9. YOUR RIGHTS

Under UK GDPR, you have the following rights:

  • Access: Request a copy of your personal data.
  • Rectification: Correct inaccurate or incomplete data.
  • Erasure: Request deletion of your data in certain cases.
  • Restriction: Request limited use of your data.
  • Portability: Request the transfer of your data to another organisation.
  • Objection: Object to certain types of processing, such as direct marketing.
  • Withdraw consent: Where processing is based on consent.

You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO) if you believe your data has been misused.

10. SECURITY

We take appropriate technical and organisational measures to protect personal data, including:

  • Use of secure servers and encrypted communications.
  • Access controls to limit who can see your data.
  • Regular system updates, monitoring, and backups.
  • Security incident response procedures.

11. INTERNATIONAL CLIENTS

As Sistena Ltd provides services to international clients, personal data may be transferred outside the UK. In such cases, we ensure that lawful safeguards (such as adequacy regulations or contractual clauses) are applied.

12. CHANGES TO THIS POLICY

We may update this Privacy Policy from time to time. The latest version will always be available on our website.

13. CONTACT US

For questions, requests, or concerns about this Privacy Policy, please contact:

Data Protection / Privacy Officer
Steve Barker
Sistena Ltd
2nd Floor Regis House, 45 King William Street, London, EC4R 9AN
Email: [email protected]
Telephone: 0330 133 0111