Privacy notice.
This notice explains how Spey Systems Ltd collects, uses, stores, and protects personal data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
Last reviewed
Data controller
The data controller is Spey Systems Ltd, a private limited company registered in Scotland (SC889983). ICO registration is pending. This notice will be updated with the registration number upon completion.
For data protection enquiries, contact commercial@speysystems.com.
What data we collect
speysystems.com does not use cookies, does not set tracking pixels, and does not collect personal data through web forms. The site has no user accounts and no sign-up mechanism.
Spey Systems Ltd collects personal data only in the following circumstances:
- When you send an email to one of the published contact addresses. The data collected is limited to your email address, name (if provided), and the content of your message.
- When you enter into a commercial engagement. Data collected in that context is governed by the terms of the specific engagement.
Website analytics are collected using Umami, a privacy-respecting, cookieless analytics platform hosted at umami.speytech.com. Umami does not collect personal data, does not use cookies, and does not share data with third parties. Data collected is aggregate only: page views, referrer domains, and browser type. No IP addresses are stored. No cross-site tracking occurs.
Lawful basis
Where personal data is processed, the lawful basis under UK GDPR is one of the following:
- Legitimate interests: responding to inbound business enquiries.
- Contract performance: processing data necessary to fulfil a commercial engagement.
- Legal obligation: where processing is required by UK law.
Retention
Email correspondence is retained for as long as it is necessary for the purposes for which it was received, and for a reasonable period thereafter to support any follow-up or legal requirement. Commercial engagement records are retained for seven years in accordance with UK accounting and tax obligations.
Your rights
Under UK GDPR, you have the right to access, rectify, erase, restrict, and port your personal data. You also have the right to object to processing based on legitimate interests.
To exercise any of these rights, contact commercial@speysystems.com. Spey Systems Ltd will respond within one calendar month.
You have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk if you believe your data has been processed unlawfully.
International transfers
Spey Systems Ltd does not transfer personal data outside the United Kingdom except where required to fulfil a specific engagement and where appropriate safeguards are in place. Email services (ProtonMail) operate under terms consistent with UK GDPR requirements.
Changes to this notice
This notice will be updated when material changes occur to how Spey Systems Ltd processes personal data. The last-reviewed date at the top of this page reflects the most recent revision. Continued use of this site following a revision constitutes acknowledgement of the updated notice.
Related: Legal imprint · Security policy · All policies