Skip to main content

Privacy Notice


At Basic Business Systems Ltd, we’re serious about protecting and safely storing the personal data we collect from you. This privacy notice aims to explain how we use any personal information we collect about you, in order to provide the best quality products, services and customer experience to you, that we can, as well as meeting legal requirements.

Our Privacy Notice also describes the categories of personal data we process and for what purposes. We are committed to collecting and using such data fairly and in accordance with the requirements of the General Data Protection Regulation (GDPR).

We take your privacy seriously and you can find out more in this notice, about your privacy rights and how we gather, use and share your personal information.

If you have any questions or concerns after reading this notice, please don’t hesitate to call or email us, or complete an enquiry form.

Who we are

Basic Business Systems Ltd can be both the data controller and a data processor when it comes to the processing activities mentioned in this document. What this means is that Basic Business Systems Ltd or one of our Customers decides why and how to collect and process your personal data, depending on which of our services you use.

Basic Business Systems Ltd are a data controller where store data about our Customers, and potential customers, and their employees, in so far as that they are business contacts, to whom we provide services.

In this policy Basic Business Systems Ltd is referred to whenever ‘we’, ‘our’ or ‘us’ is used.

Who you are

This policy notice applies to you if you are:

  • Someone who has visited our website, and / or enquired about our products and services
  • A Customer
  • A user of our online applications software, where your Business / employer pays us Service fees to use our applications as part of operating their business.

"You" will mean your personally.

"Customer" is the Company, or business who pay us fees to provide a service. The "Customer" could also be "Your Employer", a Business who sub-contracts to you, a Business which outsources tasks and and services to your Employer or another form, that means you are accessing our applications.

How we gather and use personal information

We need to obtain information about you, so that we can provide our Technical Services and Support you, or our Customer requires. This information is obtained directly from clients in a face to face meeting, by email, telephone, post, website forms or other means, such as our Systems Management, Auditing and Monitoring tools.

We may also obtain some personal information from recording calls or meetings or by making contemporaneous notes of calls or meetings.

We hold such information as Data Controllers in accordance with the requirements of the Data Protection Act 2017 and the EU General Data Protection Regulation together referred to as the ‘Regulations’

We will not share your information with any other party except as indicated in this Privacy Notice or where required to do so by any statutory, governmental or regulatory body for legitimate purposes.

What information do we collect about you?

Where we are a Data Controller, we collect information about you when you engage with us to supply any of the following:

  • Our IT Services, IT Support, IT Manager Services,
  • When you use our Software or have Software subscriptions
  • When you use online web applications.
  • The sale or supply or Computer Hardware and Software
  • Any other products and services that we supply to you, or your Business.

We also collect limited amounts of information if you enquire about our services.

We are a Business to Business company, and therefore most of the data that we collect, relates to you as an employee of a Business, who is, or would be our Customer.

The information that we collect is therefore Contact related, and in most cases is business contact information only.

Where the above is applicable and we are the Data Controller and store your contact details, this is in order to provide goods and services in some way. The type of information that we collect is so that, in most cases, we can contact you.

Personal details:
Full name
Address - unless you work from home, we will never ask you for your home address, and this would be your business address only.
Contact details - business email, mobile phone

Employment details (ie A Customers's Business address) as noted below are not classed as personal data per se, but for openess and transparancy these tend to be:
Company name Where you work - address etc
Business landline phone.
Your employer’s details information that help us provide products and services.

Technical Information:
As we provide IT Support, and IT Services, it is likely that other personally identifiable information will at some point be seen. We do not store these in any other format, or collect or harvest these formally and the information is only kept the original log formats for limited timescales, except where our Customer may change this. However, in this context we are are not the Data Controller of those systems or information.
Examples where this data may reside are for example, Firewall Logs, Windows Server Logs, System access logs in databases etc. These can contain elements of personally identifiable information.
In summary, we do not store log information generally, but do access this information for the purposes of providing supporting services to our Customer, for system maintenance, fault fixing, fault diagnosis purposes as well as to provide information to the Customer Company and to abide by legal legislation

As a Data Controller, where we store Customer Contact details, we do not collect or store any special categories of data such as your racial or ethnic origin, religious beliefs, sexual orientation etc. We regard these as irrelevant to providing high quality IT Services and Software.

We may also collect information when you voluntarily provide feedback to us.

What information do we collect about you, when you use our online applications

In the case where data is stored in our applications, we are a Data Processor and not a Data Controller.
When you use online web applications as a user, generally, your employing Company is the Customer.

There may be other relationships that you have where our Customer is not your employer and you do not work for that Company. You may be a subcontractor for example, but you are listed, or use our online applications as a user and they provide you with a licence to access our software applications.

In all cases, when Users or Companies use our applications to enter, store, process or retrieve data, the Customer Business is the Data Controller and we are the Data Processor. Data is only collected as part of our Customers' business processes, using our business process orientated applications.The Data controller will have reasons to that collect data.

Where we are data processor, providing these applications, we store this data on completely separate systems to those where our own data is stored. Our hosted systems do not mix with our own Company data.

We only store, collect and process data in our applications based on the data that our Customer requests us to, and enters into the applications.

As a Data Processor, our Customer may use facilities in our online applications where they can store special categories of data such as your racial or ethnic origin, religious beliefs, sexual orientation etc.

In this context, the Customer business is also the Data Controller, and we expect that they will have performed due diligence,determined appropriate need to store this information and have legitimate legal basis for processing on this data.

We expect that they will also have performed appropriate data minimisation that they feel is needed and possible.

We will never collect or use the data of our Customers for any means. However, where a Customer has a problem in one of our applications, we may need to access that application as part of fault finding, fixing, and rectification. Therefore whilst we do not formally collect data, it is possible that your data maybe seen and processed for that reason by our Software Development team. This type of collection or processing is purely on a temporary basis only, in order to fix a problem

Where you are an individual and you think your data is held in our applications and wish to correct data, delete data, or submit a data subject access request (DSAR), then you should liaise directly with the relevant Data Controller / Company in question.

As a Data processor, we cannot act on your instructions, only those of our Customers.

We may also collect information when you voluntarily provide feedback to us.

Information that is automatically collected

We will automatically collect information from our Systems Management, Auditing and Monitoring tools. Personally identifiable information could be in the form of

  • IP addresses
  • Machine / PC / Laptop names
  • User logins
  • Access to systems, websites, logs of data
  • The Software that you use
  • Other forms of specific information related to your Computer
  • Internet access records
  • Internet and network usage history
  • Cookies
  • System analytics

We may automatically collect information when you browse our website; more information about this can be found in our section about Cookies. We may also record telephone conversations as a means of improving the service that we provide to you or as part of quality management and improvement.

Information that we collect from others

We may collect some information about you from other places. These include:

Our Customer - Your employer will have contracted us to provide various IT Services, and they may have provided us with information about you, so that we can support you more effectively, or to manage and support their IT Systems.

Our Partner companies - where our tools acquire data and this is transferred to us. For example where we and Microsoft track licence useage, so that we can comply with the appropriate laws relating to software use and management etc.

Important note - Why do we need to collect and use your personal data?

In most circumstances, the primary legal basis that we intend to use for the processing of your data, is for the performance of, or entry into, our contract with our Customer (you, your employer or which ever business we are Contracting with to supply our Products and Services)

The information we collect about you is essential for us to be able to carry out or supply the services you require from us effectively. Without collecting your personal data, we would also be unable to fulfil our contractual, legal and regulatory obligations. For example. Helping to run and support your IT equipment, so that your systems are secure, patched and have the latest antivirus software applied, so that your Computers run effectively and efficiently and so that when there is a problem, we can fix it as quickly and as effectively as possible.

As a Data Controller, we may also process data where we have a legitimate interest in doing so as a technology services provider (and where our legitimate interests are not overridden by your (or the relevant individual’s) own interests or fundamental rights or freedoms).

We will always aim to have a lawful basis for processing the personal data that we collect.
In this case the lawful basis for processing your data is that it’s necessary under your employment contract, or it’s necessary for us to comply with the law. If we need your consent to process any of your data, we’ll obtain this from you.

In the case of our Online applications where we are the data processor, where we are providing a "Software as a Service" to that business, they have made the decision to store data and they will have their own policies, practices, policies and notices that you should refer to. Where special category data is stored and processed, you should refer to the Data Controller of this information, to determine aspects such as consent, the legal basis of processing and why they are collecting and processing this information.

How will we use your personal information?

We’re committed to using your personal data responsibly and lawfully.

We aim to collect information about you only in order to provide you with the services for which you or our Customers (for BasicOnline applications) engage us.

Where we are a Data Controller and therefore can control our collection, the majority of the information that we collect from you is used in order to deliver our services to you and to provide technical IT Services, such as IT support and IT Systems Management.

It also allows us to meet our legal and contractual requirements to our Customers and as an Employer.

If we do not collect some information from you, we may not be able to accurately fix technical issues, or effectively provide the quality support services and support that you expect as part of our Services contract.

The information that we collect from you is all stored within the UK.

In order to make sure that the information we collect from you is accurate, it is important that you contact us to advise us of any changes to your personal information.

Who will we share your information with?

If you agree, we may email you about other products or services we think may be of interest to you.
We will not share your information for marketing purposes with other companies.

In order to deliver our services to you effectively we may need to send your details to third parties such as those that we engage for professional IT or software services, as well as product and platform providers we use to arrange technical products for you.
The categories of third party are listed below:

  • IT Systems Management, Monitoring, Platform management and various IT Tools:

    Certain limited 3rd party systems for IT Systems Management, Monitoring, Platform management and various IT Tools.
    The data that we share with these 3rd parties is not overly personal data, that a non technical person could or would easily use.
    However, the EU ‘Regulations’ note that items such as IP addresses, business email addresses, internet access records, Internet and network usage history, cookies, and system analytics are covered and are included as things that are Personal Data.
    Due to Computer names, User names, IP Addresses, installed software potentially identifying someone, this is likely to also be considered personal data.

    Therefore where our platforms collect and centrally report and manage this information, some aspects of personal information are therefore collected and shared. However, this is not easily identifiable.
    This data is also not useable for sensitive activities such as identity theft and no special categories of data are collected.

    The data that is somewhat personal as this data is part of the operation of our system tools that we use to collect Computer information, in order to

    • Apply patches
    • determine software and system configurations
    • track and manage IT Assets
    • monitor Computers so that we can proactively fix problems
    • track whether computers are protected correctly, eg whether they have correct versions of Anti-Virus.
  • Software Vendors

    Software Vendors such as Microsoft, with their 365 product for email, require us to provide some information in order to setup a working system for you, or our Customer. This includes, for example, a business email address, name.
    Other details will be collected for licensing purposes by that platform vendor, as we as data that we cannot control which they collect directly. We recommend you review these mainline 3rd party vendors directly.

    Where third parties are involved in processing your data we will try to have a contract in place with them to ensure the nature and purpose of the processing is clear, they are subject to a duty of confidence in processing your data and they will only act in accordance with our written instructions.
    Where it is necessary for your personal data to be forwarded to a third party we will use appropriate security measures to protect your personal data in transit.
    Where possible however, we would try to arrange that you are contracted directly with the 3rd party, for example where you use Microsoft 365.

  • Your Employer

    We may share information about you with your employer as part of our Contracted services or where there is appropriate and reasonable interest to do so, such as using their IT equipment correctly and legally.

How long do we keep your information for?

The length of time for which we will retain your data is worked out with reference to a number of factors, for example our purpose for collecting the information in the first place, and the legal obligations that we have.

Your personal data should not be held for longer than is required under the terms of our contract for services with you. We are subject to regulatory requirements to retain data for specified minimum periods. In addition we are obliged to treat our customers fairly in the event of a future complaint and therefore reserve the right to retain data for longer than these specified minimum periods in order to allow us to investigate such complaints and, if necessary, defend a future claim against us.

We will therefore keep your personal information securely for as long as we need to for the purpose of providing you with technical services under the terms of our service agreement (contract) or for as long as we are required to by relevant regulations in accordance with our data retention policy.

Where we are no longer providing you with services under our service agreement we will, ordinarily, not retain personal data for longer than:

  • 6 years after your relationship with us ends*
  • 6 years after any contracts we arranged for you have matured / expired*

unless we are required to do so for the regulatory reasons stated above. We will regularly review our legal and regulatory obligations and our need to keep your personal information.

It is our hope that, where we are no longer providing you with services under our service agreement, and that you send us confirmation in writing, and can show that there is no legal reason to keep any data, then we would delete that data:

  • within 3 months.

We would not aim to remove all your data from any Backups of data we have taken, as this would add unncessary burdon to the deletion process, unless you wish to pay for this additional service.

Backup data would naturally remove itself from our backup process as backup media, devices and file systems are gradually overwritten. This is because Once main line data is deleted, it would not longer be backed up, and hence as retention periods are passed, data is naturally removed.

* whichever is the latest

What rights do you have over the personal information we hold?

You have rights over the information that we hold on you. Some of these rights will be newly enforceable under the General Data Protection Regulation (GDPR) on 25th of May, 2018.

The UK has chosen to abide by the GDPR after our exit from the European Union. If you would like to exercise these rights, please contact us using the contact details listed at the end of this policy notice.

Under the GDPR, you have the right to:

  • Access any personal information that we hold about you, which must be provided in a portable electronic format. (Where we are not the Data Controller you should direct requests to the relevant Data Controller)
  • Correct any inaccuracies in the personal information that we hold about you (Where we are not the Data Controller you should direct requests to the relevant Data Controller)
  • Request that we stop sending you direct marketing communications

In particular situations, you have the right to:

  • Have your personal information removed from the systems we use (Where we are not the Data Controller you should direct requests to the relevant Data Controller)
  • Change and restrict the way that we process your personal data (Where we are not the Data Controller you should direct requests to the relevant Data Controller)
  • Receive a copy of your personal data in an electronic data file (Where we are not the Data Controller you should direct requests to the relevant Data Controller)
  • Object to processing of your personal data by us (Where we are not the Data Controller you should direct requests to the relevant Data Controller)
  • Right to withdraw consent: Where you have given us your consent to use personal information, you can withdraw your consent at any time.

The above rights relate to where we are the Data Controller and are able to comply with GDPR.

Where we are the Data Processor, you should contact the relevant Data Controller so that they can comply with your rights.

If you have concerns about the ways that we have processed or used your personal information, it is within your rights to complain to the Information Commissioner’s Office (ICO). More details on this subject can be found on the ICO’s website and detailed below.


From time to time, we may want to send you information about our services which may be of interest to you. This would be in a business context and relevant to your role, position or situation within your Company.
If you have agreed to receive marketing information, you may opt out at a later date.

You have a right at any time to stop us from contacting you for marketing purposes. If you no longer wish to be contacted for marketing purposes, please contact us by email or post at the addresses shown below (“How to contact us”).

Information about our use of cookies

A cookie is a small file (typically letters and numbers) which may be placed on your computer when you access our website. A cookie cannot read your computer’s hard disk or make any information available to third parties.

Through the cookie we can recognise your computer and browsing activity if you return to the website, allowing us to provide you with a better service.

  • We also track user traffic patterns in order to determine the effectiveness of our website, and to contact visitors, and to try to identify which businesses visit our site.
  • We also use cookies to track visitor use of the website and to compile statistical reports on website activity.
  • We use cookies to allow our website to recognise when you return to our site (which helps us to optimise your visits) and cookies to track the length of each visit.
  • We use Google Analytics which allows us to collect information about how you use our site. If you access our website directly (and not via an email) you’re visits will be tracked anonymously.
  • We use Google Analytics to understand how our website is being used in order to improve the experience for you. All user data is anonymous.
  • We use a product called Lead Forensics that gives us greater detail on businesses that use and access our websites. We use other specific cookies for this element.

For further information visit

We use social buttons such as Twitter, Google, Facebook and LinkedIn to share or bookmark pages on our site or email updates. Those sites may collect information about your internet activity, including if your visit to our site (even if you don’t click on the button if you’re logged on to their site).
You should check the privacy and cookies policy of each of these sites to see how they use your information and find out how to opt out and delete such information.

You are able to manage cookies...
For more information click here. If you want to block all cookies all of the time you can set your computer preferences to do so.
However, if you are a registered user of Basic's Online applications as, you will need to allow “per-session” cookies in order to access password-protected sites.
You can set your browser not to accept cookies and the above website tells you how to remove cookies from your browser.
However in a few cases some of our website features may not function as a result. We reserve the right to continue charging for our services and applications, where you change your browser settings so that the our site no longer works correctly and you ignore our advice.

Our main website does not require you to input personal data to use it.

You may however volunteer personal data such as your name and email address to request information, updates and our services. That information is required to deal with your query appropriately. applications are our line of business applications where it is likely that you will input more detail, compared to our general Company website. This will be in order to use one of our application, as part of a business process followed / used by one of our Customers. In this case, you would need to discuss data input, cookies and your rights with that Business, as they would be the Data Controller for that application.

More details can be found about our website Privacy Policy here.

Other websites

Our website contains links to other websites. This Privacy Notice only applies to this website so when you link to other websites you should read their own privacy policies.

What can you do if you are unhappy with how your personal data is processed?

You have a right to lodge a complaint with the supervisory authority for data protection. In the UK
this is:

Information Commissioner's Office
Wycliffe House Water Lane Wilmslow Cheshire

0303 123 1113

Changes to our privacy policy

We keep our privacy policy under regular review and we will place any updates on this web page to inform you of any changes when they occur. This privacy notice was last updated on 15/06/2018.

How to contact us

Please contact us if you have any questions about our privacy policy or information we hold about you:

by email at

Or write to us at
Basic Business Systems Ltd
Brookside Road
NG11 6AT

partners logos
partners logos