Privacy Policy

1. Introduction

ER Information Systems Limited (“we”, “our”, “us”) is committed to protecting the privacy and security of personal data relating to our clients, suppliers, website users and other individuals. For the purposes of applicable data protection law, we are the data controller of your personal data unless otherwise stated. In some circumstances, we act as a data processor on behalf of our clients, who remain the data controller, for example when we provide managed IT services, administer cloud platforms, or deliver technical support.

Company Registration Number: 4282723 registered in England and Wales
ICO Registration Number: ZB132310

This Privacy Policy explains how we collect, use, store and protect your personal data when you interact with us, use our services or visit our website, including where we use trusted third-party providers to support service delivery.

It also explains your rights in relation to your personal data and how you can contact us.

2. What Information We Collect

We may collect and process the following categories of personal data:

2.1 Information you provide directly

  • name, title, company name
  • email address, telephone number, postal address
  • communications (emails, messages, enquiries)
  • account and service-related information

2.2 Information collected automatically

  • IP address
  • browser type and version
  • operating system
  • pages visited and usage data
  • device and session data

2.3 Transaction and service data

  • details of services purchased
  • records of correspondence
  • customer support interactions

2.4 Marketing and preferences

  • consent records
  • communication preferences

We do not collect special category (sensitive) personal data.

3. How We Use Your Information

We process your personal data for the following purposes:

  • to provide and manage our services
  • to fulfil contractual obligations
  • to manage customer relationships and accounts
  • to respond to enquiries and provide support
  • to improve our website, services and user experience
  • to carry out internal analysis and security monitoring
  • to send marketing communications (where consent is given)
  • to comply with legal and regulatory obligations

We do not sell your personal data to third parties.

4. Legal Basis for Processing

We rely on the following legal bases under UK GDPR:

  • Contractual necessity – to deliver services to you
  • Legitimate interests – to operate and improve our business
  • Consent – for marketing communications and certain cookies
  • Legal obligation – to comply with applicable laws

5. Data Sharing and Third Parties

We may share your personal data with:

  • trusted business partners and subcontractors
  • professional advisers
  • regulatory or legal authorities where required

5.1 Infrastructure providers

We use third-party providers to host and deliver our services, including:

  • Hosting Platform Provider – provides hosting infrastructure and related services
  • Data Centre Operator – provides physical data centre facilities

These providers act as data processors and only process personal data on our instructions.

We ensure all such providers implement appropriate security and confidentiality measures.

5.2 Service delivery platforms and partners

In order to deliver our IT services, we may process personal data using third-party platforms and partners, including:

  • cloud productivity and infrastructure platforms (such as Microsoft 365 and Microsoft Azure)
  • practice management, helpdesk ticketing and service delivery systems (such as Autotask PSA)
  • remote monitoring and management tools (such as Datto RMM)
  • backup and disaster recovery platforms (such as MSP360 and CloudAlly)
  • security and endpoint protection systems (such as Vipre and Bitdefender)
  • technology distributors and vendors involved in procuring and supporting services (such as Giacom and Pax8)
  • professional advisers, including legal, financial and auditing services

These providers may process personal data on our behalf or on behalf of our clients, depending on the nature of the service being delivered.

Where we act on behalf of our clients, we do so as a data processor and such providers may act as sub-processors.

We ensure that all such providers are subject to appropriate contractual, security and data protection obligations in accordance with applicable data protection laws.

A list of partners relevant to the services we provide to you is available on request.

6. Data Storage and Transfers

Your personal data is primarily stored within the United Kingdom and the European Economic Area (EEA).

Where data is transferred outside these regions, we ensure appropriate safeguards are in place in accordance with UK GDPR, including, where appropriate, the use of UK-approved standard contractual clauses or equivalent safeguards.

7. Data Retention

We retain personal data only as long as necessary, including:

  • contractual and service data – for the duration of the relationship
  • financial records – minimum 6 years (legal requirement)
  • technical logs – retained for limited operational periods
  • backup data – retained securely for defined periods

Where possible, data is anonymised or securely deleted after retention periods expire.

8. Data Security

We implement appropriate technical and organisational measures to protect personal data, including:

  • secure hosting infrastructure
  • access controls and authentication
  • monitoring and logging
  • encryption where appropriate

While we take all reasonable precautions, data transmission over the Internet cannot be guaranteed to be completely secure. We regularly review our security measures to ensure they remain effective.

9. Your Rights

Under UK GDPR, you have the right to:

  • access your personal data
  • correct inaccurate or incomplete data
  • request deletion of your data
  • restrict or object to processing
  • withdraw consent at any time
  • request data portability
  • lodge a complaint with the Information Commissioner’s Office (ICO)

To exercise your rights, contact: sar@erisystems.com.

10. Cookies

We use cookies to enhance your experience, analyse website usage, and support certain functionality and marketing activities. Where required, we will obtain your consent before placing non-essential cookies on your device.

For full details of the cookies we use, including how to manage your preferences and withdraw consent, please see our Cookie Policy.

11. Third-Party Links

Our website may contain links to external websites. We are not responsible for their privacy policies and recommend reviewing them before submitting personal data.

12. International Infrastructure and Processing

Our Hosting Platform Provider and Data Centre Operator may process limited technical and infrastructure-related data, including system logs and usage data, strictly for the purposes of:

  • service delivery
  • security and fraud prevention
  • system performance and reliability

13. Changes to This Policy

We review this policy regularly and may update it from time to time. Updates will be published on this page.

14. Contact Us

If you have any questions about this policy or your personal data, please contact us:

Email: sar@erisystems.com

Post:
Privacy Team
ER Information Systems Ltd
SBC House, Restmor Way
Wallington, Surrey
SM6 7AH
United Kingdom

Last updated: March 2026

About us

Established for 20 years, ER Information Systems provides IT Support Services, proactive network monitoring, hardware, software, cloud services and strategic IT consultancy to clients throughout the UK and further afield.

ESG statement

We place a high value on environmental, social and governance issues. At ER Information Systems, we integrate sustainable practices into our operations ensuring long-term value and ethical management, with transparency and accountability.

WordPress Theme built by Shufflehound. Copyright © 2026 ER Information Systems Limited.   All Rights Reserved.    Website by Excell Design & Marketing