Privacy Policy

Last updated: 11 September 2025

This Privacy Policy sets out how Medhurst Communications Ltd uses and protects any information that we collect about you to enable us to provide you with our services.

Medhurst is committed to ensuring that your privacy is protected. Should we ask you to provide certain information by which you can be identified, you can be assured that it will only be used in accordance with this privacy statement. To support our commitment to data protection, we are compliant and certified to the ISO 27001:2022 Information Security Standard.

What information we collect

We only collect your information for the purposes of providing our services to you. We may collect:

• Your name and occupation
• Your landline and mobile telephone number
• Your postal address
• Your email address
• Other information relevant to customer offers or surveys
• Bank details for Direct Debit collection or refund of monies owed to you
• If you visit our premises, our CCTV system may capture images of you

We do not collect information relating to children aged 13 or under. We may indirectly collect, within encrypted back-ups, other information such as photos, videos, special category data, personal telephone numbers, and date of birth.

How we use the information we collect

We require your information to facilitate, process and maintain the services we provide, to inform you of our range of services, and to help understand your needs. We may use it to contact you about the services we provide, provide relevant documentation such as quotations, contracts and invoices, send advisory notices such as service maintenance, improve our services, send promotional information about new services and events, conduct market research, and customise the website according to your interests.

Securing your personal information

• Appropriate physical security is in place at all locations where information is held.
• Electronic information is held securely on our servers, PCs and mobile devices, protected by complex passwords, biometric methods, and Multi-Factor Authentication where available.
• Electronic information is backed up daily, both on-site and off-site, with a minimum retention period of 30 days. All back-ups are securely encrypted and use immutability technology.
• Any paper or manual information is kept in secure record-keeping systems.

Third-party data processors

We may use certain third-party data processors to collect, store and process personal information on our behalf, each with their own privacy policy. These include Microsoft, ConnectWise, ServiceNow, Webroot, The Access Group, Giacom, CommsCare, Westcoast, Sage, Veeam, Redstor, HPE, HP, Aruba, TalkTalk, Exclaimer, Moorepay, the British Assessment Bureau, Hugh Symons AV, and Drift IT, among others.

Sharing your personal information

• We may share your information with our professional advisors or insurers where reasonable and necessary for managing disputes or risks, obtaining advice, or maintaining insurance.
• We may share your information with suppliers where it is reasonable for them to need it to provide goods or services.
• We may share your information with any organisation in our group of companies where reasonably necessary for the purposes in this policy.
• We will share your information with regulatory or legal entities where required by UK law.

Retaining your personal information

We retain your personal information for as long as is reasonably necessary for the processing, delivery and legality of any services or products provided to you, and for longer where needed to comply with legal requirements or to manage any ongoing dispute.

Controlling your personal information

• If you previously agreed to us using your information for direct marketing, you may change your mind at any time by writing to us or emailing optin@medhurst-it.com.
• We will not sell, distribute or lease your personal information to third parties unless we have your permission or are required by law.
• You may request details of the personal information we hold, or its removal under UK GDPR, by emailing privacy@medhurst-it.com.
• If you believe any information we hold is incorrect or incomplete, please contact us and we will correct it promptly.
• Data held on encrypted back-ups, including CCTV images, is not removed manually on request; it ceases to be held when the deletion date exceeds the back-up retention period.

Your rights under UK GDPR

The UK General Data Protection Regulation sets out your rights to your personal information: the right to be informed, the right of access, the right to rectification, the right to erasure, the right to restrict processing, the right to data portability, and the right to object.

Our website and cookies

Our website does not currently make use of cookies, and therefore we do not collect personal information about you from our website. Where cookies are used in future, you can choose to accept or decline them through your browser settings.

Links to other websites

Our website may contain links to other websites of interest. Once you leave our site we have no control over those websites, and we cannot be responsible for the protection and privacy of any information you provide there.

Changes to our Privacy Policy

Medhurst may change this policy from time to time. Please check our website for the latest version. This policy is effective from 25 April 2023.

How to contact us

Information Security Manager, Medhurst Communications Ltd, 17 Brunel Way, Segensworth, Fareham, Hampshire, PO15 5TX. Email: privacy@medhurst-it.com.

Medhurst Communications Ltd is registered with the Information Commissioner’s Office (ICO), registration reference ZA327006.