DFSmarTech
DFSmarTech
DFSmarTech

DFSmartTech Privacy Policy

Last Updated: August 27, 2025

Who we are: DFSmartTech (“DFSmartTech”, “we”, “us”, “our”)

We respect your privacy. This Privacy Policy explains what personal data we collect, how we use it, who we share it with, how long we keep it, and your rights.

We comply with the UK GDPR and the Data Protection Act 2018. Where we serve individuals in the EEA, we also comply with the EU GDPR.

This policy covers our public website, communications, and the delivery of our professional services. When we process personal data on behalf of our clients (for example, data inside a client’s system), we act as a processor and our processing is governed by a separate Data Processing Addendum (DPA) with that client.

 

1) Data we collect

A. Information you provide directly

  • Contact details: name, email, phone, company, role, message (e.g., via contact forms, quote requests).

  • Account / project information: statements of work, technical specs, credentials you choose to share, support tickets.

  • Marketing preferences: newsletter sign-ups, event registrations.

  • Recruitment data: CV/resume, cover letter, interview notes, right-to-work checks (where applicable).

  • Billing details (B2B): company address, purchase orders, VAT numbers; payment is usually handled via your company’s systems. If we use a payment processor, they process card data—we do not store full card numbers.

B. Information collected automatically

  • Usage & device data: IP address, browser type/version, device identifiers, pages viewed, time on page, referring/exit pages.

  • Cookies & similar tech: see Cookies section below.

C. Information from third parties

  • Referrals or introductions from partners/clients.

  • Public business sources (e.g., LinkedIn, Companies House) for B2B prospecting in accordance with the law.

We do not intentionally collect special category data (e.g., health, religion) via the website.

 

2) How we use your data (purposes & lawful bases)

We process personal data only where a lawful basis applies:

PurposeExamplesLawful basis
Provide & improve servicesRespond to enquiries, deliver projects, support, manage accountsContract (Art. 6(1)(b)); Legitimate interests
IT & securityMaintain hosting, prevent fraud/abuse, logs/backups, incident responseLegitimate interests; Legal obligation
Sales & marketingSend insights, invitations, or product news; manage preferencesConsent (for email/SMS to individuals); Legitimate interests for B2B where permitted; you can opt-out anytime
AnalyticsUnderstand content performance and improve UXConsent (for non-essential cookies)
RecruitmentProcess applications and assess candidatesLegitimate interests; Legal obligation
ComplianceRecord-keeping, tax, contractual, regulatory requestsLegal obligation

You can withdraw consent at any time (this won’t affect processing already carried out).

 

3) Cookies and similar technologies

We use cookies/pixels to:

  • Run the site (strictly necessary)

  • Remember preferences (functional)

  • Measure performance (analytics)

  • Support campaigns (advertising/retargeting)

Non-essential cookies run only with your consent. You can change preferences anytime via our cookie banner or your browser settings.

 

4) When we act as processor

For client projects (e.g., software builds, integrations, marketing automations), we may process personal data stored in client systems only under the client’s instructions. In those cases, the client is the controller and our DPA applies (security, confidentiality, sub-processor controls, international transfer safeguards, breach notice).

 

5) Sharing your data

We never sell personal data. We may share limited data with:

  • Service providers / processors: hosting & cloud (e.g., AWS/Azure/GCP), email & productivity (e.g., Microsoft 365/Google Workspace), analytics, CRM/marketing platforms (e.g., HubSpot/Mailchimp), project & ticket tools (e.g., Jira, Zendesk), payment processors (e.g., Stripe), security & monitoring.

  • Professional advisers: legal, accounting, insurance, auditors (under duty of confidentiality).

  • Authorities: where required by law or to defend legal claims.

  • Business transfers: in a merger, acquisition, or reorganisation, in accordance with the law.

We ensure processors provide appropriate contractual and technical safeguards.

 

6) International transfers

Your data may be processed outside the UK/EEA. Where we transfer data internationally, we use approved safeguards, such as:

  • UK IDTA / EU Standard Contractual Clauses (with the UK Addendum where needed)

  • Transfer Impact Assessments

  • Additional security (encryption, access controls)

 

7) Security

We use administrative, technical, and organisational measures, including:

  • Encryption in transit, hardened cloud environments

  • Access control (least privilege, MFA), logging & monitoring

  • Secure development & change control, vulnerability management

  • Vendor due diligence and confidentiality agreements

  • Incident/breach response procedures

No method is 100% secure, but we work to protect your data continuously.

 

8) Retention

We keep data only as long as necessary for the purpose collected, then delete or anonymise it.

Typical retention periods (guidance):

  • Enquiry/lead data: 24 months from last contact

  • Contract/project records: 6–7 years (tax/audit)

  • Support logs: 12–24 months

  • Marketing lists: until you unsubscribe or after prolonged inactivity

  • Job applicants: 12 months (unless you consent to a talent pool)

  • Cookies/analytics: per tool/vendor settings and your consent choices

 

9) Your rights

Subject to law, you can:

  • Access a copy of your personal data

  • Rectify inaccurate or incomplete data

  • Erase data (right to be forgotten)

  • Restrict or object to processing (especially direct marketing)

  • Portability (receive data in a usable format)

  • Withdraw consent at any time

  • Lodge a complaint with the UK ICO (ico.org.uk) or your local authority

To exercise rights, email [email protected]. We’ll respond within one month (or explain if more time is needed for complex requests).

 

10) Children

Our site and services are not directed to children under 13. Do not submit children’s data. If we learn we’ve collected it, we’ll delete it.

 

11) Third-party links

Our site may link to third-party websites or services. Their privacy practices are their own—please review those policies. We are not responsible for third-party content or practices.

 

12) Direct marketing

  • Email marketing to individuals occurs only with consent.

  • For B2B contacts, we may rely on legitimate interests where permitted, and we always provide an opt-out.

  • Every marketing email includes an unsubscribe link or you can email [email protected].

 

13) Changes to this policy

We may update this Privacy Policy from time to time. We’ll post the new version with an updated effective date and, where appropriate, notify you through the site or by email.

 

14) Contact us

Questions or requests about privacy?
Email: [email protected]
Address: 71 Shelton Str, Covent Garden, WC2H 9JQ, London, United Kingdom
Contact form: https://dfsmarttech.com/#contact