0333 034 7560

Free Cyber Security Risk Assessment

Privacy Policy

Last updated: 16/06/2026

1. Introduction

Supere Limited (“Supere”, “we”, “us” or “our”) is a managed IT and cybersecurity services provider based in Nottingham, United Kingdom. We are committed to protecting and respecting your privacy and to handling personal data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

This Privacy Policy explains how we collect, use, store and protect personal data when you visit our website at supere.co.uk, enquire about or use our services, or otherwise interact with us.

Supere Limited is a company registered in England and Wales under company number 14589408, with its registered office at 5 Brookside Industrial Units Northwood Street, Stapleford, Nottingham, England, NG9 8HQ.

We are registered with the Information Commissioner’s Office (ICO) under registration number ZB555278.

2. Our role: when we are a controller and when we are a processor

Because of the nature of our services, our role under data protection law depends on the context:

  • As a data controller, we determine how and why personal data is processed in relation to our website visitors, prospective clients, marketing contacts, and the individuals we deal with when administering our client relationships (for example, a client’s named contacts and authorised users). This Privacy Policy governs that processing.
  • As a data processor, when we deliver managed IT and cybersecurity services we process personal data held within our clients’ own systems and environments (for example, within a client’s Microsoft 365 tenant, devices or applications) strictly on that client’s documented instructions. In those cases the client is the data controller, and our processing of that data is governed by the services agreement and Data Processing Addendum (DPA) in place with that client, not by this Privacy Policy. If you are an employee or contact of one of our clients and have questions about how your data is handled, please contact your own organisation in the first instance.

3. The personal data we collect

Depending on how you interact with us, we may collect and process the following categories of personal data:

  • Identity and contact data: name, job title, employer or organisation, email address, telephone number and postal/business address.
  • Enquiry and assessment data: information you provide through our contact forms, our Cyber Security Risk Assessment (CSRA), booking requests, resource downloads and other tools on our website.
  • Communications data: the content of emails, calls, messages and support tickets exchanged with us.
  • Technical and usage data: IP address, browser type and version, device information, operating system, referral source, and details of how you use our website, collected via cookies and similar technologies.
  • Contractual and billing data: for clients, the information needed to administer our agreement, including billing contacts and payment information. We do not store full card details; payments are handled by our payment providers.

We do not intentionally collect special category data (such as health, ethnicity or political opinions) through our website, and we ask that you do not submit such information through our forms.

4. How we collect your data

We collect personal data:

  • Directly from you, when you complete a form, request or complete a CSRA, book a call, download a resource, email or call us, or enter into a contract with us.
  • Automatically, through cookies and similar technologies when you use our website.
  • From third parties and public sources, such as referrals, and publicly available business information (for example Companies House or professional networks such as LinkedIn) used for legitimate B2B outreach.

5. Why we use your data and our lawful bases

We process personal data only where we have a lawful basis to do so. Our bases are:

  • Performance of a contract – to provide and manage our services, fulfil our obligations to clients, and administer accounts and billing.
  • Legitimate interests – to respond to enquiries, carry out B2B marketing to relevant business contacts, maintain the security of our systems and our clients’ systems, and to operate and improve our business and website. Where we rely on legitimate interests we balance those interests against your rights.
  • Consent – where required, for example for certain marketing communications and for non-essential cookies. You may withdraw consent at any time.
  • Legal obligation – to comply with our legal and regulatory duties, including tax, accounting and other statutory requirements.

6. Marketing communications

We may send you information about our services where you are an existing client or business contact, or where you have otherwise consented. Our marketing is directed at businesses rather than consumers. You can opt out of marketing at any time by using the unsubscribe link in any email or by contacting us at [email protected]. Opting out of marketing does not affect service-related communications that we need to send you as part of a contract.

7. Who we share your data with

We do not sell your personal data. We share it only where necessary, with:

  • Service providers and sub-processors that help us run our business and deliver our services. These include Microsoft for productivity and cloud services, together with providers of security monitoring, customer relationship management and marketing, website hosting, content delivery, and website analytics.
  • Professional advisors such as accountants, auditors and legal advisors.
  • Payment processors for handling client billing.
  • Authorities and third parties where we are required to do so by law, or to protect our rights, property or safety, or those of our clients.

We engage all processors under contractual terms requiring them to protect personal data and to process it only on our instructions. A current list of the sub-processors we use is available to clients on request.

8. International data transfers

Some of our service providers are based outside the United Kingdom, including in the United States. Where personal data is transferred outside the UK, we ensure an appropriate safeguard is in place, such as UK adequacy regulations, the UK Extension to the EU–US Data Privacy Framework, or the International Data Transfer Agreement (IDTA) or Standard Contractual Clauses with the relevant additional safeguards.

9. How long we keep your data

We keep personal data only for as long as necessary for the purposes for which it was collected:

  • Client and contract data is retained for the duration of our relationship and for as long afterwards as needed to meet legal, accounting or regulatory requirements (financial records are typically retained for at least six years).
  • Prospect and marketing data is reviewed periodically and removed when it is no longer relevant or when you ask us to stop contacting you.
  • Website and technical data is retained in line with the relevant cookie and analytics provider settings.

When data is no longer required, we securely delete or anonymise it.

10. How we protect your data

As a cybersecurity provider, security is central to how we operate. We hold Cyber Essentials Plus certification and apply CREST-aligned practices. We maintain appropriate technical and organisational measures to protect personal data, including access controls, multi-factor authentication, encryption, endpoint detection and response, continuous monitoring, secure configuration and ongoing staff training. While no system can be guaranteed completely secure, we take the protection of personal data seriously and continually review our controls.

11. Your rights

Under UK data protection law you have the right to:

  • access the personal data we hold about you;
  • request correction of inaccurate or incomplete data;
  • request erasure of your data in certain circumstances;
  • restrict or object to our processing of your data;
  • request the transfer of your data (data portability);
  • withdraw consent where we rely on it; and
  • not be subject to decisions based solely on automated processing where those decisions have legal or similarly significant effects.

To exercise any of these rights, contact us at [email protected]. We will respond within one month. There is normally no charge, although we may charge a reasonable fee or refuse a request that is clearly unfounded or excessive.

If you are an individual whose data we process on behalf of one of our clients, please direct your request to that client, who is the controller of your data.

12. Cookies

Our website uses cookies and similar technologies to make the site work, to understand how it is used, and to improve it. Non-essential cookies, including analytics cookies, are only set where you have given consent through our cookie banner. You can manage or withdraw your cookie preferences at any time through the cookie controls on our website or through your browser settings.

13. Data breaches

We have procedures in place to detect, report and investigate personal data breaches. Where a breach is likely to result in a risk to individuals’ rights and freedoms, we will notify the ICO within 72 hours where required, and will inform affected individuals where there is a high risk to them.

14. Children

Our website and services are intended for businesses and are not directed at children. We do not knowingly collect personal data relating to children.

15. Changes to this policy

We may update this Privacy Policy from time to time. The current version is always indicated by the “Last updated” date at the top of this page. Where changes are material, we will take reasonable steps to bring them to your attention.

16. How to contact us and how to complain

If you have any questions about this Privacy Policy or how we handle your personal data, please contact us:

Supere Limited 5 Brookside Industrial Units Northwood Street, Stapleford, Nottingham, England, NG9 8HQ Email: [email protected]

If you are unhappy with how we have handled your personal data, you have the right to complain to the Information Commissioner’s Office (ICO):

Information Commissioner’s Office Website: ico.org.uk Helpline: 0303 123 1113

We would, however, appreciate the opportunity to address your concerns before you approach the ICO, so please do contact us first.

Book your free Cyber Security Risk Assessment