Sapphire Privacy Policy
Last updated: 29 May 2026
​
1. Who We Are
Sapphire Technologies Ltd ("Sapphire", "We", "Our", or "Us") is a technology company providing digital, cloud and managed technology services.
-
Company number: 03183935.
-
Registered office: The Cube, Barrack Road, Newcastle Upon Tyne, NE4 6DB, United Kingdom.
-
Principal office: Sapphire, The Ink Building, 24 Douglas Street, Glasgow, G2 7NQ.
-
Privacy contact: dpo@sapphire.net.
When We refer to "Sapphire", "We", or "Us" in this Policy, We mean Sapphire Technologies Ltd acting as the controller of Your personal data, which will depend on the context in which Your data is collected.
​
2. Scope
This Privacy Policy explains how We collect, use, share, and protect Your personal data when You:
-
Visit Our website(s)
-
Use Our products and services
-
Interact with Us as a customer, prospective customer, supplier, or other business contact
This Policy applies to Sapphire Technologies Ltd. For information about how We handle personal data of job applicants, candidates, workers and employees, We may provide separate privacy information where appropriate.
​
3. Personal Data We Collect
Depending on Your relationship with Us, We may collect and process the following categories of personal data:
4. How We Collect Your Data
We collect personal data through:
• Directly from You - website forms, account registration, service agreements, correspondence, and support requests
• From Your use of Our services - automatically through logs, portals and technical systems
• From third parties - business partners, compliance screening providers, publicly available sources, and other organisations involved in the services We provide
5. Purposes and Legal Basis for Processing
We process Your personal data for the following purposes, relying on the corresponding legal bases under applicable laws and regulations and, in particular, the UK GDPR, EU GDPR, the Data Protection Act 2018 and other applicable laws:
​
Where We rely solely on consent, You may withdraw it at any time by contacting Us at dpo@sapphire.net. Withdrawal does not affect the lawfulness of processing carried out before withdrawal.
6. How We Share Your Data
We may share Your personal data with the following categories of recipients:
• Service providers and processors - third parties who assist Us in operating Our business, such as cloud hosting, payment processing, analytics, communications and customer support, under contractual obligations of confidentiality and data protection
• Professional advisers - lawyers, accountants, auditors, insurers and other advisers
• Regulatory and public authorities - where required by law, regulation, court order or governmental request
• Business transaction parties - in connection with any merger, acquisition, reorganisation or sale of assets, subject to confidentiality obligations
We require all third-party recipients to process personal data only on Our instructions where they act as processors and to implement appropriate security measures.
7. Sub-processors
We may engage trusted third-party sub-processors to help deliver aspects of Our services. These sub-processors process personal data only on Our documented instructions and are bound by contractual obligations equivalent to those We owe under applicable data protection laws.
Sapphire should maintain an up-to-date internal list of sub-processors, including the services they provide and their processing locations, and make this available to customers where contractually required.
8. Cookies and Similar Technologies
When You visit Our website, We use cookies and similar technologies to ensure the website functions correctly, analyse website usage and performance, and, where used, deliver relevant content and communications. You can manage Your cookie preferences through Your browser settings or through Our cookie consent mechanism on the website.
To comply with the UK GDPR, EU GDPR, the Data (Use and Access) Act 2025 where applicable, and PECR, Sapphire should maintain a clear cookie notice, identify each cookie or similar technology by purpose and duration, obtain consent before setting non-essential cookies, allow users to accept or reject non-essential cookies with equal ease, record consent choices, and enable users to withdraw consent at any time. Strictly necessary cookies may be used without consent where they are genuinely required to provide the requested service or maintain essential website functionality.
​
9. International Data Transfers
Sapphire operates in the United Kingdom and the European Union. Your personal data may be transferred to, and processed in, the United Kingdom and countries within the European Economic Area. Where We transfer personal data outside the UK or EEA, We ensure appropriate safeguards are in place, including adequacy determinations, the EU Standard Contractual Clauses, the UK International Data Transfer Agreement, the UK Addendum to the EU Standard Contractual Clauses, or another lawful transfer mechanism where required.
10. Data Retention
We retain Your personal data only for as long as necessary to fulfil the purposes for which it was collected, including to satisfy legal, regulatory, tax, accounting, or reporting requirements.
Retention periods are determined by applicable legal and regulatory requirements, operational necessity, contractual requirements, and the principles of data minimisation and storage limitation. When personal data is no longer required, it is securely deleted, anonymised, or otherwise put beyond use. Where data is retained solely for legal compliance beyond its original purpose, access is restricted to the minimum necessary personnel.
11. Your Rights
Under the GDPR, UK Data Protection Act 2018, UK GDPR and other applicable privacy and data protection laws, You have a number of rights with regard to Your personal data. These include:
To exercise any of these rights, please email dpo@sapphire.net. We will respond within one month of receiving Your request. This period may be extended by a further two months where requests are complex or numerous, in which case We will inform You of the extension and the reasons for it within the first month.
We may ask You to verify Your identity before acting on a request. There is no fee for exercising Your rights, except where requests are manifestly unfounded or excessive, in which case We may charge a reasonable fee or refuse to act.
12. Right to Complain
If You are not satisfied with how We handle Your personal data or respond to Your requests, You have the right to lodge a complaint with Your local data protection authority. If You are based in the UK, You may contact the Information Commissioner's Office.
We would appreciate the opportunity to address Your concerns before You contact a supervisory authority. Please reach out to Us at dpo@sapphire.net in the first instance.
13. Data Security
We implement appropriate technical and organisational measures designed to protect personal data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure or access. These measures are designed having regard to the nature of the personal data and the risks involved in the processing. However, no method of transmission over the internet or electronic storage is completely secure, and We cannot guarantee absolute security.
14. Additional Disclosures
Where required by local law, Sapphire may provide additional privacy disclosures to individuals in specific jurisdictions. These disclosures will supplement this Privacy Policy and will apply only to the extent required by applicable law.
15. Artificial Intelligence
Where We deploy or integrate artificial intelligence systems in connection with Our services, We do so in accordance with applicable laws. We are committed to transparency regarding the use of artificial intelligence and will inform You where such systems interact with You or process Your personal data in a manner that requires disclosure. For questions about Our use of artificial intelligence, please contact dpo@sapphire.net.
16. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. When We make material changes, We will notify You by posting the updated Policy on Our website with a revised "Last updated" date. We will not use Your personal data in any new ways without informing You or, where applicable, asking for Your consent.
We encourage You to review this Privacy Policy periodically.
17. Contact Us
If You have any questions, concerns, or requests relating to this Privacy Policy or Our data protection practices, please contact Us at dpo@sapphire.net or write to Sapphire Technologies Ltd, The Ink Building, 24 Douglas Street, Glasgow, G2 7NQ, United Kingdom.