Privacy Policy
Last updated: 13 May 2026
1. Who We Are
ECS Systems Ltd ("we","us","our") is a company registered in England and Wales. We are one of the UK's largest Salto Platinum Partners, specialising in the supply and commissioning of Salto access control solutions. This privacy policy explains how we collect, use, and protect your personal data when you use our online store at salto.ecssystems.co.uk (the"Platform").
Data Controller: ECS Systems Ltd, 75 Station Road, Sidcup, DA15 7DN, United Kingdom
Contact: [email protected]
2. What Data We Collect
We collect the following categories of personal data:
| Category | Data | Purpose |
|---|---|---|
| Identity | Name, company name, job title | Account management, order processing |
| Contact | Email address, phone number | Order updates, account communications |
| Financial | Company registration number, VAT number | Credit account applications, invoicing |
| Transaction | Order history, payment references | Order fulfilment, customer service |
| Technical | IP address, browser type, cookies | Security, site functionality, analytics |
Payment card details are never stored on our servers. All payment processing is handled securely by Stripe, our PCI-DSS compliant payment processor.
3. How We Use Your Data
We process your personal data on the following lawful bases under the UK GDPR:
- Contract performance: To process your orders, manage your account, and deliver products.
- Legitimate interest: To improve our platform, prevent fraud, and provide customer support.
- Legal obligation: To comply with tax, accounting, and regulatory requirements.
- Consent: For optional analytics and marketing cookies (which you can manage at any time).
4. Data Sharing
We share your data only with the following categories of recipients:
- Stripe: Payment processing (PCI-DSS Level 1 certified).
- SimPro: Our job management system for order processing and fulfilment.
- CreditSafe: Credit reference checks for trade account applications (with your consent).
- Delivery partners: To fulfil product deliveries.
We do not sell your personal data to third parties.
5. Data Retention
We retain your personal data for as long as necessary to fulfil the purposes for which it was collected. Specifically:
- Order history and transaction records: 7 years from the date of the transaction, as required by HMRC for tax and accounting purposes.
- Account data: For the duration of your account, plus 2 years after account closure.
- Credit application data: 7 years from the date of application.
- Password reset tokens: Automatically deleted after use or expiry (1 hour).
- Session data: Automatically cleared on logout or after 1 year of inactivity.
6. Cookies
We use the following types of cookies:
- Essential cookies: Required for the site to function (authentication, shopping cart, security). These cannot be disabled.
- Analytics cookies: Help us understand how visitors use the site. Optional — you can manage these via the cookie banner.
- Marketing cookies: Used to deliver relevant content. Optional — you can manage these via the cookie banner.
You can change your cookie preferences at any time by clearing your browser's local storage and revisiting the site.
7. Your Rights
Under the UK GDPR, you have the following rights:
- Right of access: Request a copy of the personal data we hold about you.
- Right to rectification: Request correction of inaccurate data.
- Right to erasure: Request deletion of your data (subject to legal retention requirements).
- Right to restrict processing: Request that we limit how we use your data.
- Right to data portability: Request your data in a machine-readable format.
- Right to object: Object to processing based on legitimate interests.
To exercise any of these rights, please contact us at [email protected]. We will respond within 30 days.
8. Security
We take the security of your data seriously. We implement appropriate technical and organisational measures including encrypted connections (HTTPS/TLS), secure password hashing (bcrypt), rate limiting on authentication endpoints, Content Security Policy headers, and regular security reviews. Payment processing is handled entirely by Stripe's PCI-DSS Level 1 certified infrastructure.
9. Changes to This Policy
We may update this privacy policy from time to time. Any changes will be posted on this page with an updated"Last updated" date. We encourage you to review this page periodically.
10. Contact & Complaints
If you have any questions about this privacy policy or wish to make a complaint, please contact us at [email protected].
You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.