Privacy Notice

Notes on Data Processing

This Privacy Notice explains in detail how we process your personal data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. It applies when you visit our website, when you contact us, or when a business relationship exists or is being initiated.

1. Name and Contact Details of the Controller

SinoScan Ltd.
Unit 26 Fareham Innovation Center
Merlin House, 4 Meteor Way
Daedalus Drive
Lee-on-the Solent
Hampshire PO13 9FU
England
Email: sales@sinoscan.co.uk
Phone: +44 (0) 1329 553 888

If you have any questions regarding data protection or this privacy notice, please contact us at:
sales@sinoscan.co.uk.

2. Processing of Personal Data When Visiting Our Website

2.1 Processing of Browser Data (Server Log Files)

When you access our website, the browser used on your device automatically sends certain information to our server. This information is temporarily stored in so-called log files. The following data is collected automatically and stored until automatic deletion:

• • IP address of the requesting device
  • Date and time of access
  • Name and URL of the file accessed
  • Website from which the request originated (referrer URL)
  • Browser used and, where applicable, the operating system of your device
  • Name of your internet service provider

We process this data to ensure a stable connection to the website, to enable convenient use, to analyse system stability, and for general administrative purposes.

Legal basis: Art. 6(1)(f) UK GDPR (legitimate interests). Our legitimate interest follows from the purposes listed above. We do not use this data to draw conclusions about your identity.

Log file data is automatically deleted no later than seven days after collection.

2.2 Processing of Personal Data for Contact Purposes

You may contact us using the contact form provided on our website. To respond to your enquiry, we require a valid email address and your message. Without this information, we cannot process your enquiry.

You may also contact us directly via email or telephone. The data transmitted to us will be processed only to the extent necessary to respond to your enquiry or address your request. Providing this data is voluntary.

Legal basis:

• • Art. 6(1)(f) UK GDPR – our legitimate interest in responding to enquiries
  • If the contact concerns a potential contract or business relationship: Art. 6(1)(b) UK GDPR – pre-contractual measures

Data collected through the contact form is deleted once the request is resolved, or after three full calendar years at the latest, unless statutory retention periods require longer storage.

3. Processing of Personal Data in the Context of a Business Relationship

We process personal data that we receive from you during the initiation, performance, or termination of a business relationship. This includes names, job titles, telephone numbers, email addresses, and other relevant contact details of representatives and contact persons.

You are only required to provide personal data necessary for communication and for establishing, performing, or terminating a business relationship, or data we are legally required to collect.

Legal basis: Art. 6(1)(b) UK GDPR (performance of a contract).

Purpose: To communicate with our business partners, deliver our services, perform contractual obligations, and maintain documentation.

Retention: Data is stored for the duration of the business relationship and thereafter in accordance with statutory UK retention periods, typically:

• • 6 years for general business records
  • 10 years for accounting-relevant data
  • Additionally, civil law limitation periods (usually 3 years)

4. Disclosure of Data

We do not disclose your personal data to third parties unless one of the following applies:

• • You have given explicit consent (Art. 6(1)(a) UK GDPR)
  • Disclosure is necessary for establishing, exercising, or defending legal claims and no overriding legitimate interests oppose such disclosure (Art. 6(1)(f) UK GDPR)
  • We are legally obliged to disclose the data (Art. 6(1)(c) UK GDPR)
  • Disclosure is lawful and necessary for the performance of a contract (Art. 6(1)(b) UK GDPR)

Data may be transferred to:

• SinoScan Group companies, including entities located outside the UK
• External service providers, such as IT and cloud service providers, processors under contract
• Third-country providers including Google, Microsoft, Mailchimp, Hotjar

4.1 International Data Transfers

Some of our service providers operate outside the UK. Transfers may therefore involve:

• • EU/EEA countries, recognised under UK adequacy regulations
  • Canada, recognised under UK adequacy regulations
  • United States, where no adequacy regulation exists

For transfers to countries without adequacy regulations, we rely on:

• • UK International Data Transfer Agreements (IDTA)
  • UK Addendum to EU Standard Contractual Clauses (SCCs)
  • Additional organisational and technical security safeguards

5. Cookies and Third-Party Tools

5.1 Usercentrics Consent Management Platform

We use the Usercentrics Consent Management Platform (CMP) to obtain, store, and document cookie consent. A consent cookie is set to record your preferences and the status of your consent.

You may change your cookie preferences at any time via the cookie settings link on our website.

Legal basis:

• • Art. 6(1)(c) UK GDPR – compliance with legal obligations
  • Art. 6(1)(a) UK GDPR – your consent for non-essential cookies

5.2 Essential Cookies

Essential cookies are necessary for the technical operation and security of our website and cannot be deactivated via the consent tool. They enable basic functions such as page navigation, access to secure areas, and session management.

Legal basis: Art. 6(1)(f) UK GDPR (legitimate interests in providing a functional website).

5.3 Google Tag Manager

We use Google Tag Manager, a tag management system provided by Google. Google Tag Manager itself does not store personal data. It manages other tags and tools which may collect data depending on your consent settings within the Usercentrics CMP.

 

5.4 Google Analytics

With your consent, we use Google Analytics, a web analytics service, to analyse user behaviour and improve our website. Google Analytics uses cookies to collect information such as:

• • Pages visited and time spent on each page
  • Clicks and interactions with content
  • Browser and device information
  • Pseudonymised IP address

Full IP addresses are anonymised before storage. The data is stored for a period of 14 months and then automatically deleted.

You can withdraw your consent at any time via the cookie settings on our website.

Legal basis: Art. 6(1)(a) UK GDPR (your consent).

5.5 Hotjar

With your consent, we use Hotjar to analyse on-site behaviour such as click paths, scroll patterns, and heatmaps. The information collected helps us to understand how users interact with our website and to improve the user experience.

Wherever possible, data is anonymised or pseudonymised.

Legal basis: Art. 6(1)(a) UK GDPR (your consent).

5.6 Mailchimp (Newsletter Subscription)

If you subscribe to our newsletter, we process the personal data you provide (e.g., email address, name, company) in order to send you regular information about our products, services, and news.

For this purpose, we use Mailchimp (Intuit Inc., USA) as our email service provider. Personal data may be processed in the United States. We use UK-approved contractual safeguards and technical and organisational measures offered by Mailchimp.

You may withdraw your consent and unsubscribe from the newsletter at any time by clicking the unsubscribe link in any email or by contacting us directly.

Legal basis: Art. 6(1)(a) UK GDPR (your consent).

5.7 Microsoft Services

We use Microsoft services, for example for email hosting, cloud storage, and productivity tools. In doing so, personal data may be processed on Microsoft’s systems under data processing agreements that comply with UK GDPR requirements.

6. Your Rights Under UK GDPR

You have the following rights with regard to your personal data:

• • Right of access (Art. 15 UK GDPR) – to obtain confirmation as to whether personal data concerning you is processed and to receive a copy of this data.
  • Right to rectification (Art. 16 UK GDPR) – to request correction of inaccurate or incomplete personal data.
  • Right to erasure (Art. 17 UK GDPR) – to request deletion of your data, subject to legal or contractual retention obligations.
  • Right to restriction of processing (Art. 18 UK GDPR) – to restrict the processing of your data under certain conditions.
  • Right to data portability (Art. 20 UK GDPR) – to receive your data in a structured, commonly used, machine-readable format and to transmit it to another controller.
  • Right to object (Art. 21 UK GDPR) – to object to processing based on legitimate interests or to direct marketing.
  • Right to withdraw consent (Art. 7(3) UK GDPR) – to withdraw your consent at any time with effect for the future.
  • Right to lodge a complaint – with the Information Commissioner’s Office (ICO) if you believe that your data protection rights have been infringed.

To exercise any of these rights, please contact us at:
sales@sinoscan.co.uk.

Information Commissioner’s Office (ICO):
Website: https://ico.org.uk
Phone: +44 303 123 1113

7. Right to Object

Where your personal data is processed on the basis of legitimate interests (Art. 6(1)(f) UK GDPR), you have the right to object at any time on grounds relating to your particular situation.

If your personal data is processed for direct marketing purposes, you have the right to object at any time without providing a reason. In such cases, we will no longer process your personal data for these purposes.

To exercise your right to object, simply send an email to:
sales@sinoscan.co.uk.

8. Automated Decision-Making and Profiling

We do not use automated decision-making, including profiling, within the meaning of UK GDPR.

9. Data Security

We use SSL (Secure Socket Layer) encryption and other industry-standard security technologies to protect your personal data during transmission and storage. You can recognise an encrypted connection by the padlock symbol in your browser’s address bar.

In addition, we implement appropriate technical and organisational measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction, or unauthorised access by third parties. Our security measures are continually improved in line with technological developments.

10. Updates to This Privacy Notice

Due to ongoing development of our website, changes to our services, or updates in legal requirements, it may become necessary to amend this Privacy Notice. The current version can be accessed at any time on this website.

Last updated: November 2025