Privacy Statement

Hello Data Subject.

As a visitor to this website, or if you are in contact with us as a customer, partner or supplier, this privacy policy applies to you and has been written for you. You can contact us regarding any data privacy enquiries by emailing E-mails to this address are logged on a ticketing system and tracked to closure.

In addition, data subjects may contact Lorna Fimia, Data Privacy Manager, by emailing

Our role in your privacy

activereach is a UK-based business-to-business supplier of networks, collaboration, and security solutions. We have been in business and growing since 2009. We solve business problems for customers using services which involve handling all sorts of data – including personal information.

For most people reading this policy, activereach is a data controller. We collect and process personal information from you for various reasons. This policy explains what we collect, how we use it, who we share it with and your rights and the choices you can make about your data.

We have our own products and services, but also act as a value-added reseller (VAR) for selected partners,  “Technology Partners”. When we supply a solution, we act as a data processor for those customers (who are typically the data controller). Our partners are our sub-processors.

activereach as Data Controller

When and how we collect personal information

  • When you browse any page on our website
  • When you register to receive a White Paper, Case Study and other selected content
  • When you register to attend one of our Webinars
  • When you complete a contact form on the website
  • When we acquire business contact information from third parties
  • When you engage in web chat with us
  • When you follow, message or engage with us via social media
  • When you receive an e-mail from us
  • When you e-mail us
  • When we call you
  • When you call us
  • When we meet you out and about (eg. trade show or meeting)
  • When you add public profile information on LinkedIn
  • Using our guest wireless in our office

Types of data we collect

  • Business contact details (name, job title, mobile number, e-mail address, organization)
  • Browsing behaviour and preferences, browser, and browsing device details
  • E-mail interactions and content engagement
  • Network traffic
  • Authentication data
  • Any specific problem you may have with the products and services we supply
  • Specifics of requests for information, demonstrations, quotations, or support.
  • A request for a quotation
  • CCTV Images collected on site at our HQ
  • We also profile your data based on the organization you work for, and your Job Title and Job Function, to ensure we can tailor our marketing messages appropriately

How and why we use your data

By law we can only use your data for certain reasons and where we have a legal basis to do so. Here are the reasons for which we process your data.

  • Grow activereach as a business
    • Resolve business enquiries
    • Understand business requirements
    • Sell consultatively to business customers
    • Deliver, operate and support network, security and collaboration solutions
    • Improve service for you and more generally for our other customers
  • Mitigate risks to activereach’s and our customer data and information systems
  • Improve our website, staff skills, collateral, processes, and products

In order to grow as a business, the biggest difficulty we face is getting time with a decision-maker to prove our expertise and demonstrate how we can help solve problems cost-effectively. We do several things to try and contact business decision-makers to sell our services; we run a website, we engage on social media platforms, e-mail, and telephone business people.

We rely on Legitimate Interest as a legal basis for the processing of personal data. This includes the processing of

i) employee, partner, supplier and B2B client data

ii) B2B direct marketing

Growing our business by providing the right solutions to meet a customer’s requirements is our main purpose in collecting and processing business contact information. We believe we have a Legitimate Interest in collecting business contact information and contacting people directly. We thought about how this might affect people’s privacy rights and balanced them against our interests as a business.

We believe that the limited and non-domestic nature of our use of personal information (business-to-business, public records), the lack of special categories of data, the lengths we go to to secure that data, and the tools we provide data subjects to exercise their rights over the data, is sufficient to meet a Legitimate Interest Assessment.

We follow the PECR with regards to electronic communication and ensure any phone numbers we use are pre-screened against domestic and business TPS lists.

Your privacy rights and choices

Your rights

Under UK and European law, you have rights over the personal information that we hold about you.

You have the right

  • to be informed
  • of access
  • to rectification
  • to erasure
  • to restrict processing
  • to data portability
  • to object

Also you have rights in relation to automated decision making and profiling.

You can exercise your rights to your personal information under EU GDPR and UK Data Protection by emailing E-mails to this address are logged on a ticketing system and tracked to closure. activereach aims to resolve any requests within 30 days, but sometimes may seek additional information to verify data subject identity prior to fulfilling requests to disclose, alter or delete information we would otherwise consider confidential.

activereach makes sure that your personal information is collected lawfully and fairly. We try hard to make sure it remains accurate, relevant and is not excessive for the purpose it is collected for. We do not re-purpose personal information we collect. We retain personal information for no longer than is necessary (although the duration varies depending on the nature of the data – CCTV images are not kept as long as e-mail contact details, for example).

Your personal information is held in systems where we employ procedural and technical controls to minimise risks to the security (Confidentiality, Integrity or Availability) of the data. If we are ever breached, we will inform the UK Information Commissioners Office (ICO) within 72 hours of being made aware of the breach – and data subjects that are at risk will also be informed. We use a process of continual security improvement – protection and testing – to minimise risk and ensure that our information systems are resistant to modern cyber threats.

We will comply with all subject access requests to have personal information deleted from our information systems. If we do delete your data following such a request, there is a chance that your personal information may reappear in our information systems during the normal course of our business activities (e.g. in data we purchase from third parties from time to time).

You have the right to lodge a complaint with the supervisory authority, UK ICO, if you are not happy with the processing of your personal data. Please visit the ICO Complaints page for details.

Before it gets to that situation, please make sure you contact our Data Privacy Manager, Lorna Fimia, at if you wish to exercise any of your rights or if you have any questions about the processing of your personal data.

Your choices

You may choose to receive or not receive marketing communications from activereach by indicating your preferences. Opportunities to select your preferences include the following:

  • Contact and enquiry forms on allow you to choose whether you wish to receive email marketing communications from activereach.
  • All activereach marketing e-mails offer a link to opt-out or unsubscribe from further e-mail messages.
  • At any point you can email and send a request to be removed from our marketing lists.
  • You can change your browser settings to reject cookies from or social media platforms.
  • Please allow up to 10 business days for new contact preferences to take effect.

Security of the personal information we collect

activereach has met the standard for Cyber Essentials and is working to ISO 27001:2013 standards of information security for our information systems. We have a comprehensive ISMS (Information Security Management System) covering risk assessments, policies and the tools we use to enforce our security policy and meet our regulatory obligations.

Where we store the information, how long do we store information

We have set internal policies on retention duration which is different for each information flow based on the principle of storage limitation and secure disposal/deletion.  Specific personal data records are kept in line with the following retention policies:

  • HR records – for as long as the person is employed, and in accordance with the Data Protection Act, Rehabilitation of Offenders Act, Employment Act and for audit & taxation purposes
  • Customer and Supplier data – in accordance with the Data Protection Act and as required for audit and taxation purposes
  • Prospect data – is reviewed and audited on an annual basis. Data which is expired, i.e. business to business contacts have moved into roles that are no longer eligible for targeting on the basis of legitimate interest, or have moved companies, and/or their email addresses return a hard bounce and/or are undeliverable are deleted from our CRM system on an annual basis.

Data subjects may request more specific details via a subject access request to

We make use of third-party processors for some of our business-critical applications (e.g. CRM application, e-mail services, web/email hosting) handling personal information flows. These store and process data in servers/data centres located in the UK. One of our sub-processors processes your personal data in the US. Standard contractual clauses are in place to ensure that any transfers to the US are made in accordance with data protection legislation.

We have mapped our information flows and activereach is satisfied that our processors meet the standards for security that we expect for ourselves and our data subjects.

Who we share the information with

We do not sell the information we collect to third parties.

If the personal information is collected as part of a joint marketing activity (e.g. trade show, webinar, hospitality event, or marketing campaign), then one of our “Technology Partner” companies will be collecting the same information we have. They will be a data controller in their own right and your personal information will be processed according to their privacy policy.

Other recipients of data are:

i) Event sponsors. activereach “Technology Partners” may sponsor and co-host an event organised by activereach. activereach and the Event Sponsor(s) may provide you marketing information before, during and following the event. You can withdraw your consent for this marketing by activereach Ltd by emailing For the purposes of applicable data protection regulations, Event Sponsors will become controllers of your personal information following the event.

ii) Third party service providers/suppliers engaged by us to assist in the administration of a marketing event or marketing campaign.

iii) Third party processors that handle business-critical and marketing applications (e.g. CRM System, Email Marketing Platform, Email/Web Hosting)

iv) Suppliers handling employee data

The activereach web system

Modern websites are complicated things. People browsing arrive from a number of different routes; search engine results, links on other sites, e-mail campaigns, even business cards and flyers we have handed out.

When you land on our site, we start collecting information about who you are (IP address, browser type, language), when you came to the site, where you came from (URL of the website that referred you), what you are looking for (search terms entered, links and adverts clicked on our site), and where you go when you’re done (URL of the site you go to if you click on an outbound link on our site).

We do this to judge how good our website is, judge the effectiveness of our marketing campaigns, and try to understand, without bothering you, what information you may be looking for and whether you found it OK.

We may share non-personal aggregate statistics (group) data about our site visitors’ traffic patterns with partners or other parties. However, we do not sell or share any information about individuals to third parties.


A cookie is a piece of text stored by your web browser software that is placed on your computer’s hard drive. Depending on the settings you have selected, your browser adds the text to your device as a small text string.

Many browsers are set to accept cookies by default. You have the ability to accept or decline cookies as you prefer in your browser settings.

The Help portion of your web browser, most likely found on the toolbar, typically tells you how to prevent your browser from accepting new cookies, how to have the browser notify you when you receive a new cookie, or how to disable cookies altogether.

If you allow them in your browser settings, the activereach site will store a persistent ‘cookie’ on your computer. This allows the site to notice when you come back to the site and improve your experience by remembering preferences and options you have selected.

We also use cookies to analyse traffic on Google Analytics.

Social Media Features

Social Media providers make use of cookies when you interact with a social media feature. Our website includes social media features, including Facebook “Like” button and Twitter “Follow” button. These features will collect your IP address, which page you are visiting on our site, and may set a cookie to your browser to enable the feature to function properly.

Social media features are either hosted by a third party or hosted directly on our site and send information to the social media company involved (e.g. Facebook, LinkedIn, Google). Your interactions with these features are governed by the privacy policy of the company providing it.

The activereach mailing list system

We also e-mail business people who are in job roles that, we think, would be the right people to approach, to try and avoid wasting your time and ours.

We get these e-mail addresses from trade shows we attend, direct submission from our web-site or signing up to obtain a white paper. We buy in lists of e-mail addresses for people in particular roles in particular businesses and combine them with information made public through LinkedIn. We use these suppliers and take pains to only work with information providers that collect data lawfully. We also combine contact data with information collected from people browsing our website to try and build a single view of someone’s interactions across a variety of communication methods.

As such, some marketing you receive, including email marketing, may also be personalised based on your visits to and your browsing history. In addition, when you click on some links in email marketing you receive, our email service provider may place a cookie on your browser. This type of cookie would be linked to your email address or IP address and used to gather information about the products and services you view on Information gathered may be used to personalize and customize future email marketing messages you receive.

Every marketing e-mail we send has an unsubscribe link that gives you the option to opt out of all future communications and marks a CRM record to not e-mail you. We also have a link to this policy, which describes more about where we got the information, what we do with it, and point data subjects to their rights under EU GDPR or UK Data Protection legislation. We are registered with, and regulated by the Information Commissioner’s Office.

The activereach phone list

activereach uses telephone calls to try and reach business decision-makers in job roles that are pertinent to our business activities – IT, infrastructure, and security amongst others. We use data from third parties but we only use third parties that pre-screen data against TPS and CTPS. We screen against both because some sole traders and certain partnerships can register with the TPS instead of the CTPS.

These telephone calls are unsolicited, but as well as making sure all data is screened, we maintain a register of contacts that have told us ‘do not call’ and we make sure we do not call them.

Telephone calls are not automated and we make no efforts to hide our number or our identity. This approach is in line with ICO guidance on compliance with the PECR.

Childrens’ Online Privacy Protection Act Compliance

We are in compliance with the requirements of UK COPPA (Childrens Online Privacy Protection Act), we do not collect any information from anyone under 13 years of age. Our website, products and services are all directed to people who are at least 13 years old or older.

Policy changes

For more information or questions about our privacy policy, please email us at Any amendments to this policy will be published on our website at this location.

Legal details

This privacy policy covers activereach Ltd (06716533) registered in England & Wales no. 06716533 at Burnham Yard, London End, Beaconsfield, Bucks. HP9 2JH. activereach is a data controller registered with the Information Commissioner’s Office (Z1684067).

The company is registered with the Data Protection Registrar under reference: Z1684067.

This notice was last updated on 04/01/2022.