Privacy Policy

Last updated: February 2026

1. Introduction

Samo Solutions Ltd ("we", "us", "our") is committed to protecting and respecting your privacy. This Privacy Policy explains how we collect, use, store, and protect your personal data in compliance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

This policy applies to all personal data processed through our website and services.

2. Data Controller

The data controller responsible for your personal data is:

Samo Solutions Ltd
Company Registration Number: 9554602
United Kingdom

If you have any questions about this policy or how we handle your personal data, please contact us via our contact page.

3. Data We Collect

We collect personal data only through our website contact form. The data collected includes:

  • Name — to identify you and address our response appropriately.
  • Email address — to respond to your enquiry.
  • Company name (optional) — to understand the context of your enquiry.
  • Phone number (optional) — to contact you if preferred.
  • Message content — the details of your enquiry.
  • IP address — recorded for security and anti-abuse purposes.
  • Timestamp — the date and time of submission.

4. How We Use Your Data

We use the personal data you provide for the following purposes:

  • To respond to your enquiry or request.
  • To assess whether we can assist with your requirements.
  • To facilitate the commencement of a business relationship, if applicable.
  • To comply with legal obligations.

5. Legal Basis for Processing

We process your personal data on the following legal bases:

  • Consent: When you submit the contact form and provide explicit consent via the GDPR consent checkbox, you consent to us processing your data for the stated purposes.
  • Legitimate Interests: We may process your data where it is necessary for our legitimate business interests, such as responding to business enquiries and maintaining the security of our website.

6. Data Retention

We retain personal data collected through the contact form for the following periods:

  • Contact form submissions: Retained for up to 12 months from the date of submission, or for the duration of any resulting business relationship, whichever is longer.
  • Where no business relationship results: Data will be securely deleted within 12 months of the enquiry.
  • Contractual data: Where an engagement results, data may be retained for up to 7 years after the end of the engagement to comply with legal and regulatory obligations.

7. Data Sharing

We do not sell, rent, or trade your personal data to any third parties. Your data may be shared only with:

  • Our email service provider, solely for the purpose of delivering contact form submissions to us.
  • Google, via the reCAPTCHA service, for security verification (subject to Google's Privacy Policy).
  • Legal or regulatory authorities, if required by law.

8. Analytics and Tracking

We do not use any analytics, tracking, or advertising scripts on this website. We do not use cookies for tracking purposes. No third-party analytics services (such as Google Analytics) are present on this website.

The only third-party service used is Google reCAPTCHA on the contact form, which is necessary for security purposes.

9. Data Security

We implement appropriate technical and organisational measures to protect your personal data, including:

  • Server-side input validation and sanitisation.
  • CSRF (Cross-Site Request Forgery) protection.
  • Rate limiting on form submissions.
  • Secure server configuration with restricted directory access.
  • Prevention of header injection attacks.

10. Your Rights

Under UK GDPR, you have the following rights regarding your personal data:

  • Right of Access: You may request a copy of the personal data we hold about you.
  • Right to Rectification: You may request correction of any inaccurate or incomplete data.
  • Right to Erasure: You may request deletion of your personal data where there is no compelling reason for continued processing.
  • Right to Restriction: You may request that we restrict processing of your data in certain circumstances.
  • Right to Data Portability: You may request to receive your data in a structured, commonly used, machine-readable format.
  • Right to Object: You may object to the processing of your personal data where we are relying on legitimate interests.
  • Right to Withdraw Consent: Where processing is based on consent, you may withdraw your consent at any time.

To exercise any of these rights, please contact us through our contact page. We will respond to your request within one month.

11. Complaints

If you are not satisfied with how we handle your personal data, you have the right to lodge a complaint with the Information Commissioner's Office (ICO):

Information Commissioner's Office
Wycliffe House, Water Lane
Wilmslow, Cheshire, SK9 5AF
https://ico.org.uk

12. Changes to This Policy

We may update this Privacy Policy from time to time. Any changes will be posted on this page with an updated revision date. We encourage you to review this policy periodically.

13. Contact

If you have any questions about this Privacy Policy or wish to exercise your data protection rights, please contact us through our contact page.