Privacy and Data Protection

This Privacy Notice was last updated on 21st February 2023 and will be reviewed annually. Poteris reserves the right to update our Privacy and Data Protection Policy. If users have any questions or concerns relating to this Privacy and Data Protection Notice, they are encouraged to get in touch using our contact form.

Poteris’ role in processing data

Poteris acts as a Data Controller when website users give us their personal details directly, such as when submitting the contact form with an enquiry.

Legal Basis for Processing Personal Data

The basis for processing user data is consent, contractual and/or legitimate interest.

Contractual Requirement

Without the personal data which our users and partners consent for us to use, Poteris would be unable to deliver its services effectively.

We process the personal data of our website visitors for the purpose of responding to enquiries and offering services, when they complete the enquiry form.

Legitimate Interest

This is where Poteris has a legitimate reason to process personal data provided that it is reasonable and does not go against what users would reasonably expect from us. Where Poteris relies on legitimate interest to process personal data, our legitimate interest is:

  • Maintaining records on partners we are working with, to deliver our services.
  • To respond to queries, e.g. through the website.
  • Contacting partners to seek consent where needed.
  • For contacting potential partners where we have closely aligned objectives.

Data Collection and Processing

  • Users may give their personal details to Poteris directly, such as when enquiring on the site, via our website or engaging with us via social media
  • We may collect information from another source such as a partner organisation
  • We collect information from users’ use of our website. Like all organisations we are able to see what browser users are using, IP addresses and what computer operating systems are being used. We may use this information to improve the services we offer. Please also refer to our Cookies information below.

Using Collected Data

We store the minimal amount of data for us to run our services effectively. In order to provide the best service to our partners, we use data in the following ways:

  • To administer and deliver our services
  • To evaluate, improve and personalise our services
  • To allow us to communicate with partners and respond to enquiries
  • To undertake due diligence and manage risks

Keeping data secure

We store information about partners and visitors who have expressed interest in our services in documents and emails, and on systems we use internally where this is necessary for the processing that is expected for delivering our service (e.g. for responding to emails). This may include in spreadsheets and word processing documents as well as subprocessing via the services listed here. All systems are password protected and restricted to relevant users, and staff laptops are encrypted so that loss would not be expected to result in loss of user data. We operate in a generally paperless environment and do not print documents containing personally identifiable information.

Poteris will only store user data for as long as is necessary and in line with the original purpose that it was collected.

Sharing Data

Poteris will keep personal information confidential and not sell or disclose information to advertisers or external parties, except where users have explicitly given permission to do so.

There are some unlikely circumstances in which we would be required to share data without requesting explicit permission from the user. These include if we believe in good faith that we are required to in order to comply with a regulator or court in order to comply with law, regulation, legal process and court order. We may also share information in order to enforce terms of the contract.

Rights of the Data Subject

The Right to be Forgotten

We will remove or anonymise personal data within 30 days of any request to be removed.

Anonymising data means that any information that is not deleted can no longer be traced back to the person it came from.

Data Retention

Poteris will retain personal data only for as long as is necessary for the purpose we collect it.

Changes to this Policy

We will inform users prominently on our website when this Privacy and Data Protection notice changes and provide a jargon-free summary of the changes.

Right of Access to Data

We will provide users with a copy of their personal data stored by Poteris within 30 days of any request.

Restriction of Processing

We will document, process and respond to any restriction of process request users make.

Data Portability

We will ensure user’s data is available in a portable format.

Incident Response

Any data breach will be reported to appropriate authorities within 72 hours of the breach being found, and Poteris will liaise fully with appropriate authorities to respond to the breach.

Cross Border Data Transfer

Our primary structured data systems that users access are located in the UK. Unstructured data storage is either in the EU or covered by Privacy Shield.

Complaints or Queries

We will always encourage all users to contact us if they have any questions about personal data.


Cookies are small text files that are placed onto a device when users first visit a website which monitors interactions with the site.

We use cookies to:

  • Recognise you when you return.
  • Embed content hosted by third parties.
  • Improve your experience on our website through monitoring content and feature usage.

There are three categories of cookies we set:

  • Necessary cookies – these cookies are necessary for the website to function properly. Some of the following actions can be performed by using these cookies: keeping you logged in; serving video content we host with third parties; storing your cookie consent preferences.
  • Performance cookies – these cookies are used to gather statistical information about the use of our websites, also called analytics cookies. We use this data for performance and website optimisation.
  • Functional cookies – These cookies enable more functionality for our website visitors, and can be set by our external service providers or our own website.

We set the following cookies on our website:

  • Google Analytics – We use Google Analytics cookies to collect information about how you interact with our website, including how you reached it, which content you interacted with and information about the device you used, including browser type/version and operating system. We collect your IP address to understand where our visitors are located. These cookies are only set if you opt in to analytics cookies. Google’s privacy policy.
  • Google Tag Manager – We use Google Tag Manager to manage the analytics tags we deploy. This controls the analytics information we collect, and ensures we only collect analytics data when visitors have opted in. These are necessary cookies. Google’s privacy policy.
  • Iubenda – We use Iubenda to power our cookie banner. Their banner sets necessary cookies to store your cookie preferences, and controls the scripts that are permitted to run on our website. Iubenda’s privacy policy.


If you have any questions or queries about our data privacy, please get in touch here.