top of page

ORCHARD BUSINESS PRIVACY POLICY

Orchard Business Systems provides document management, print management, and
business automation services.


For data protection purposes, Orchard Business Systems is the Data Controller.
Contact Email: sophie@orchardsystems.co.uk


Business Address: 16 Mayors Road, Altrincham, Cheshire, WA15 9RP


What Data We Collect
We may collect the following information:

  • Name and job title

  • Business name and address

  • Email address and phone number

  • Billing and invoicing details

  • Communication records (emails, calls, messages)

  • Website usage data (IP address, cookies, analytics)

We only collect data that is necessary for business purposes.

How We Use Your Data
We use your data to:

  • Respond to enquiries and provide quotes

  • Deliver and manage our services

  • Manage contracts, billing, and payments

  • Communicate with you about our services

  • Improve our systems and customer experience

  • Meet legal and regulatory obligations

Nature and Purpose of Processing
Personal Data will be processed solely for the purpose of providing services to
Orchard Business System, as set out in the main agreement.


Lawful Basis for Processing
We process your personal data under the following lawful bases:

  • Contract – where we are providing or preparing to provide services

  • Legitimate Interests – for normal business communication and service improvement

  • Legal Obligation – for accounting and compliance

  • Consent – where required (for example, marketing emails)

Who We Share Data With
We may share data with trusted third parties, including:

  • IT and software providers

  • Cloud storage and document management platforms

  • Accounting and payment providers

  • Professional advisers

  • Third Party Engineers

  • Suppliers

All third parties are required to keep your data secure and confidential.
We do not sell your data.


How Long We Keep Your Data
We keep personal data only for as long as necessary:

  • Customer records: up to 6 years after the end of a contract

  • Financial records: as required by law

  • Marketing data: until you withdraw consent


Your Rights
You have the right to:

  • Access your personal data

  • Correct inaccurate data

  • Request deletion of your data

  • Restrict or object to processing

  • Withdraw consent at any time

  • Request data portability

To exercise your rights, contact us using the details above.

Personal Data Breaches
The Processor shall notify the Controller without undue delay upon becoming aware
of a Personal Data Breach and provide all relevant information to assist with reporting
obligations.


Sub-Processing
Where sub-processors are used:

  • The Processor shall ensure equivalent data protection obligations are imposed

  • The Processor remains fully liable for the actions of sub-processors

International Transfers

Personal Data shall not be transferred outside the UK unless appropriate safeguards
are in place in accordance with UK GDPR.


Audits and Compliance
The Processor shall make available information necessary to demonstrate compliance
and allow reasonable audits where required.

Termination
Upon termination of services, the Processor shall securely delete or return all
Personal Data unless retention is required by law.


Governing Law
This Agreement is governed by the laws of England and Wales.

Last reviewed: January 2026

bottom of page