- Data controller
- Max Cloud Services Limited
- Registered in
- England & Wales · Company no. 12173791
- Registered office
- 40–44 Church Street, Reigate, Surrey, RH2 0AJ
- info@mcs-its.co.uk
- Phone
- 0800 994 9028
01 Who we are
Max Cloud Services Limited (“Max Cloud”, “we”, “us”) provides managed IT support and cyber security services to businesses across Surrey, the UK and beyond.
For the personal data we handle through this website and in the course of our services, Max Cloud is the data controller. We are committed to protecting your privacy and handling your information in line with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
This policy covers personal data collected through our website, when you enquire about or use our services, and when you contact us. Where we deliver IT services to a client organisation, we may also act as a data processor on that client’s behalf — that processing is governed by the contract we hold with the client.
02 Information we collect
We only collect information we genuinely need. Depending on how you interact with us, this may include:
Information you give us
- Enquiry & “book an audit” forms — your name, business name, email address, phone number and any details you share about your current IT setup.
- Phone & email enquiries — the contact details and information you provide when you get in touch with us.
- Newsletter / blog signup — your email address, so we can send you updates you’ve asked for.
- Client support portal — account login details, support tickets you raise and the information needed to resolve them.
Information we collect automatically
- Technical & usage data — such as your IP address, browser type, device information and how you use our website, collected through cookies and similar technologies (see section 4).
You don’t have to give us your personal data, but if you don’t we may not be able to respond to your enquiry or provide the service you’ve asked for.
03 How & why we use it
We use your personal data for the following purposes, each supported by a lawful basis under the UK GDPR:
- To respond to enquiries and provide quotes — on the basis of taking steps at your request before entering into a contract.
- To deliver and manage our services, including support tickets and the client portal — on the basis of performing our contract with you or your organisation.
- To send service updates and, where you’ve opted in, our newsletter — on the basis of your consent or our legitimate interest in keeping clients informed.
- To keep our website and services secure and improve them — on the basis of our legitimate interests in running a safe, effective business.
- To meet legal, accounting and regulatory obligations — on the basis of complying with our legal obligations.
Where we rely on consent, you can withdraw it at any time by contacting us — this won’t affect anything we did before you withdrew it.
06 International transfers
We aim to keep personal data within the UK or European Economic Area. Some of our providers (such as Microsoft) may process data outside the UK. Where that happens, we make sure appropriate safeguards are in place — such as UK ‘adequacy’ regulations or the International Data Transfer Agreement — so your data stays protected.
07 How long we keep it
We keep personal data only for as long as we need it for the purposes set out in this policy, and to meet our legal and accounting obligations.
- Enquiry data — kept while we’re in contact and for a reasonable period after, in case you get back in touch.
- Client & contract data — kept for the duration of our relationship and as long afterwards as the law requires (financial records are generally kept for at least 6 years).
- Marketing data — kept until you unsubscribe or ask us to stop.
When we no longer need your data, we securely delete or anonymise it.
08 How we protect it
As a cyber security company, protecting data is at the heart of what we do. We apply appropriate technical and organisational measures — including access controls, multi-factor authentication, encryption, monitoring and staff training — to keep personal data safe from unauthorised access, loss or misuse. No system is ever completely risk-free, but we take security seriously and review our measures regularly.
09 Your rights
Under UK data protection law you have the right to:
- be informed about how we use your data;
- access the personal data we hold about you;
- have inaccurate data corrected;
- ask us to erase your data in certain circumstances;
- restrict or object to how we use it;
- data portability — receive your data in a portable format; and
- withdraw consent at any time where we rely on it.
To exercise any of these rights, email info@mcs-its.co.uk. We’ll respond within one month and won’t charge a fee in most cases.
10 Marketing
We’ll only send you marketing where you’ve agreed to receive it, or where we’re otherwise permitted to under the rules. Every marketing email includes an easy way to unsubscribe, and you can opt out at any time by contacting us.
11 Changes to this policy
We may update this policy from time to time to reflect changes in our practices or the law. When we do, we’ll update the “last updated” date at the top of this page. We encourage you to review it periodically.
Contact & complaints
If you have any questions about this policy or how we handle your data, please get in touch — we’re happy to help.
You also have the right to complain to the UK’s data protection regulator, the Information Commissioner’s Office (ICO), at ico.org.uk or on 0303 123 1113. We’d appreciate the chance to resolve your concern first, though.