1. Your personal data – what is it?
The processing of personal data is governed by the UK Data Protection Act 2018 and the General Data Protection Regulation (GDPR). Personal data relates to any natural or legal person, public authority, agency or other body which, alone or jointly can be identified from that data. Identification can be by the information alone or in conjunction with any associated information in the data controller’s possession or likely to come into its possession.

2. Who are we?
Sota Solutions Limited (Sota) is a data controller, meaning it decides how your personal data is processed and for what purposes. Sota is also a data processor, meaning it is responsible for processing personal data on behalf of a controller.
In response to the data protection accountability and governance principles, Sota has implemented appropriate technical and organisational measures to ensure it can demonstrate that it complies with the Act and the Regulations. This includes the formulation of Data Protection policies and procedures, whilst also carrying out associated activities such as staff training, internal audits of processing activities and reviews of internal policies.

3. What types of personal data do we collect?
In order for you to use our services, receive email responses regarding a service enquiry or updates you may be asked to provide us with personal information about yourself such as your name, job title, phone number, e-mail and other contact details

3a. Call and Meeting Recording
When you contact us by phone,or participate in a digital meeting, your interaction may be recorded and transcribed using AI technology. This means we may process the following personal data during calls:

Voice recordings (which may include names, job titles, and other identifiers shared during the call)
Contact details provide during the conversation
Contextual information such as account details, service queries, or transaction references

Video and shared content, where applicable in digital meetings
Recordings are used for the following purposes:

Quality assurance and staff training
Compliance with legal and regulatory obligations
Resolving disputes and verifying information
Improving customer service
Supporting productivity tools for licensed users

Processing is carried out under:

Legitimate Interests (e.g., ensuring service quality and compliance)
Legal Obligation (e.g., regulatory requirements)
Consent, where applicable

Call and meeting recordings are retained for 120 days,, unless a longer period is required for legal or regulatory purposes. After this period, recordings are securely deleted.

4. How do we process your personal data?

Sota complies with its obligations under the Act and the Regulations by:
Keeping personal data up to date;
Storing and destroying it securely;
Not collecting or retaining excessive amounts of data;
Protecting personal data from loss, misuse, unauthorised access and disclosure and
Ensuring that appropriate technical measures are in place to protect personal data.

We may use your personal data for the following purposes:

To enable us to provide you with IT infrastructure and managed services, consultancy and support.
To provide you with connectivity and communication services.
To respond to enquiries and requests for information.
To market our services and solutions.
To maintain our own accounts and records.
To respond to applications for employment.
To inform you of news, events and activities.

5. What is the lawful basis for processing your personal data?

The legal basis for processing your personal data will be dependent on the purpose for which it was collected:

In the case of Sota being able to market and offering its services, the legal basis will be legitimate interest. In all instances, Sota will be able to identify a legitimate interest with respect to the provision of its services and show that the processing is necessary to achieve it, whilst balancing it against the individual’s interests, rights and freedoms.

Sota will not in all cases solely rely on legitimate interest as the lawful basis for processing, and when conducting marketing activity will look to gain genuine consent.

Processing of information required for carrying out legal and regulatory obligations, such as employment, social security or social protection law, or a collective agreement where the lawful basis would be a legal obligation.

6. Sharing your personal data

Your personal data will be treated as strictly confidential and will only be shared with other members of Sota in order to respond to enquiries and applications, to carry out and provide its services. We will only ever share your data with third parties outside the organisation with your consent or unless we are under a legal obligation to do so.

7. How long do we keep your personal data?

Sota Solutions will only retain personal data for the minimum period required or as defined by a legal obligation. Your personal data will be erased following this minimum period.

8. Your rights and your personal data

Unless subject to an exemption under the Act or Regulations, you have the following rights with respect to your personal data:

The right to request a copy of the personal data which Sota holds about you.
The right to request that Sota corrects any personal data, if it is found to be inaccurate or out of date.
The right to request that your personal data is erased, in cases where it is no longer necessary to retain this data under a legal basis.
The right to withdraw your consent to the processing of your data at any time.
The right to request that Sota provides the data subject with his / her personal data and, where possible, to transmit that data directly to another data controller, (known as the right to data portability) where applicable and where possible. [Only applies where the processing is based on consent or is necessary for the performance of a contract with the data subject and in either case where the data controller processes the data by automated means].
The right, where there is a dispute in relation to the accuracy or processing of your personal data, to request that a restriction is placed on further processing.
The right to object to the processing of personal data where applicable. [Only applies where processing is based on legitimate interests (or the performance of a task in the public interest / exercise of official authority); direct marketing and processing for the purposes of scientific / historical research and statistics].
The right to lodge a complaint with the Information Commissioners Office.

9. Further processing

If we wish to use your personal data for a new purpose, not covered by this Data Privacy Notice, then we will provide you with a new notice. The new notice will explain the new use of your personal data prior to the commencement of processing. It will set out the relevant purposes and processing conditions. Where, and whenever necessary, we will seek your prior consent to the new processing.

10. Contact Details

To exercise all relevant rights, request a copy of our Data Protection Policy, make queries or complaints, please contact the Data Protection Officer (DPO) at data.protection@sota.co.uk or write to Sota Solutions Ltd, 300 Cornforth Drive, Kent Science Park, Sittingbourne, Kent, ME9 8PX.
For escalations or complaints you can also contact the Information Commissioners Office on 0303 123 1113; via email https://ico.org.uk/global/contact-us/email/ or by writing to the Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF.