Northstar Privacy Policy...

What is a Privacy Policy?

The following information sets out who Northstar Services Ltd (“Northstar”) are and tells you about how we use your personal data and why.  Northstar is committed to ensuring that your information is secure, accurate and relevant. To prevent unauthorised access or disclosure, we have implemented suitable physical, electronic, and managerial procedures to safeguard and secure the personal data we hold.

Who we are and what do we do?

Northstar Services Ltd

7a Triangle Centre, Kenn Rd, Clevedon, Bristol, BS21 6HX

Registered in England No. 3697844

Northstar operates as an Information Technology supplier of Hardware, Software and Services in the United Kingdom.

Northstar does not act as a data processor. We do not share data outside of Northstar, we do share it internally to help improve our service offering, to better support the needs of your business. 

Under data protection laws you have rights; if you think something is not quite right with the way we are handling your data please contact us in writing or the “contact us” form on this website.

The following information sets out what you can expect in the way that we handle your data. Let us know if you think something is missing or you feel it is incorrect, we’d love to put it right.

Our website address is:

What personal data we collect and why we collect it


When visitors leave comments on the site we collect the data shown in the comments form, and also the visitor’s IP address and browser user agent string to help spam detection.

An anonymised string created from your email address (also called a hash) may be provided to the Gravatar service to see if you are using it. The Gravatar service Privacy Policy is available here: After approval of your comment, your profile picture is visible to the public in the context of your comment.

If you leave a comment, the comment and its metadata are retained indefinitely. This is so we can recognise and approve any follow-up comments automatically instead of holding them in a moderation queue.

For users that register on our website (if any), we also store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information.

Contact forms

When you fill out a contact form on our website, we will use your details to answer your questions by the means that you have provided to us.

If you use the Live Chat service, we may collect your name, email address, company name, phone number or any other personal details you choose to share with us at the time.

By doing this you are providing consent for us to contact you and we have a legitimate interest in opening a record to ensure that we have made contact and can track our communications, ensuring your questions and requests have been answered, and information that we have discussed can be recorded.  

Once your request has been actioned the initial request will be deleted, if your initial request has turned into a record, this will be retained until it is no longer required. It’s a legitimate interest to retain a record of the communications we have had with companies that have expressed an interest in our services.


If you sign up to our newsletters and other communications, you can easily unsubscribe at any time by following the links provided.


We use cookies on our websites for a variety of reasons including remembering your settings, load balancing, marketing and analytics. They may collect information about your device, including your IP address (where available), operating systems and browser type. Cookies can be managed through your browser.

The cookies we use for analytics, marketing and advertising are Google and Facebook. The cookies collect standard internet log information and details of visitor behaviour patterns. We use the cookies to analyse the number of visitors to the various parts of the site, which pages people prefer and those that we need to improve. This information can also be helpful in allowing us to understand what prospective clients are looking for, how easy our site is to navigate and how effective our site is. This information is anonymised and only processed in a way which does not identify anyone. For more information about them, follow the links below:


We use Facebook Custom Audiences to deliver advertisements to Website Visitors on Facebook based on email addresses we have collected and through information collected via cookies. You can learn more about Facebook Custom Audiences by visiting

We also use other cookies which help with our advertising and link to advertising networks via Facebook.

If you leave a comment on our site you may opt into saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.

If you visit our login page, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.

When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.

If you edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 1 day.

Embedded content from other websites

From time to time we may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.

These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracking your interaction with the embedded content if you have an account and are logged in to that website.

Social Media

We use social media (LinkedIn, Twitter & Facebook) to provide information, answer questions and to interact with you. If you have liked a post or followed us, the details you make available on the platform will be known to us and will be used on the platform in this regard. We might also use your contact data and any knowledge we have about your interests in certain areas which relate to Northstar to place adverts in front of you.

Any personal data you put into the social media platform will be used by the platform provider for their own purposes.

Testimonials, client comments and referrals

As a client, if you provide us with a testimonial or similar comment to be published on our website, and/or in a hard copy format we’ll do so only with your consent. These are retained indefinitely or until you ask us to remove them.

As clients, we will often ask you which other companies you know that would benefit from our services. This will often be done either by email or in person.

If you use our services

Northstar uses a combination of site-based consultancy and services as well as online platforms to support the maintenance of computer systems.

Where we provide online services through one of our platforms, we are the data processor. As a prospect or customer, you are the data controller with responsibility for how the platform is used and the information that you provide.

We maintain and administer the platforms and therefore have access to the data contained within them. This is typically to help with specific queries or when general assistance is required. Our clients can cancel their subscription to this service (by following the cancellation procedure) and any data stored within shall be archived.

From time to time we will send general operational and service updates to you about products and services which are subscribed to by other similar clients. Some of these services will be targeted based on the what services you do and don’t access, and others will be generic to everyone.

To enable us to develop and communicate our services in a more effective way we export anonymised data and analyse it, to allow us to understand how the platform is used and if there are other area’s or services that we could offer to support our customers. Sometimes this will be reminders, on others, it may be additional services. Any such areas shall be communicated to you through our platforms and can be stopped at any time by letting us know.

We use third-party service providers in three areas. The first is for some direct marketing campaigns, these parties are only allowed to use the information to send out the publications.

The second is for the hosting of our platforms we communicate with you directly on which platforms your data is hosted.  You can also access the privacy information for those suppliers directly on their websites.  If you would like us to help you find that information, please contact us.

In all cases, they fulfil their obligations under Article 28 of the GDPR and all data is hosted in the EU or transferred using one of the lawful mechanisms set out in GDPR Chapter V.


When we are promoting our services, we do so through inbound enquiries either directly, through social media posts or by providing your contact details when downloading content. Opting out, unsubscribing or objecting is your right, should you choose to do so, it will be respected, and we will not contact you again.

Job applicants and current and former employees

Northstar is the data controller for the information you provide during the application process unless otherwise stated. If you have any queries about the process or how we handle your information, please contact us.

What will we do with the information you provide to us?

All information you provide during the application process will only be used for the purpose of progressing your application or to fulfil a legal or regulatory requirement.

We will not share any of the information you provide during the Northstar internal recruitment process with any third parties for marketing purposes. The information you provide will be held securely by us.

We will use the contact details that you have provided to contact you to progress your application. We will use the other information you provide to assess your suitability for the role you have applied for.

What information do we ask for, and why?

We do not collect more information than we need to fulfil our stated purposes. The information we ask for is used to assess your suitability for employment. You don’t have to provide what we ask for, but it might affect your application if you don’t.

Application stage

Applications may be received by email, by post or through a third-party recruitment agency. We will ask you for your personal details including name and contact information. We will also ask you about your previous experience, education, referees and for answers to questions relevant to the role you have applied for. Our recruitment team will have access to this information.


We might ask you to participate in assessments; complete tests or occupational personality profile questionnaires; and/or to attend an interview or a combination of these. Information will be generated by you and by us. For example, you might complete a written test, or we might take interview notes. This information is held by Northstar.

If you are unsuccessful following assessment for the position you have applied for, we will retain your details for 12 months.

Conditional offer

If we make a conditional offer of employment, we will ask you for information so that we can carry out pre-employment checks. You must successfully complete pre-employment checks to progress to a final offer. We are required to confirm the identity of our staff, their right to work in the United Kingdom and seek assurance as to their trustworthiness, integrity and reliability.

You will, therefore, be required to provide:

  • Proof of your identity – you will be asked to attend our office with original documents, we will take copies.
  • Proof of your qualifications – you will be asked to attend our office with original documents, we will take copies.
  • You will be asked to complete a criminal records declaration to declare any unspent convictions.
  • For certain positions, we will contact you to complete an application for a Basic Criminal Record check via the Disclosure and Barring Service, which will verify your declaration of unspent convictions.
  • We will contact your referees, using the details you provide in your application, directly to obtain reference.

If we make a final offer, we will also ask you for the following:

  • Bank details – to process salary payments.
  • Emergency contact details – so we know who to contact in case you have an emergency at work.

Use of third-party recruitment

Where recruitment is concerned Northstar is a data controller and where we use third party recruitment agencies, they are a joint controller. This is because they will try to place you with other organisations.

Where we use other third parties, including job sites that you have registered with, they are a data processor. We ensure that appropriate controls and contracts are in place with these third parties.

If you are employed by Northstar, relevant details about you will be provided to several third-party providers, including our payroll and pensions providers. All staff will be provided with a privacy notice to explain this in detail.

How long is the information retained for?

If you are successful, the information you provide during the application process will be retained by us as part of your employee file for the duration of your employment plus up to an additional seven years following the end of your employment. This includes your criminal records declaration, records of any security checks and references.

If you have been unsuccessful at either the shortlisting stage or assessment stage your data will only be retained for 6 months except for your name. This will be kept for two years so that we have a record of who we have previously interviewed. This is a legitimate reason to ensure a consistent robust selection and recruitment process.

When we have no ongoing legitimate business need to process your personal information, we will either delete or anonymise it.  If this is not possible (for example, because your personal information has been stored in backup archives), then we will securely store your personal information and isolate it from any further processing until deletion is possible.

What rights you have over your data

If you have an account on this site or have left comments, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes.

Under data protection legislation, you have rights as an individual which you can exercise in relation to the information, we hold about you.

These rights include:

  • The Right of Subject Access – This is the right to access data we hold about you and, where required, an explanation of that data.
  • The Right to Rectification – This is the right to have inaccurate or incomplete data rectified.
  • The Right to Erasure – This is also known as the ‘right to be forgotten’ and means that in certain circumstances you have the right to ask us to delete data we hold on you.
  • The Right to Restrict Processing – This is where you can request that we restrict/block the processing of personal data (but still retain it).
  • The Right to Data Portability – This allows people to reuse their persona data by requesting it in a useable format.
  • The Right to Object – This right allows you to object to us processing your personal data. This is typically related to processing based on legitimate interest, the performance of a task in the public interest, direct marketing and processing for scientific or historical research.

Complaints or queries

Northstar attempts to meet the highest standards when collecting and using personal information. For this reason, we take any complaints we receive about this very seriously. We encourage people to bring it to our attention if they think that our collection or use of information is unfair, misleading or inappropriate. We would also welcome any suggestions for improving our procedures.

This privacy notice was drafted with brevity and clarity in mind. It does not provide exhaustive detail of all aspects of Northstar collection and use of personal information. However, we are happy to provide any additional information or explanation needed. Any requests for this should be sent using the contact form on our website.

If you want to make a complaint about the way we have processed your personal information, you can contact the Information Commissioner’s Office in their capacity as the statutory body which oversees data protection law.

Access to Personal information

Northstar tries to be as transparent as it can be in terms of giving people access to their personal information. Individuals can find out if we hold any personal information by making a ‘subject access request’, which must be submitted in writing to the address provided on our website. If we do hold information about you, we will:

  • Give you a description of it;
  • Tell you why we are holding it;
  • Tell you who it could be disclosed to; and
  • Let you have a copy of the information in an intelligible form.

If you agree, we will try to deal with your request informally, for example by emailing you the specific information you need.

If we do hold information about you, you can ask us to correct any mistakes by contacting us.

Where we send your data

Visitor comments may be checked through an automated spam detection service.

Northstar do not directly transfer data we hold outside of the UK. However services that you purchase from Northstar, such as Microsoft Azure, may transfer data. Each of the vendors supplying these services or combinations of these services have their own data protection procedures. Please contact the vendors directly for more details or contact Northstar for assistance.

Disclosure of personal information

In many circumstances, we will not disclose personal data without consent, unless legally obliged to do or as part of contractual obligations with our customers (where you are a party to the agreement or service).

We may disclose your personal information to the following categories of recipients:

  • To third party services providers and partners who provide data processing services to us (for example, to support the delivery of, provide functionality on, or help to enhance the security of our website), or who otherwise process personal information for purposes that are described in this Privacy Notice or notified to you when we collect your personal information;
  • To any competent law enforcement body, regulatory, government agency, court or other third parties where we believe disclosure is necessary as a matter of applicable law or regulation, to exercise, establish or defend our legal rights, or to protect your vital interests or those of any other person;
  • To a potential buyer (and its agents and advisers) in connection with any proposed purchase, merger or acquisition of any part of our business, if we inform the buyer it must use your personal information only for the purposes disclosed in this Privacy Notice;
  • To enforce or apply our Terms of Service or other agreements or to our customers (including with other companies and organisations for the purposes of fraud protection and credit risk reduction);
  • To any other person with your consent to the disclosure.

Additional information

How we protect your data and what data breach procedures we have in place

Northstar protect data with periodic backups, anti-malware and other security software, firewalls, file access permissions and security procedures. These measures are audited under our ISO27001 certification.

If a personal data breach in these security measures does occur leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data then we undertake the following action. Firstly we mitigate the current loss and the ongoing risk to further loss. We then consider the likelihood and severity of the risk to people’s rights and freedoms, following the breach. If it’s likely there will be a risk then we notify the ICO. From there we follow procedures under GDPR relating to informing parties effected by the security breach.

Legal basis for processing personal information

If you have questions about or need further information concerning the legal basis on which we collect and use your personal information, please contact us using the contact form on our website.

Other privacy policies

This privacy notice does not cover the links within this site linking to other websites. We encourage you to read the privacy statements on the other websites you visit.

Changes to this privacy notice

We keep our privacy notice under regular review. This privacy notice was last updated on 21st July 2020

How to contact us

If you want to request information about our privacy policy, you can use the contact form on our website or write to:

The Managing Director

Northstar Services Ltd

7a Triangle Centre, Kenn Rd, Clevedon, Bristol, BS21 6HX