Home
Legal
Sunswap Privacy Notice

Sunswap Privacy Notice

  1. Introduction and summary

    1. This Privacy Notice explains how we collect, use, protect and share (process) your personal information and your legal rights in relation to that processing.

    2. In this Privacy Notice, the terms “we”, “us” or “our” all mean Sunswap Ltd (company number 12407155). You can find out how to contact us at the end of this Privacy Notice.

    3. We are a controller in relation to the processing of your personal information. This means that we are the company responsible for deciding the purpose (why) and the means (how) your personal information is processed.

    4. This privacy notice is intended for our customers and suppliers. We have a separate privacy notice that we provide to our employees.

    5. We mainly process the personal information of our customers and suppliers to respond to enquiries about our products and services and to do business with those customers and suppliers.

  2. The personal information we collect and how we collect it

    1. We may collect the following personal information when you contact us:

      1. Name
      2. Job title
      3. The company you represent
      4. Email address
      5. Work address
      6. Phone number
      7. The content of any communication such as emails and enquiry forms
      8. Video images on Microsoft Teams meetings if they are recorded

    2. We obtain this information directly from you (or in some instances from the company you represent) when you phone us (or we phone you); when you use an enquiry form on our website; if you reach out to us on LinkedIn or other social media platforms; if you visit us at our offices or have a virtual meeting with our employees; or if one of our employees meets you at an industry event.

    3. We may also obtain your personal information from other sources including Companies House, LinkedIn, news articles and trade associations (for example, Cold Chain Federation).

  3. Why we process your personal information and the legal basis under which we process it

    1. The table below sets out the different reasons why we process your personal information. It also shows you the legal basis under which we are allowed to process it.

      Why we process your personal information The legal basis for such processing
      "To manage our business relationship with the organisation that you represent, including:"
      1. responding to customer enquiries,
      2. providing customer service,
      3. providing account management services,
      4. "negotiating, concluding and performing business transactions"
      		 Contract; and,
      "Legitimate interests in responding to business enquiries, providing good customer service and managing our business relationships"
      To ensure compliance with contractual obligations between us and the organisation you represent Contract
      "To ensure compliance with applicable laws and regulations to which we are subject, based on our relationship with the organisation that you represent" Legal obligation
      To track communications and analyse call metrics to improve the effectiveness in which we conduct business with the organisation that you represent Legitimate interests in improving our business activities
      To market our products and services to the organisation that you represent Consent; and,
      Legitimate interests in promoting our business to ensure its long-term success
      To provide aftermarket services for our products to the organisation that you represent Contract
      To conduct market research and product improvement activities Consent; and,
      Legitimate interests in improving our products and services
      "To ensure the effective functioning, performance and security of our website" Consent; and,
      Legitimate interests in making sure our website operates correctly and securely
      To enable a sale or potential sale of our company or all or part of our business Legitimate interest in achieving our long-term strategic objectives

  4. How long we keep your personal information

    1. We keep your personal information for as long as is necessary based on the purpose for which we originally processed it. We also consider the amount, nature, and sensitivity of the information, the potential risk of harm that might result if it was inadvertently disclosed, as well as any taxation, accounting or other legal requirements and guidelines.

    2. We delete your personal information from our systems after this period of time.

  5. Who we share your personal information with and why

    1. The table below sets out the different organisations that we share your personal information with, where they are located, some of the security measures they use to protect your personal information and the service that they provide for us.

      Who we share your personal information with The service they provide for us
      Aircall – Aircall is a cloud-based communications platform provider based in France. "Aircall uses advanced technical and robust organisational security measures, including encryption, and is SOC2 audited."

      "We use Aircall to analyse call metrics (frequency, response times, etc) to ensure that we are providing prompt and efficient customer support and account management services to our customers and suppliers."
      Airtable – Airtable is a cloud-based relational database platform provider based in the US. "Airtable uses advanced technical and robust organisational security measures, including encryption, it is ISO27001 certified and SOC2 audited."

      "We use Airtable to automate a range of key processes across our business to maximise efficiency, including:",
      1. product order processing and sales support,
      2. supplier stock management and goods procurement,
      3. aftermarket services ticketing and customer support
      Intuit ( Mailchimp ) – Mailchimp is an email marketing platform provider based in the US. "Mailchimp uses advanced technical and robust organisational security measures, including encryption, it is ISO27001 certified and SOC2 audited."

      We use Mailchimp to manage our email marketing communications to customers and suppliers.
      "Microsoft – Microsoft is a computing, communications and productivity product and service provider based in the EU and the US." "Microsoft uses advanced technical and robust organisational security measures, including encryption, it is ISO27001 certified and SOC2 audited."

      "We use Microsoft products and services to facilitate a range of key processes across our business to maximise efficiency, including:",
      1. email communications to customers and suppliers,
      2. Teams video conferencing with customers and suppliers,
      3. real-time product performance data and analytics for our customers through our customer portal,
      4. cloud-based data storage and hosting.
      XERO – XERO is a business accounting and payment platform provider based in the US. "XERO uses advanced technical and robust organisational security measures, including encryption, it is ISO27001 certified and SOC2 audited."

      We use XERO to provide goods procurement and payment services to our suppliers

  6. Transferring your personal information outside the UK

    1. Some of the companies identified in section 5 of this Privacy Notice are based outside the UK and this means that some of your personal information will be transferred and stored in countries outside the UK.

    2. The UK’s general data protection regulations (UK GDPR) provide strict rules governing how these transfers can take place to ensure that your personal information is always protected.

    3. We only transfer your personal information to companies:

      1. based in the EU or the US;
      2. with whom we have written contracts in place, setting out each party’s legal processing obligations; and
      3. that have rigorous technical and organisational security processes and procedures in place to protect your personal information.

    4. Where we transfer your personal information to companies outside the UK, we do so:

      1. under the UK adequacy regulations (this means the country has been assessed as providing adequate protection for people’s rights and freedoms about their personal information); or
      2. where we and the other company have entered into a contract incorporating the necessary standard data protection clauses recognised or issued in accordance with UK data protection law.

  7. Automated decision making, including profiling

    1. Automated decision making is the process of making a decision by automated means (without any human involvement) based on the processing of an individual’s personal information.

    2. Profiling is the process of making predictions or decisions about an individual based on the processing of their personal information.

    3. The UK GDPR gives you the right not to be subject to solely automated decisions, including profiling, which will have a legal or similarly significant effect on you.

    4. We do not make decisions about you by solely automated means that may have a legal or similarly significant effect on you.

    5. We do not undertake profiling about you that may have a legal or similarly significant effect on you.

  8. Website cookies and other tracking technologies

    1. Cookies are tiny files that are downloaded to your computer when you visit a website. They are used for a variety of reasons including to improve your user experience and to identify which parts of the website you have visited.

    2. You can find out about the cookies we use on our website, and why we use them, in our Cookie Policy.

  9. Your rights

    1. The UK GDPR sets out your legal rights in relation to the processing of your personal information. Under the UK GDPR you have the right to:

      1. Request access to a copy of the personal information we hold about you (known as a subject access request ).
      2. Request that we correct any inaccurate or incomplete personal information that we hold about you.
      3. Request that we erase (delete) your personal information if we cannot provide a reason to continue using it (known as the right to be forgotten ).
      4. Object to us processing your personal information for direct marketing purposes or where we are unable to demonstrate that we have a clear legitimate interest to process it.
      5. Request we restrict the processing of your personal information in some circumstances (for example, if you claim the information is inaccurate, you might restrict the further use of that personal information until we have updated it).
      6. Request we transfer a copy of your personal information to you or to a third party in a machine readable format (known a data portability ).
      7. Withdraw your consent to us processing your personal information where we rely on consent as the legal basis for such processing.
      8. Make a complaint about the processing of your data. Section 11 of this Privacy Notice explains how you can do this.

    2. In addition to the rights above, you would have certain other rights if we were to make decisions about you based on solely automated means, including profiling, that might have a legal or similarly significant effect on you. As stated in section 7 of this Privacy Notice, we do not currently do this.

  10. How to contact us

    1. If you have any questions regarding how we process your personal information or any of your rights, you can contact us:

      1. By email: dpo@sunswap.co.uk
      2. By post: DPO, Sunswap Ltd, Unit 9, Mole Business Park, Randalls Road, Leatherhead KT22 7BA

  11. Your right to complain

    1. If you have a concern regarding how your personal information has been processed by us, then please contact us at the address above explaining your concern and providing suitable contact details and we will do our best to promptly resolve any issue.

    2. You also have the right to make a complaint to the Information Commissioner’s Office (ICO). The ICO regulates data protection and information rights compliance in the UK. You can find more information on the ICO’s website here.

  12. Last updated

    1. This Privacy Notice was updated on 01 November 2025.

    2. It was updated to make it easier to understand and to provide more detailed information regarding why we process the personal information of our customers and suppliers and who we share that information with.

Experience Sunswap

Transport Your Fleet Into the Future, Today

Move beyond diesel with road-tested electric transport refrigeration, trusted by leading UK and European transport operators and retailers.

Book a Trial