Search

Privacy Information

Privacy Information

How Taranto Systems Limited handles your personal data when you visit this website

1. Who we are

Taranto Systems Limited (“we, “our”, “us”) provides software and managed services to local authorities across the UK. We are the data controller for personal data collected through this website:  tarantosystems.com

Data Protection Officer

Email: dataprotection@tarantosystems.com

Post: Data Protection Officer

Taranto Systems Limited, Brook Suite, Ground Floor, Bewley House, Marshfield Road,  Chippenham
Wiltshire, SN15 1JW

This notice covers the personal data we collect through tarantosystems.com. If you are concerned about Penalty Charge Notice, permit, appeals or enforcement data, please contact the relevant local authority – they are the data controller for that processing and we act as their data processor. 

For the full Taranto Systems Ltd Data Protection Framework covering all our processing activities, please contact the Data Protection Officer. 

2. What we collect through this website 

Taranto Systems Limited is the data controller for personal data collected through this website. The corporate website is a marketing site providing information about Taranto and our solutions. We do not process Penalty Charge Notice, permit, appeals or enforcement data through tarantosystems.com. That processing takes place on client-branded self-service portals at separate web addresses, where the relevant local authority is the data controller. 

We may collect personal data through this website in the following ways:

Demo Requests. Our homepage carries a “Book a Demo” form. When you submit this form, we collect your name, telephone number and email address so that we can contact you to arrange a demonstration. Our lawful basis is legitimate interests – responding to a business enquiry you have submitted to us. Submitting a demo request does not add you to any marketing list: Marketing communications require a separate opt-in. We hold your details for 2 years from last contact, after which we delete or anonymise the record. 

Direct Enquiries. If you contact us via email (for example sales@tarantosystems.com or dataprotection@tarantosystems.com) or by phone, we hold your contact details and the contents of your enquiry so that we can respond and keep a record of the interaction. Our lawful basis is legitimate interests. We hold these enquiries for 2 years from last contact. 

Cookies and website analytics. Our website uses cookies for essential functionality and, with your consent, for analytics. A cookie consent banner allows you to manage your preferences. Analytics data is held for 12 months and anonymised after 6 months. 

Site search. If you use the search function, your query may be captured by our analytics provider, together with browser metadata such as your IP address, browser type and the page you search from. This is governed by the same consent position as analytics. 

Applying for a job. The Careers page on this website does not collect application data. When you click through to apply, you are taken to Modaxo’s recruitment site on Workday. The applicant privacy notice published on the Workday recruitment site applies to that processing

3. Who we share your data with

We do not sell, rent or lend your personal data to third parties.

We share your personal data with the following categories of recipient. All third parties who process personal data on our behalf are bound by contractual data protection obligations and may only use your data for the purposes for which we instruct them. 

  • HubSpot – our customer relationship management (CRM) and forms platform Demo requests and other forms submitted through our website are processed by HubSpot on our behalf.
  • Microsoft 365 – our email and productivity platform. Direct enquiries received by email are stored and processed within Microsoft 365
  • Google Analytics – our website analytics provider. We use IP address anonymisation
  • Professional advisors – (legal, accounting) where necessary for the conduct of our business. 
  • Regulatory authorities – where required by law, court order, or in response to a properly authorised investigation

We may also disclose your personal data where we believe it is necessary to comply with a legal process served on us, to protect our rights or property, or to protect the personal safety of our clients, staff or the public. 

If Taranto Systems is involved in a corporate transaction, merger, acquisition or transfer of assets, your personal data may form part of the assets transferred to the acquiring entity, subject to the same protections set out in this notice. 

4. Where your data is held and how we keep it secure

Our primary IT infrastructure is hosted in the UK and EU. Microsoft 365 data is held in UK and EU data centres. HubSpot CRM and forms data is held in EU data centres. Website analytics is operated by Google with IP anonymisation enabled. 

Some of our third-party processers are headquartered outside the UK and may transfer your data to other jurisdictions (including the United States) for support, billing or service delivery. Where this occurs, we ensure appropriate safeguards are in place, including:

  • The UK extension to the EU – US Data Privacy Framework, where the  recipient is certified 
  • The UK International Data Transfer Agreement or Standard Contractual Clauses, where applicable  
  • Transfer Risk Assessments where required

You can request details of the safeguards that apply to any specific transfer by contacting our Data Protection Officer. 

We maintain physical, procedural and technical safeguards to protect personal data against loss, misuse, unauthorised access, disclosure or modification. Access to personal data is restricted to authorised personnel. Our staff receive training on data protection and we follow ISO/IEC 27001 information security management practices. 

5. Your rights

Under UK data protection law you have the following rights in relation to your personal data:

  • Access. Request a copy of your personal data
  • Rectification. Correct inaccurate or incomplete data
  • Erasure. Request deletion of your data, subject to legal retention requirements
  • Restriction. Limit our processing of your data while a challenge is resolved
  • Objection. Object to processing based on legitimate interests.
  • Portability. Receive your data in a structured format, where processing is automated and based on consent or contract. 
  • Withdraw consent. Withdraw any consent you have given (for example for marketing communications). This does not affect prior processing
  • Complain. Make a data protection complaint directly to us (see Section 6 below) or to the Information Commissioner’s Office.

To exercise any of these rights, please email dataprotection@tarantosystems.com. We will respond within one calendar month (this may be extended to three months for complex requests) There is no charge unless your request is manifestly unfounded or excessive. 

If your concern relates to data processed by us on behalf of a local authority (for example PCN or permit data) please contact the local authority directly – they are the data controller. We will assist them in responding to your request. 

6. Lodge a complaint

Direct to us

If you believe Taranto Systems has mishandled your personal data, you can make a complaint directly to us. From 19 June 2026, under section 164A of the Data Protection Act 2018, we operate a documented complaints handling process. We will:

  • Acknowledge receipt of your complaint within 30 days
  • Investigate without undue delay and keep you informed of progress
  • Notify you of the outcome

How to complain to us: 

You can complain through any of the following channels:

Direct to the regulator

You can complain to the Information Commissioner’s Office at any time. You do not have to come to us first. 

This notice covers personal data collected through tarantosystems.com. For the full TSL Data Protection Framework, contact dataprotection@tarantosystems.com

Effective from 19 June 2026