Privacy Statement

1. Introduction

At Sionic, we take protection of your personal data very seriously and strictly adhere to the rules laid out by all applicable data protection laws.

This privacy policy aims to give you information on how Sionic collects and processes your personal data through your use of this website, including any data you may provide if you contact us regarding our products and services.

2. Lawful basis of processing personal information

We only collect and use personal information about you when the law allows us to. Most commonly, we use it where:

  • Processing is necessary for the performance of a contract
  • Processing is necessary to comply with our legal obligations
  • Processing is necessary for the purpose of the legitimate interest pursued by us or a third party

For example, when you register to attend an event or webinar, we will use your contact details to contact you about the event/webinar and inform the relevant staff at Sionic, and any partner that we are running the event/webinar jointly with, that you will be attending. We may also use your name for name tags and any other event management requirements including but not limited to table arrangements, corporate gifting and collateral. Please also see section 8 below.

3. What information we collect

We collect personal information from you, for example, if you register on our website, request product information, or use any of our services. The categories of personal information that we may collect, store and use about you include:

  • First Name
  • Last Name
  • Phone number
  • Email address
  • Right to work in a certain country
  • Any information you provide to us in your CV
  • LinkedIn web address if you choose to provide this to us

3.1 Use of ‘Cookies’

Cookies are small text files (typically made up of letters and numbers) placed in the memory of your browser or device when you visit a website or view a message. Cookies allow a website to recognise a particular device or browser.

At Sionic, we set and use some cookies ourselves but only on our website. These are called first party cookies. When cookies are served by another domain, they are called “third party cookies”. We use some third party cookies on our website. Please see what cookies we use below:


First Party Cookies

Cookie Name Domain Expiry Purpose





. 2 Years

24 Hours

These cookies are set by google analytics.

More about google analytics is available here.


Third Party Cookies

Service Description
Twitter We integrate with Twitter’s API so that you can easily follow our tweets. More information about Twitter’s use of cookies is available here

4. How long we keep information for

We ensure that your personal data is retained only for the period that Sionic needs it for. All personal information collected has a defined retention period, which is in line with our data retention policy. For example, we keep your CV for two years.

If you would like to find out how long your information is being retained, please see “additional information”, section 10 of this policy.

5. Security of personal information

Sionic is committed to handling your personal information with high standards of information security. We have the following safeguards in place:

  • Physical access controls
  • System access controls (regular security testing)
  • Data access controls
  • Transmission controls (pseudonymisation and encryption of personal data)
  • Anti-virus and malware protection
  • Data backups (ability to restore personal data in a timely manner in the event of a physical or technical incident)
  • Data segregation
  • Ongoing device monitoring and patch management
  • CyberEssentials and CyberEssentials+ Certifications
  • ISO27001
  • Information Security Training (internal)

6. Children’s information

Sionic does not knowingly collect information on children without consent from a responsible parent. If Sionic has collected personal information on a child, please see section 10 “Additional information” of this policy immediately, so we can remove this information without undue delay.

7. Your individual rights under UK GDPR

In this section, we have summarised the rights that you have under the UK General Data Protection Regulation (“UK GDPR”). Some of the rights are complex, and not all of the details have been included in our summaries. Accordingly, you should read the relevant laws and guidance from the regulatory authorities for a full explanation of these rights.

Your principal rights under the UK GDPR:

  • Receive certain information about our personal data collection and processing activities.
  • Access your own personal data.
  • Correct your personal data.
  • The right to be forgotten.
  • Restrict data processing.
  • Object to data processing.
  • Receive a copy of your personal data or transfer your personal data to another controller.
  • Not be subject to solely automated decision-making under certain circumstances.
  • Receive notifications of data security breaches.

You have the right to confirm whether or not we process your personal data and, where we do, you have the right to ask for certain additional information. That additional information includes details of the purposes of the processing, the categories of personal data concerned and the recipients of the personal data. Provided the rights and freedoms of others are not affected, we will supply to you a copy of your personal data. The first copy will be provided free of charge, but additional copies may be subject to a reasonable fee (£10).

You as a data subject have the right to rectification, which will allow you as the data subject to modify/change any personal information for the purpose of ensuring that the information we process is up to date.

The right to erasure or right to be forgotten will allow you as the data subject to inform us that you no longer want Sionic to continually store or process your personal information. Please be aware that we may decline your right for a number of reasons, which are not limited to having a lawful basis to process your information or us needing your information for the performance of a contractual obligation.

As a data subject, you have the right to stop any processing of your personal information. Please be aware that you must provide us with a legitimate reason for us to stop processing. Any request made that does not conform to the UK GDPR will be rejected.

On occasion, Sionic may send you marketing emails to make you aware of new services that we believe can benefit you, the data subject. As you have the right to object, you can click the unsubscribe link on all of our emails to inform us that you no longer want to receive marketing emails from us.

The right to data portability will allow you as the data subject to have your personal information securely transferred to another organisation for processing. At Sionic we place this reasonability on you. When you make this request, we will export all information about you and securely transfer it to yourself. You, the data subject, will be able to give this information to your chosen organisation.

If you have any questions about these rights, please see section 10 “Additional information” of this policy.

8. Data transfers/third parties

8.1 Providing your information to others

Sionic, as a data controller, may disclose your personal data, listed in section 3 to some third parties insofar as reasonably necessary for the purposes, and on the legal bases, set out in this policy. Third parties that we use are listed below:

Salesforce: For managing our relationship with clients and prospects. It is one integrated CRM platform that gives all Sionic practices and departments a single, shared view of clients and prospects. The CRM is mission critical to marketing and also enables us to collect, connect, analyse, respond to and report on both outbound and also inbound data. We also use it to create MI dashboards and commercial analysis for the board and senior management.

Eventbrite: This is an event management and ticketing website used to help promote and manage Sionic events.

Greenhouse: This is our central applicant tracking system, managing our recruitment process from end to end, ensuring our candidates have been processed the right way and enables us to report on company recruitment trends.

Ariba: Portal for uploading invoices and receiving POs for a specific client.

Harvest: Main Accounts Receivable invoicing tool.

Coupa: Portal for uploading invoices and receiving POs for specific clients.

Beeline: Timesheet system to track and bill a specific client.

Sage: Accounting general ledger.

Xero: Accounting general ledger.

Quickbooks: Accounting general ledger.

Survey Monkey and Smart Survey: Survey tools used to conduct both internal and external surveys.

Google Forms: Alternative survey tool.

Instinct Digital: Sionic produced an industry survey for this client which has been widely publicised. The report can be downloaded from a single source: the Sionic website. Anyone who signs up to download the report must proactively agree to both Sionic’s privacy policy and also to the additional rubric which explicitly states that their data will also be shared with Instinct Digital for marketing purposes. See more

Campaign Monitor: The Marketing and Business Development team use this platform to email clients and contacts and to nurture their relationships. This includes regular client newsletters and campaign e-shots. The platform is integrated with Salesforce so that data can flow both ways. This means, for example, that the results of e-shots and newsletters drop into Salesforce for further bespoke development and analysis.

Zoom webinar/meetings: The Marketing team use this to allow event participants to register and join webinars and discussions. Anyone attending agrees to the Ts&Cs of Zoom, which includes the fact that their details will be shared with the event organisers (as a legitimate business interest to which they have actively signed up). We then load the details into Salesforce to allow us to progress the relationship further on a tailored basis.

Googledocs: To complete Sionic’s Operational Resilience questionnaire.

8.2 Analytics

We use third-party analytic tools to better understand who is using the website and how people are using it so we can continuously improve it. These tools may use cookies and other technologies to collect information about your use of the website and your preferences and activities. These tools collect information sent by your device or the website and other information that assists us in improving the website. This information may be used to analyse and track data, determine the popularity of certain content, and better understand your online activity, among other things.

We use Google Analytics to better understand who is using the website and how people are using it. Google Analytics uses cookies to collect and store information such as website pages visited, places where users click, time spent on each website page, Internet Protocol address, type of operating system used, location-based data, device ID, search history, gender, age, and phone number. We use this information to improve the website and as otherwise described in this policy.

Please see here for information about how Google Analytics uses this information, and visit here for information about the Google Analytics Opt-out Browser Add-on. Please note that Google may track your activity over time and across websites.

8.3 Information security with transfers

In this section, we provide information about the circumstances in which your personal data may be transferred to countries outside the UK and European Economic Area (EEA).

We, Sionic, do transfer personal information to third parties outside of the UK and European Economic Area (EEA). We take steps to ensure that where your information is transferred outside of the UK and EEA by our service providers and hosting providers, appropriate measures and controls are in place to protect information in accordance with applicable data protection laws and regulations. For example, we may share information with affiliates based outside the UK and EEA for the purposes foreseen by this policy. Sionic are subject to Sionic data protection policies designed to protect data in accordance with all applicable data protection laws. In each case, such transfers are made in accordance with the requirements of the UK GDPR, EU GDPR and other applicable data transfer legislation.

9. Right to complain

We take any complaints about our collection and use of personal information very seriously.

If you think that our collection or use of personal information is unfair, misleading or inappropriate, or if you have any other concerns about our data processing, please raise this with us in the first instance.

To make a complaint, please contact us.

Alternatively, you can make a complaint to the Information Commissioner’s Office (ICO):

By Post: Information Commissioners Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF

By Website: Click Here

By Email: Click Here

By Phone: 0303 123 1113 (Local rate) or 01625 545 745 (National rate)

10. Additional information

Your trust is important to us. That is why we are always available to talk to you at any time and answer any questions concerning how your data is processed. If you have any questions that could not be answered by this policy or if you wish to receive more in-depth information about any topic within it, please contact us.

11. Review of this policy

We keep this policy under regular review. This policy was last updated in September 2023.

11.1 Amendments

We reserve the right to update this policy at any time. We may also notify you in other ways from time to time about the processing of your personal information.

12. How to contact us direct

This is how to contact us directly if you have any questions about this policy or information we hold about you:

Issuing Department: People Team

Date of next review: September 2024

Anything you’re unsure about?