Forfront Ltd. Website Privacy Policy
1. Who we are
Forfront Ltd. (“Forfront”, “we”, “us”, “our”) operates the e-shot™ platform and related services.
This Website Privacy Policy explains how we collect and use personal data when you visit our website.
Forfront Ltd. is the Data Controller for the personal data collected through this website.
Registered address:
Paternoster House, 65 St Paul’s Churchyard, London, EC4M 8AB
Trading address:
Global House, Ashley Avenue, Epsom, KT18 5AD
Contact: dpo@forfront.com
We are registered with the UK Information Commissioner’s Office (ICO).
2. What this policy covers
This policy applies to personal data collected when you:
browse our website
submit an enquiry or request a demo
interact with website forms or content
engage with our website in any way
* If you subscribe to our marketing communications, please also see our Marketing Privacy Notice, which explains how we use your data for email marketing and related activities.
3. What personal data we collect
We may collect:
Information you provide directly
Name
Email address
Phone number
Company name and job title
Any information included in your enquiry
Information collected automatically
IP address
Browser type and device information
Pages visited and time spent on the site
Referral source
Cookies and tracking technologies
We use cookies and similar technologies to operate and improve our website.
See Section 8 for more details.
4. How we use your data
We use your personal data to:
operate and maintain our website
respond to enquiries and provide requested information
manage and improve website performance
ensure security and prevent misuse
comply with legal obligations
Where appropriate, we may also use your details to send relevant information about our services.
* Details of how we use your data for marketing are set out in our Marketing Privacy Notice.
5. Lawful basis for processing
We rely on the following lawful bases:
Consent – where you have actively provided your details (e.g. form submissions)
Contractual necessity – applies where processing is required to respond to enquiries, demo requests, or other communications initiated by you prior to entering into a business relationship.
Legitimate interests – allows us to operate and improve our website, ensure its security, and understand how it is used. We assess and balance our interests against your rights and expectations
Legal obligation – where required by law
Where we rely on legitimate interests, we ensure these do not override your rights and interests.
6. Data sharing
We do not sell your personal data.
We may share your data with trusted service providers who support our website and business operations, such as:
hosting and infrastructure providers
analytics providers
customer support systems
These providers act under contractual obligations to protect your data.
7. Data storage and security
Your personal data is stored on secure systems, primarily within the United Kingdom.
We use appropriate technical and organisational measures to protect your data, including:
encryption of website traffic (HTTPS)
access controls
security monitoring and testing
8. Data breach notification
In the event of a data breach affecting your personal data, we will notify you where required under applicable data protection law.
9. Cookies and tracking technologies
We use cookies to:
ensure the website functions correctly
understand how visitors use the site
improve performance and user experience
Types of cookies may include:
Essential (Necessary) cookies – required for basic functionality
Analytics cookies – help us understand usage
Functionality (Marketing) cookies – remember preferences
You can withdraw or update your consent at any time via our cookie preferences tool. Withdrawal of consent will stop the use of non-essential cookies going forward. Please note that this does not affect processing that has already taken place.
10. International data transfers
Where personal data is processed outside the UK, we ensure appropriate safeguards are in place, such as:
UK adequacy regulations
UK International Data Transfer Agreements (IDTAs)
11. Data retention
We retain personal data only for as long as necessary to fulfil the purposes outlined in this policy. Typical retention periods include:
Enquiry and contact form data: up to 12–24 months after the last interaction, to allow follow-up and maintain business records
Demo requests and sales enquiries: up to 24 months from last contact, unless you become a client
Marketing-related data: as set out in our Marketing Privacy Notice
Website analytics data: typically up to 12–24 months, depending on the analytics provider configuration
Cookie consent records: up to 6 years, to demonstrate compliance with legal obligations
Technical and security logs: typically between 6–12 months, unless required for investigation or legal purposes
We periodically review the data we hold and securely delete or anonymise personal data where it is no longer require.
12. Your rights
Under UK data protection law, you have the right to:
access your personal data
correct inaccurate data
request deletion
restrict processing
object to processing
request data portability (where applicable)
withdraw consent (where applicable)
To exercise your rights, contact: dpo@forfront.com
13. Children’s data
Our website and services are not intended for children, and we do not knowingly collect personal data relating to children.
14. Complaints
If you have concerns about how we use your data, please contact us first at:
dpo@forfront.com
We will investigate and respond promptly.
You also have the right to complain to the Information Commissioner’s Office (ICO).
15. Links to other websites
Our website may contain links to third-party websites.
We are not responsible for their privacy practices and encourage you to review their policies.
16. Changes to this policy
We may update this policy from time to time.
Updates will be posted on this page with a revised “Last updated” date.
Last updated: May 2026