DB Defence Website Privacy Statement

This privacy notice describes how David Brown Santasalo UK Limited trading as David Brown Defence (collectively “DBD” or “we”, “our” or “us”) is committed to protecting the security and privacy of all personal information or data collected from you. We therefore conduct our business in compliance with applicable laws on data privacy protection and data security. This privacy notice tells you what to expect when we collect and process your personal information.

Website Privacy Statement

We try to meet the highest standards when processing your personal information. Any queries you have in relation to how we collect, store or use your data should be directed to the Managing Director, or the Compliance Team at the following email address: Compliance@db-def.com.

Information We May Collect From You
We may ask you to provide certain information about yourself when you use our website or are in contact with us about the services and activities we provide (whether it is by telephone, email,, through applications or platforms we use, through our social media platforms or even face to face).

The information collected may include:

Details in relation to your identity such as your name, occupation and job title and those of your co-workers where you purchase products or services on one contract from us;
Contact details including your postal / email address and telephone number;
Transaction details about products and services you specifically request from us;
Financial details in relation to any services bought from us including addresses for invoices and/or card payment or bank payment details;
Profile details from documents you complete online such as your username and password, preferences, interests and your transaction history;
Information from customer surveys and feedback forms in respect of any of our products or services you may have purchased;
Details of your visits to our website, including but not limited to traffic data, location data, weblogs and other communication data and the resources that you access or use.

Given the nature of the products and services we sell it is extremely unlikely that we will need to collect any sensitive data about you. Sensitive data is personal information which includes your racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, or information concerning your health or mental wellbeing or sexual orientation. Where we do require to collect and process such sensitive data to provide services to you, we will notify you in advance and will ensure we have an appropriate lawful basis to process it.

If you do not wish us to collect any of the personal information stated above, you should discuss this with us. We can explain the reasons for collection and discuss the consequences of not providing the information, or of providing partial or incomplete information, and the effect this may have on our ability to provide our services.

How We May Use Your Information
By law we can only process your information if we can demonstrate the lawful grounds we have for doing so. Currently there are six potential lawful grounds for processing personal information, namely:

We have your consent;
It is necessary for performance of a contract to which you are a party or to take steps at your request prior to entering into such contract;
It is necessary for our compliance with a legal obligation;
It is in the public interest;
It is necessary to protect your vital interests; or
That it is in our legitimate interest to do so but only where that interest does not override your interests or your fundamental rights and freedoms.

If none of these grounds apply or they cease to apply, we must cease processing your personal information immediately.

We may use personal information held about you in the following ways:

Activity or purpose of processing	Type of data processed	What is our Legal Ground for doing this?
Registering you as a client or a service user	Your identity and contact details	Performance of a contract Legal Obligation
Maintaining our relationship with you	Your identity and contact and profile details	Performance of contract Legal Obligation Legitimate Interest i.e. to keep our records updated and identifying how you use our services
Seeking your views on our products and services to ensure that content from our website is relevant to you and is presented in the most effective manner.	Your identity, contact, profile and technical details	Legitimate Interest i.e. to review the services we supply to you and to inform our overall marketing strategy
Processing or delivering our products and services including managing your contract	Your identity, contact, financial and transaction details	Performance of a contract Legal Obligation
Payment for services	Your identity, contact, financial and transaction details	Performance of a contract
Credit verification and fraud detection	Your identity, financial and transaction details	Performance of a contract
Administration of our website and business (including webhosting and support)	Your identity, contact and technical data	Legal Obligation Legitimate interest i.e. running business, ensuring security and performance of the website, admin and support, monitoring for viruses or malicious software
To make suggestions that may be of interest to you such as available upgrades and enhanced or additional related services or products and advise you on service/security or technical issues that may affect you keeping you up-to-date whether by newsletter, email or otherwise	Your identity, contact, profile and technical data	Consent or Legitimate interests where appropriate i.e. to develop our services

Retention of Personal Data

We will only retain your personal information for as long as is necessary in line with the purposes for which it was originally requested or collected or where we are required to do so for some legal or reporting purpose.

In working out how long we retain personal data we look at the type of personal data involved, the purpose of processing, how sensitive or confidential the data is and any legal and commercial considerations including any legal obligations we have. By way of example by law we are required to keep accounting records for six years after end of the year in which the last transaction occurred. This means that we will be required to keep some basic client details for that purpose even although our relationship with you may be at an end. However, it should be noted that the requirement is basic client details and therefore it is not legitimate to also keep information such as your preferences for that period of time.

If you have any questions relating to either retention periods or you require more detail on the purposes of processing or the specific reason or legal grounds, we are relying on for that processing then please contact us for additional information.

Sharing Your Information
We will not sell the personal information that we collect from you and will only use it for the purposes set out in this privacy notice. We may share your personal information with the following parties:

Service providers who provide us with IT and administration services such as our IT Support and back up provider and webhosting company, our CRM database provider and social media and marketing services providers;
Regulatory authorities who require reporting of our activities by law such as the tax authorities;
Affiliates and associated legal entities within our family of companies but only for purposes which are consistent with this privacy notice;
Authorised agents and representatives in order to offer ongoing support, product or services but only for purposes consistent with this privacy notice and subject to confidentiality provisions;
Professional advisers such as our lawyers, accountants, bankers and insurers; and
Third parties to whom we sell, transfer or merge our business or any part of it.

All third parties with whom we share your data are required to protect your personal data, treat it confidentially and to process it in accordance with the law. Where we use third parties we will take all reasonable steps to ensure that they are UK GDPR compliant and in particular that:

They have adequate technical and other measures in place to ensure the security of your personal information;
They only use it for specified purposes;
Any employees or contractors who have access to the information are adequately trained and deal with it on a need to know basis only; and
They act only in accordance with our instructions.

IP Addresses and Cookies
We may collect information about your computer, including where available your IP address, operating system and browser type, for system administration. This is statistical data about our users' browsing actions and patterns and does not identify any individual. Where we use third party providers such as Google Analytics although these third-party services record data such as your geographical location, device, browser and operation system none of this information identifies you to us. We do not make and do not allow these third-party services to make any attempt to find out the identities of anyone who visits our website.

We also use tracking technology to understand how you interact with content in our emails. This tracking technology allows us to know if the email has been opened and if so, how many times which links have been clicked on and whether or not you have shared our content to social media.

Marketing Information
We may provide you with information on services and products that we may provide. This is regarded as marketing activity. We will only market to you where you have:

Specifically requested marketing information from us; or
Previously acquired similar services/goods from us; or
Consented by way of ticking a box or opting in to receiving marketing from us.

If you have opted out of marketing, we will not send you any future marketing without your consent.

Each time we market to you we will always give you the right to opt out of any future marketing but would point out that you have the right at any time to ask us not to market to you by emailing us at Compliance@db-def.com rather than waiting for a specific opt out invitation.

Security of Personal Data
We take information security very seriously. Your information and records will be stored securely to ensure privacy of your personal data. We take all reasonable steps to ensure that there are technical and organisational security measures in place to protect your personal data from unauthorised access or disclosure, and against loss or accidental damage or unauthorised alteration. Staff handling your personal data are also adequately trained in relation to the legal requirements for handling personal data. These include robust procedures for dealing with breaches including incident reporting and notifying the national supervisory or data protection authorities, and where appropriate you, of any breaches, the consequences of the same and the remedial action taken.

If you are based in the EU, then where possible the information you provide us with will be held within the UK or Turkey.

Overseas Transfers

Personal data may be transferred between our office in the United Kingdom and Turkey where necessary for business operations and employee administration.

Where personal data is transferred outside of the United Kingdom or Turkey, we will ensure that appropriate safeguards are in place to protect personal data in accordance with the UK GDPR, the Data Protection Act 2018 and the Law on the Protection of Personal Data no. 66698.

Such safeguards may include contractual protections, such as Standard Contractual Clauses or the UK International Data Transfer Agreement (IDTA), to ensure that personal data receives an appropriate level of protection.

Where personal data is transferred between the UK and Turkey, we will ensure that appropriate legal and organisational safeguards are implemented in accordance with applicable data protection laws in both jurisdictions.

Where we use cloud-based services or third-party providers, personal data may also be processed on systems located outside the UK or Turkey. In such cases, we will ensure appropriate safeguards are implemented to protect personal data.

Your Rights
In certain instances, you have rights as an individual which you can exercise in relation to the information we hold about you.

The rights that you have in respect of your personal data are as follows:

The right to be informed about the collection and use of your personal data;
The right to access the personal data we hold about you;
The right to the rectification or correction of your personal data;
The right to the erasure or deletion of your personal data (the right to be forgotten);
The right to restrict the processing of your personal data;
The right to transfer your personal data (the right of portability);
The right to object to the processing of your personal data;
The right not to be subject to a decision based solely on automated processing or profiling; and
The right to withdraw your consent to processing of your personal data.

Additional information about these rights can be found on the Information Commissioner’s website at https://ico.org.uk/for-organisations/uk-gdpr-guidance-and-resources/individual-rights/individual-rights/.

If you have provided consent and we are relying on that as the legal ground of processing your personal information and wish to exercise your right to withdraw that consent, you can do so at any time by contacting us at Compliance@db-def.com

Access to Personal Information
We try to be as open as we can in giving people access to their personal information. You can make a subject access request at any time about the personal information we process about you. Any request is not subject to any charges or fees. If we do hold any personal information about you, we will:

Give you a description of it;
Tell you why we are holding it;
Tell you who it has or who it will be disclosed to;
The source of the information (if not you);
Where possible, the period for which it will be stored; and
Let you have a copy of the information in an intangible form.

We will respond to a subject access request within one calendar month. On occasion we may need additional information from you to determine your identity or help us find the information more quickly. Where the information you have requested is complex, we may take longer than this, but we will keep you updated as to the progress should this be the case.

If you believe that any information we hold about you is incorrect or incomplete you should email us at Compliance@db-def.com

Any information which is found to be incorrect or incomplete will be corrected as soon as possible.

Complaints
We would prefer to resolve any issues or concerns you may have directly with you.

If you feel you are unable to resolve matters by contacting us directly or you are unhappy or dissatisfied with how we collect or process your personal information, you have the right to complain about it to your national data protection authority.

For example, the Information Commissioner is the statutory body which oversees data protection law in the UK where DBD have their corporate headquarters.

The Information Commissioner’s Office can be contacted by using the following link: https://ico.org.uk/make-a-complaint/

Contact
Questions, comments and requests regarding this privacy statement are welcomed and should be addressed to Compliance@db-def.com

Changes to this Privacy Statement
We keep our privacy notice under regular review.

Last updated: 25^th March 2026.

Make an enquiry

Whether it's a brand new gearbox for a complex industrial process or service and repair of an existing installation, let us know.

We just need a few details to respond to your product information enquiry.

Name

Organisation

Contact number

Country

Your message (optional)

Preferred contact method

Phone

Honey Pot