top of page

Privacy Policy

Privacy Policy – Deskless IT (Trading Name of Matthew Austerbury)

Version: 1.4
Effective Date: 2 September 2025
Last Reviewed: 2 September 2025
Next Review Due: 2 September 2026
Owner: Matthew Austerbury

1. Who I Am

 

This policy applies to Deskless IT, the trading name of Matthew Austerbury, a sole trader and the Data Controller for your personal data.

 

Contact details:
 

📧 Email: desklessit@gmail.com
📞 Phone: Available upon request
📍 Address: United Kingdom

 

2. What Data I Collect

I may collect and process the following types of personal data:

  • Name and contact details (email, phone number, address)

  • Business name and service-related details

  • Device and system technical information

  • IP address (website access) – temporarily collected when you visit my website, used solely for security monitoring, fraud prevention, and diagnostics, and automatically deleted once no longer required.

  • IP address (service delivery) – collected as part of providing contracted IT services (e.g., remote support sessions, system access logs). Retained only as long as necessary for service records, troubleshooting, or legal obligations.

 

3. How I Use Your Data

 

Your personal data is used to:

  • Provide and manage IT services and support

  • Respond to enquiries and resolve issues

  • Manage accounts, invoicing, and billing

  • Improve and personalise services

  • Communicate updates or relevant offers

  • Meet legal and regulatory obligations

 

4. Lawful Basis for Processing

 

Processing is carried out under one or more of the following lawful bases:

  • Contract – to provide services or take steps at your request

  • Consent – where freely given, such as for email marketing (if applicable)

  • Legitimate Interests – for running and growing the business in a way that does not override your rights

I have conducted a Legitimate Interests Assessment (LIA) to ensure that my interests do not override your fundamental rights and freedoms.

 

Note on B2B communications:
 

In a business-to-business (B2B) context, I may contact professionals using publicly available or corporate details (e.g., name@company.com) under the legitimate interest lawful basis (Article 6(1)(f) UK GDPR). I have carried out a Legitimate Interests Assessment to ensure this does not infringe your rights. You can opt out at any time (see Section 10).

 

5. Sharing Your Data

 

Your data is never sold. It may be shared with trusted service providers to support core business functions (e.g., email hosting, remote monitoring, invoicing).

If data is transferred outside the UK, appropriate safeguards under UK GDPR will always apply. Depending on the context, these may include:

  • the International Data Transfer Agreement (IDTA) for UK-to-third country transfers;

  • the UK Addendum to the EU Standard Contractual Clauses (SCCs) (used alongside the EU SCCs to ensure they remain valid for UK transfers); or

  • Adequacy regulations for countries recognised by the UK as providing sufficient protection.

In addition, technical and organisational measures such as encryption, access controls, and data minimisation are applied. Deskless IT ensures that any third-country recipient is contractually bound to provide protection equivalent to UK GDPR requirements.

6. Data Security


I implement appropriate technical and organisational measures, including:

  • Encryption of data at rest and in transit

  • Access controls with strong authentication

  • Secure remote access tools (used only with consent)

  • Monitoring and logging of system access

  • Regular reviews of service provider compliance with GDPR

Only authorised individuals under data processing agreements (e.g., vetted freelancers) may access your data when necessary.

7. Data Retention

Personal data is retained only as long as necessary for legal, contractual, or operational purposes.

  • Most records (e.g., support logs, invoices) are retained for 6 years to meet HMRC and business record requirements.

  • In the event of a legal claim or dispute, relevant data may be retained until the matter is resolved.

  • Data no longer required will be securely deleted.


8. Your Rights


Under the UK GDPR, you have the right to:

  • Access the data I hold about you

  • Request correction of inaccurate data

  • Request erasure (where legally possible)

  • Object to or restrict processing

  • Withdraw consent at any time

  • Lodge a complaint with the ICO: https://ico.org.uk/

To exercise these rights, email: desklessit@gmail.com

9. Cookies & Analytics

 

My website uses a cookie consent management tool (Usercentrics) to control non-essential cookies.

  • Essential cookies – automatically set to enable core website functionality, such as page navigation and security. These do not require consent.

  • Non-essential cookies – blocked until you give consent via the cookie banner. These include:

    • Functional cookies – remember preferences and improve usability (e.g., saved settings, chat widgets).

    • Analytics cookies – help me understand how visitors use the site and improve performance.

    • Marketing/advertising cookies – may display relevant content or ads, and can interact with social media platforms.

You can manage or revoke your consent at any time through the “Cookie Settings” link on my website.

 

IP Logging:
 

Your IP address may be temporarily logged when accessing my website or online services. This is solely for security monitoring, fraud prevention, and diagnostic purposes. It is automatically deleted once no longer required for these purposes.

10. Marketing & B2B Outreach

 

Business Contacts (Ltd, LLP, PLC, etc.)


I may contact professionals at corporate addresses (e.g., name@company.com) about services relevant to their role under the legitimate interest lawful basis (Article 6(1)(f) UK GDPR). I have carried out a Legitimate Interests Assessment (LIA) to ensure my interests in making contact do not override your privacy rights. You can opt out at any time, and your details will be added to a suppression list to prevent further contact.

 

Individuals, Sole Traders, Partnerships
 

If you’re a sole trader or individual using personal email addresses (e.g., Gmail, Hotmail), I will only contact you for marketing if:

  • You’ve given clear, prior consent, or

  • You’ve previously engaged with my services

How to Opt Out:


You can opt out of marketing at any time by:

  • Clicking unsubscribe in any email

  • Replying to the message with “unsubscribe”

  • Emailing desklessit@gmail.com with your request

I maintain and regularly screen a suppression list to ensure no further marketing is sent once you opt out.

11. Changes to This Policy


This policy may be updated periodically. The most recent version will always be published on my website or available upon request.


12. Governing Law


This Policy is governed by the laws of England and Wales. Any disputes shall be subject to the exclusive jurisdiction of the courts of England and Wales.


Matthew Austerbury
Data Controller
Deskless IT

What to include in the Privacy Policy

Generally speaking, a Privacy Policy often addresses these types of issues: the types of information the website is collecting and the manner in which it collects the data; an explanation about why is the website collecting these types of information; what are the website’s practices on sharing the information with third parties; ways in which your visitors and customers can exercise their rights according to the relevant privacy legislation; the specific practices regarding minors’ data collection; and much, much more. 


To learn more about this, check out our article “Creating a Privacy Policy”.

bottom of page