Data Protection Policy
1. Purpose and Scope
This Data Protection Policy sets out how [MacMasters] (“we”, “our”, “us”) collects, uses, stores, and protects personal data while providing IT consulting services.
We are committed to ensuring that all personal data handled by us is processed in accordance with applicable data protection laws, including the UK GDPR / EU GDPR and the Data Protection Act 2018.
2. Lawful Basis for Processing
We process personal data only where there is a lawful basis to do so, including:
- The performance of a contract with our clients or prospective clients.
- Compliance with legal obligations (e.g., accounting or tax requirements).
- Our legitimate interests in operating and protecting our business (e.g., for debt recovery or defending legal claims).
- Consent, where applicable.
3. Types of Data Collected
We may collect and process the following categories of data:
- Client contact details (name, company name, job title, email, phone number).
- Billing and payment information.
- Project documentation, system information, or login credentials (only where required for contracted work).
- Communication records (emails, messages, call logs).
4. Data Retention
We retain personal data only for as long as necessary to fulfil the purpose for which it was collected or to comply with legal, tax, and regulatory obligations.
Retention periods:
- Active Clients: Data is retained for the duration of the engagement.
- Enquiries or Prospective Clients: Data is retained for 12 months after last contact unless consent to retain it longer is given.
- Non-Payment or Outstanding Invoice Cases:
Where payment remains outstanding or a dispute is unresolved, we will retain relevant personal data (including contact and billing information) until the final attempt to recover payment. This retention supports lawful debt recovery and the establishment or defence of legal claims. Once the matter is resolved, data will be securely deleted or anonymised. After six (6) months of non-payment, we reserve the right to delete such data at our discretion.
5. Data Sharing
We do not sell or share personal data with third parties for marketing. We may share data only where necessary, such as:
- With professional advisors (e.g., accountants, legal counsel).
- With payment processors or debt recovery agencies, where justified.
- With regulatory authorities when required by law.
6. Data Security
Appropriate technical and organisational measures are implemented to protect data against unauthorised access, alteration, disclosure, or destruction. These include encryption, secure storage, and restricted access controls.
7. Individual Rights
Individuals have the right to access, correct, delete, or restrict processing of their personal data. Requests can be made via email to [Your Contact Email]. We will respond in accordance with applicable law.
8. Data Breach Notification
In the event of a data breach, affected parties and the relevant supervisory authority will be notified where legally required, and remedial action will be taken promptly.
9. Policy Review
This policy is reviewed annually or upon significant changes in data protection law or business operations.
Contact
If you have any questions or wish to exercise your data rights, please contact:
support@macmasters.tech