Privacy Policy

Last updated: 22nd May 2026

This Privacy Policy describes Our policies and procedures on the collection, use and disclosure of Your information when You use the Service and tells You about Your privacy rights and how the law protects You.

We use Your Personal Data to provide and improve the Service. By using the Service, You agree to the collection and use of information in accordance with this Privacy Policy.

Interpretation and Definitions

Interpretation

The words whose initial letters are capitalised have meanings defined under the following conditions. The following definitions shall have the same meaning regardless of whether they appear in singular or in plural.

Definitions

For the purposes of this Privacy Policy:

Company (referred to as either “the Company”, “We”, “Us” or “Our” in this Privacy Policy) refers to JGM Tech Support, Uttoxeter, Staffordshire.
Cookies are small files that are placed on Your computer, mobile device or any other device by a website, containing the details of Your browsing history on that website among its many uses.
Country refers to: United Kingdom.
Device means any device that can access the Service such as a computer, a cell phone or a digital tablet.
Personal Data (or “Personal Information”) is any information that relates to an identified or identifiable individual. We use “Personal Data” and “Personal Information” interchangeably unless a law uses a specific term.
Service refers to the Website.
Service Provider means any natural or legal person who processes the data on behalf of the Company. It refers to third-party companies or individuals employed by the Company to facilitate the Service, to provide the Service on behalf of the Company, to perform services related to the Service or to assist the Company in analysing how the Service is used.
Usage Data refers to data collected automatically, either generated by the use of the Service or from the Service infrastructure itself (for example, the duration of a page visit).
Website refers to JGM Tech Support, accessible from www.jgmtechsupport.co.uk.
You means the individual accessing or using the Service, or the company, or other legal entity on behalf of which such individual is accessing or using the Service, as applicable.

Data Controller

Under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018, JGM Tech Support is the Data Controller responsible for Your Personal Data.

You can contact us regarding any data-protection matter:

By email: [email protected]

We are not required to appoint a Data Protection Officer (DPO) under current regulations, but We take our obligations under UK GDPR and the Privacy and Electronic Communications Regulations 2003 (PECR) seriously and are committed to protecting Your rights.

Collecting and Using Your Personal Data

Types of Data Collected

Personal Data

While using Our Service, We may ask You to provide Us with certain personally identifiable information that can be used to contact or identify You. Personally identifiable information We collect is limited to:

Name
Email address
Phone number (optional)
The content of any message You send Us via the contact form
Where You book a call, scheduling information You provide to our booking provider (see “Third-Party Service Providers” below)

We do not ask for, and do not need, Your postal address in order to respond to a website enquiry.

Usage Data

Usage Data is collected automatically when using the Service.

Usage Data may include information such as Your Device's Internet Protocol address (e.g. IP address), browser type, browser version, the pages of our Service that You visit, the time and date of Your visit, the time spent on those pages, unique device identifiers and other diagnostic data.

When You access the Service by or through a mobile device, We may collect certain information automatically, including, but not limited to, the type of mobile device You use, Your mobile device's unique ID, the IP address of Your mobile device, Your mobile operating system, the type of mobile Internet browser You use, unique device identifiers and other diagnostic data.

We may also collect information that Your browser sends whenever You visit Our Service or when You access the Service by or through a mobile device.

Cookies and Similar Technologies

Use of cookies in the UK is governed by the Privacy and Electronic Communications Regulations 2003 (PECR) alongside UK GDPR.

We do not currently set any non-essential, tracking, advertising or analytics cookies. Specifically:

Our website analytics are provided by Cloudflare Web Analytics, which is cookieless and does not track individuals across sites.
We store a small flag in Your browser’s localStorage (key jgm_consent_v1) to remember Your choice on the cookie notice, so We do not show it on every visit. This is not a cookie and is not transmitted to Us; You can clear it at any time through Your browser settings.
Third-party content embedded in the Service (for example, the Google Calendar appointment booking widget) may set its own cookies when You interact with it. See “Third-Party Service Providers” below.

If We introduce non-essential cookies in future (such as additional analytics or marketing cookies), We will request Your consent first through the banner shown at the bottom of the page. You can withdraw or change Your consent at any time. Withdrawing consent does not affect the lawfulness of processing based on consent before its withdrawal.

Lawful Basis for Processing (UK GDPR)

Under UK GDPR, We must have a lawful basis for processing Your Personal Data. We rely on the following bases:

Purpose of Processing	Lawful Basis (Article 6 UK GDPR)
Responding to contact-form enquiries and providing IT support services	Contract (Art. 6(1)(b)) — processing is necessary to take steps at Your request prior to entering into, or to perform, a contract
Sending marketing or promotional communications	Consent (Art. 6(1)(a)) — You have given clear, freely given, specific and informed consent
Retaining financial records for tax purposes	Legal obligation (Art. 6(1)(c)) — processing is necessary to comply with HMRC requirements under the Taxes Management Act 1970
Improving the Service, fraud prevention and security monitoring	Legitimate interests (Art. 6(1)(f)) — We have assessed that Our legitimate interests are not overridden by Your rights and freedoms
Complying with court orders or statutory requests	Legal obligation (Art. 6(1)(c)) — processing is necessary to comply with a legal obligation to which We are subject

Where We rely on consent as Our lawful basis (for example, where You tick the marketing opt-in on the contact form), You have the right to withdraw that consent at any time without affecting the lawfulness of any processing carried out before withdrawal. To withdraw consent, please reply “unsubscribe” to any marketing email from Us, or contact Us at [email protected].

Use of Your Personal Data

The Company may use Personal Data for the following purposes:

To provide and maintain our Service, including to monitor and improve its operation.
To respond to Your enquiry: to take steps at Your request prior to entering into a contract for IT support, and to provide that support.
To contact You: by email, telephone, SMS or other electronic means in connection with the support You have asked Us to provide.
Marketing (only if You have opted in): to send You occasional tips, offers and information about Our services. We will only do this where You have ticked the marketing opt-in on Our contact form or otherwise given clear consent.
To comply with legal obligations: for example, retaining financial records for HMRC or responding to lawful requests from public authorities.
To protect the Service: for fraud prevention, security monitoring and defending legal claims.

We may share Your Personal Data in the following situations:

With Service Providers who process data on Our behalf (see “Third-Party Service Providers” below).
With Your consent: We may disclose Your Personal Data for any other purpose with Your consent.
Where required by law (see “Disclosure of Your Personal Data” below).

Retention of Your Personal Data

The Company will retain Your Personal Data only for as long as is necessary for the purposes set out in this Privacy Policy, and in line with the principle of storage limitation under UK GDPR (Article 5(1)(e)).

Where possible, We apply shorter retention periods and/or reduce identifiability by deleting, aggregating, or anonymising data. Unless otherwise stated, the periods below are maximum periods and We may delete or anonymise data sooner when it is no longer needed for the relevant purpose.

Contact form submissions & support correspondence
- Retained for up to 24 months from the date of ticket closure, to resolve follow-up enquiries and defend against potential legal claims.
Usage & analytics data (aggregated page views, referrers, approximate location, device/browser type)
- Collected on Our behalf by Cloudflare Web Analytics and retained in line with Cloudflare’s retention policy (typically up to 6 months in aggregated form).
Server & error logs (e.g. submission metadata captured when the contact form is processed)
- Retained for a short period (typically up to 30 days) by Our hosting provider for debugging and security purposes.
Financial / tax records
- Retained for 6 years in compliance with HMRC requirements under the Taxes Management Act 1970.

We may retain Personal Data beyond the periods stated above where:

Legal obligation — We are required by law to retain specific data.
Legal claims — Data is necessary to establish, exercise, or defend legal claims.
Technical limitations — Data exists in encrypted backup systems scheduled for routine deletion.

When retention periods expire, We securely delete or anonymise Personal Data. Residual copies may remain in encrypted backups for a limited period and are not restored except where necessary for security, disaster recovery, or legal compliance.

Transfer of Your Personal Data

Your information, including Personal Data, is processed at the Company's operating location in the United Kingdom. Where Personal Data is transferred to a third-party Service Provider that operates outside the UK, We ensure such transfers are subject to appropriate safeguards in line with Chapter V of UK GDPR. These safeguards may include:

Transfers to countries or territories covered by UK adequacy regulations;
Use of the UK International Data Transfer Agreement (IDTA) or the UK Addendum to the EU Standard Contractual Clauses; or
Other appropriate safeguards and supplementary measures as required.

The Company will take all steps reasonably necessary to ensure Your data is treated securely and in accordance with this Privacy Policy. No transfer of Your Personal Data will take place to an organisation or country unless adequate controls are in place.

Your Data Protection Rights (UK GDPR)

Under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018, You have the following rights in relation to Your Personal Data:

Right of Access (Article 15) — You have the right to request a copy of the Personal Data We hold about You (a “Subject Access Request”). We will respond within one calendar month of receipt.
Right to Rectification (Article 16) — You have the right to request that We correct any inaccurate or incomplete Personal Data We hold about You.
Right to Erasure / ‘Right to be Forgotten’ (Article 17) — You have the right to request that We delete Your Personal Data where there is no compelling reason for Us to continue processing it. This right is not absolute and may be limited by legal obligations.
Right to Restriction of Processing (Article 18) — You have the right to request that We restrict the processing of Your Personal Data in certain circumstances, for example while the accuracy of that data is being verified.
Right to Data Portability (Article 20) — Where We process Your data by automated means on the basis of Your consent or a contract, You have the right to receive that data in a structured, commonly used and machine-readable format, and to request that We transmit it to another controller where technically feasible.
Right to Object (Article 21) — You have the right to object to processing based on Our legitimate interests or for direct marketing purposes. Where You object to direct marketing, We will cease processing immediately. For other legitimate-interest processing, We will cease unless We can demonstrate compelling legitimate grounds that override Your rights.
Rights related to Automated Decision-Making and Profiling (Article 22) — You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal or similarly significant effects. We do not currently carry out such automated decision-making.

To exercise any of these rights, please contact Us by email at [email protected]. We will respond within one calendar month. In some cases We may need to verify Your identity before fulfilling a request. There is no charge for making a request, unless requests are manifestly unfounded or excessive.

Right to Lodge a Complaint

If You believe We have not complied with Your data protection rights, You have the right to lodge a complaint with the UK supervisory authority:

Information Commissioner’s Office (ICO)
Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
Tel: 0303 123 1113
Website: ico.org.uk

We would, however, appreciate the opportunity to address Your concerns before You approach the ICO, so please contact Us in the first instance.

How to Delete Your Personal Data

You have the right to request that We delete the Personal Data We hold about You (see “Right to Erasure” above). You may contact Us to request access to, correction of, or deletion of any Personal Data that You have provided to Us.

Please note that We may need to retain certain information where We have a legal obligation or lawful basis to do so (for example, financial records required by HMRC).

Disclosure of Your Personal Data

Business Transfers

If the Company is involved in a merger, acquisition or asset sale, Your Personal Data may be transferred. We will provide notice before Your Personal Data is transferred and becomes subject to a different Privacy Policy.

Law Enforcement

Under certain circumstances, the Company may be required to disclose Your Personal Data if required to do so by law or in response to valid requests by public authorities (e.g. a court or a government agency).

Other Legal Requirements

The Company may disclose Your Personal Data in the good faith belief that such action is necessary to:

Comply with a legal obligation
Protect and defend the rights or property of the Company
Prevent or investigate possible wrongdoing in connection with the Service
Protect the personal safety of Users of the Service or the public
Protect against legal liability

Third-Party Service Providers

We work with the following third-party Service Providers who process Personal Data on Our behalf as Data Processors. All processors are subject to written data-processing agreements consistent with UK GDPR requirements:

Cloudflare, Inc. — website hosting, DNS, CDN, serverless functions (Cloudflare Pages Functions) and analytics. We use Cloudflare Web Analytics to collect aggregated, cookieless performance data (page views, load times, referrers, and device/browser type). Cloudflare Web Analytics does not use cookies, does not track individuals across sites, and does not collect or use personal data. Data may be processed in the USA; transfers are protected by appropriate safeguards including the UK Addendum to the EU Standard Contractual Clauses. Cloudflare Privacy Policy.
Resend — transactional email delivery of contact-form submissions to Our inbox. Resend processes the name, email address, phone (if provided) and message You submit via the contact form. Data may be processed in the USA under appropriate transfer safeguards. Resend Privacy Policy.
Google LLC (Google Calendar Appointment Scheduling) — appointment scheduling via Google Business Profile. When You use the “Book a call” tab, the booking widget is loaded from calendar.google.com and may set its own cookies and receive Your IP address, the booking time You choose, and the name and email address You enter into the widget. Data is processed by Google in the USA and other countries under appropriate transfer safeguards. Google Privacy Policy.

Third-Party Assets and Content Delivery Networks

To keep the Website fast, some static assets (such as the Bootstrap CSS framework and icon font) are loaded from public content delivery networks rather than being hosted by Us. When Your browser requests these assets, the relevant CDN provider will receive Your IP address, user-agent and the URL of the asset being loaded. We do not control these providers and they act as independent controllers in respect of that information. The CDNs We currently load assets from are:

jsDelivr (operated by ProspectOne) — jsDelivr Privacy Policy.
Google — appointment scheduling widget assets, see above.

We do not sell or share Your Personal Data with third parties for their own marketing purposes.

Security of Your Personal Data

The security of Your Personal Data is important to Us. We implement appropriate technical and organisational measures (“TOMs”) to protect Your Personal Data against unauthorised or unlawful processing, accidental loss, destruction or damage, in line with the principle of integrity and confidentiality under UK GDPR Article 5(1)(f). These measures include:

HTTPS-only delivery of the Website, enforced via Cloudflare;
Multi-factor authentication on the mailbox that receives contact-form submissions and on accounts with administrative access to the Website and its processors;
Use of reputable processors with their own security certifications (see “Third-Party Service Providers”);
Access controls limiting who can view Personal Data to those who need it to provide the Service.

Submission metadata (such as the time of a request and any error details) may appear briefly in Our hosting provider’s server logs for debugging and security purposes; these logs are short-lived (see “Retention”).

Please remember that no method of transmission over the Internet, or method of electronic storage, is 100% secure. While We strive to use commercially reasonable means to protect Your Personal Data, We cannot guarantee its absolute security.

In the event of a personal data breach that is likely to result in a risk to Your rights and freedoms, We will notify the ICO within 72 hours of becoming aware, as required by Article 33 UK GDPR, and will notify You without undue delay where the breach is likely to result in a high risk to Your rights and freedoms (Article 34 UK GDPR).

Children’s Privacy

Our Service is not directed at children. Under the UK Data Protection Act 2018, the statutory age at which a child can consent to information-society services in their own right is 13. We apply a stricter threshold and do not knowingly collect personally identifiable information from anyone under the age of 18. If You are a parent or guardian and You are aware that Your child has provided Us with Personal Data, please contact Us. If We become aware that We have collected Personal Data from anyone under the age of 18 without verification of parental consent, We will take steps to remove that information from Our systems promptly.

Links to Other Websites

Our Service may contain links to other websites that are not operated by Us. If You click on a third-party link, You will be directed to that third party’s site. We strongly advise You to review the Privacy Policy of every site You visit. We have no control over and assume no responsibility for the content, privacy policies or practices of any third-party sites or services.

Changes to this Privacy Policy

We may update Our Privacy Policy from time to time. We will notify You of any changes by posting the new Privacy Policy on this page and updating the “Last updated” date at the top. Where changes are material, We will provide more prominent notice. You are advised to review this Privacy Policy periodically.

Contact Us

If you have any questions about this Privacy Policy or wish to exercise any of your data-protection rights, You can contact us:

By email (privacy & GDPR enquiries): [email protected]
By email (general enquiries): [email protected]

← Back to home