Privacy Policy
1. Who we are
Tech Off Your Mind is the trading name of Jonathan James White, a sole trader based in West Sussex, United Kingdom.
For data protection enquiries, contact help@techoffyourmind.co.uk.
For most of the personal information described in this notice, Jonathan James White trading as Tech Off Your Mind is the controller.
2. Personal information we may collect
We may collect your name, business name, job title, email address, telephone number and correspondence.
When providing services, we may also process user account details, device information, system configuration, support records, audit information, billing information and other technical data that is reasonably required to deliver the agreed work.
We may receive information directly from you, from your employer or authorised representative, from systems you ask us to support, or from suppliers involved in delivering the service.
Please do not send special category information or highly sensitive personal information unless it is necessary and we have agreed a secure way to receive it.
3. How we use personal information and our lawful bases
We use personal information to respond to enquiries and prepare quotations. We normally rely on legitimate interests for business enquiries and taking steps at your request before entering into a contract.
We use personal information to provide, administer and support contracted services. We normally rely on performance of a contract, or legitimate interests where the contract is with your organisation rather than with you personally.
We use personal information for invoicing, accounting, tax, fraud prevention and other legal or regulatory requirements. We rely on legal obligation and legitimate interests as appropriate.
We use service and security records to protect our systems, investigate incidents, maintain service quality and improve our processes. We normally rely on legitimate interests.
We do not currently send general promotional email campaigns. If this changes, we will follow the applicable privacy and electronic marketing rules.
4. When we act as a processor
When we administer a customer Microsoft 365 tenant, device estate or other system, we may process personal information on the customer's instructions. In those circumstances, the customer will usually be the controller and we will act as its processor.
The scope, security requirements, retention and deletion arrangements for processor activity should be set out in the service agreement, order form or a separate data processing agreement.
5. Sharing personal information
We do not sell personal information.
We may share information only where reasonably necessary with service providers and professional advisers, such as Microsoft and other cloud or software providers, hosting and domain suppliers, payment and accounting providers, insurers, legal or tax advisers, and subcontractors approved for the relevant work.
We may also disclose information where required by law, regulation, court order, law enforcement request, or to establish, exercise or defend legal rights.
Where a supplier processes information outside the United Kingdom, we take reasonable steps to ensure an appropriate transfer mechanism and contractual safeguards are in place.
6. Retention
We keep personal information only for as long as reasonably necessary for the purpose for which it was collected, including legal, accounting, insurance and dispute-resolution requirements.
Unsuccessful enquiries and quotations are normally retained for up to 12 months after the last meaningful contact, unless there is a reason to keep them for longer.
Customer service and support records are normally retained for the customer relationship and for up to 7 years afterwards where they may be required for accounting, contractual, insurance or legal purposes.
Technical logs and security records may have shorter retention periods, depending on the service, risk and available storage. Exact periods may be stated in the applicable service schedule.
7. Security
We use reasonable technical and organisational measures designed to protect personal information. These may include multifactor authentication, encryption, least-privilege access, secure configuration, logging, backup and documented access controls.
No system can be guaranteed completely secure. If we become aware of a personal data breach, we will assess it and take the action required by applicable law and our contractual responsibilities.
8. Your rights
Depending on the circumstances, you may have rights to access, correct, erase or restrict the use of your personal information, to object to certain processing, and to receive information in a portable format.
To exercise a right, contact help@techoffyourmind.co.uk. We may need to verify your identity and may need to retain some information where the law requires it.
You also have the right to complain to the Information Commissioner's Office. We would appreciate the opportunity to resolve your concern first.
9. Website and communications
Our website is hosted by Netlify. Basic server and security logs may be created when you visit the site. Please see our Cookie Statement for information about website storage and access technologies.
Email is not always secure or error-free. Please use an agreed secure method where information is particularly sensitive.
10. Changes to this notice
We may update this notice when our services, suppliers or legal obligations change. The version and review date shown on this page identify the notice currently in force.