Harkstone Tech
Legal information

Privacy notice

A structured placeholder privacy notice for launch planning. Review and tailor it for the final operating entity before going live.

  • Last updated 10 March 2026
  • Placeholder structure for launch planning

Last updated: 10 March 2026

Who we are

Harkstone Tech is a UK managed service provider. This privacy notice explains the types of personal data we may process through website enquiries, sales conversations, and ongoing support relationships.

This page is a structured placeholder for launch planning and handover. It should be reviewed and adapted for the final operating entity before going live.

What data we collect

The exact data we hold depends on how you interact with us. At launch, that is likely to include website enquiry details and basic correspondence records.

  • Contact data such as name, company, email address, phone number, and message content
  • Commercial data such as business size, current tooling, and project or support requirements
  • Support relationship data such as ticket history, user contacts, device details, and service notes where relevant
  • Technical data such as IP address, browser details, and cookie preferences collected through the website

Why we use personal data

We use personal data to respond to enquiries, deliver services, administer commercial relationships, and keep systems secure.

  • To answer website enquiries and arrange discovery calls
  • To assess suitability for managed support or project work
  • To onboard, support, and communicate with clients
  • To maintain records, protect systems, and comply with legal obligations

Lawful bases and retention

Depending on the context, our lawful bases are likely to include legitimate interests, contract, legal obligation, and consent where specifically required.

We aim to keep enquiry data only for as long as it is useful for the related conversation or required for legal, tax, or operational reasons. A final policy should define exact retention periods before launch.

Sharing, subprocessors, and international transfers

We may use third-party platforms for email delivery, hosting, analytics, ticketing, device management, and Microsoft 365 administration. Where those suppliers process personal data on our behalf, they should be documented as subprocessors in the final privacy notice.

Where personal data is transferred outside the UK, the final version of this notice should explain the transfer mechanism relied on, such as adequacy regulations or standard contractual clauses.

Security measures

We aim to process data in a way that reflects the security posture we recommend to clients: least privilege, documented access, sensible retention, MFA where supported, and controlled third-party access.

No internet-based system is risk free, so this notice should not be read as a guarantee of absolute security.

Your rights and complaints

Individuals may have rights under UK GDPR, including the right to access, correct, erase, restrict, or object to certain processing, and to lodge a complaint with the Information Commissioner's Office.

Please do not send special category data or confidential material through a general website form unless specifically requested through a secure process.