Data Protection Policy for Bishop Consultancy (UK) Ltd.

Last Updated: 11/03/2026 | ICO Registration Number ZC098683

1. Introduction

We are committed to protecting the privacy and security of your personal data. This policy explains how we collect and use personal data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data (Use and Access) Act 2025.

2. The Data We Collect

As an IT Consultancy, we collect the following types of personal data:

• Contact Information: Name, email address, phone number, and business address.
• Technical Data: IP addresses, device identifiers, and log data when we access your systems for support.
• Account Information: Usernames and (where strictly necessary) credentials for system administration.

3. How We Collect Your Data

Most of the data is provided directly by you when you engage my services. However, we also collect data:

• Automatically: When we use network support and monitoring tools to support your network.
• Via My Website: If you use a contact form or cookies are active.

4. Lawful Basis for Processing

We only process data when we have a legal reason to do so:

• Contract: To provide the IT support and advice you have hired me for.
• Legal Obligation: To maintain records for tax (HMRC) and regulatory compliance.
• Legitimate Interests: To secure my own network and yours (e.g., monitoring for cyber threats).

5. Data Sharing and Location

We do not sell your data. We only share data with third-party “Processors” who provide the tools we use to support you (e.g., [Microsoft 365, Splashtop, Ubiquiti etc.]).

• All data is stored on secure servers located within the UK or EEA, or with providers who ensure an equivalent level of protection.

6. Security Measures

In line with my Cyber Essentials and Cyber Assurance certifications, we protect your data using:

• Full-disk encryption (BitLocker).
• Hardware-based Multi-Factor Authentication (MFA) on all accounts.
• Regular technical audits of my network infrastructure.

7. Data Retention

We only keep your data for as long as necessary.

Commercial records                            2 years

Technical documents                           6 years

Financial and contract records           7 years as required by UK law.

8. Your Rights

Under UK law, you have the right to:

• Access the data we hold about you.
• Request correction or erasure of your data.
• Object to processing or request data portability.

9. How to Complain

If you have a concern, please contact me directly at [Your Email Address]. Under the 2025 Act, we will acknowledge any data protection complaint within 30 days and provide a full response without undue delay. If you remain unsatisfied, you have the right to lodge a complaint with the Information Commissioner’s Office (ICO).