Deep River IT – Privacy Policy

Our Commitment

At Deep River IT, we are committed to protecting your privacy and ensuring that your personal information is handled securely, responsibly, and in accordance with applicable data protection laws.

This Privacy Policy explains how Deep River IT collects, uses, stores, and protects personal information when providing our services. It also outlines your rights regarding the personal data we hold and how you can exercise those rights.

This policy applies to all personal data processed by Deep River IT, including information relating to customers, suppliers, employees, job applicants, website visitors, and business contacts.

Throughout this policy, references to “Deep River IT”, “we”, “us”, or “our” refer to Deep River IT and any associated companies operating under the Deep River IT brand.

Data Protection Legislation

Deep River IT processes personal data in accordance with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and other applicable privacy legislation.

We are committed to ensuring that all personal data is processed lawfully, fairly, and transparently while protecting the rights and freedoms of individuals.

Data Protection Principles

When processing personal information, we adhere to the following principles:

• Personal data is processed lawfully, fairly, and transparently.
• Data is collected for specified, legitimate purposes.
• Data is relevant, adequate, and limited to what is necessary.
• Information is kept accurate and up to date where required.
• Personal data is retained only for as long as necessary.
• Appropriate technical and organisational measures are used to protect data from loss, misuse, unauthorised access, or disclosure.
• We maintain accountability and governance procedures to demonstrate compliance with data protection legislation.

Deep River IT incorporates privacy and security into all areas of our operations, including cyber security controls, risk assessments, incident response procedures, and secure data management practices.

Your Rights

Under UK GDPR, you have several rights regarding your personal information:

• The right to be informed
• The right of access
• The right to rectification
• The right to erasure
• The right to restrict processing
• The right to data portability
• The right to object
• Rights relating to automated decision-making and profiling

If you wish to exercise any of these rights, please contact us using the details provided at the end of this policy.

Why We Process Personal Information

Deep River IT may process personal information for a variety of legitimate business purposes, including:

• Providing IT, telecoms, cyber security, cloud, and support services
• Managing customer accounts and service agreements
• Responding to enquiries and support requests
• Delivering products and services
• Maintaining security and preventing fraud
• Improving our services and customer experience
• Meeting legal, regulatory, and contractual obligations
• Recruitment and employment administration
• Marketing our services where permitted by law

Information We Collect

We may collect personal information directly from you when:

• You contact us regarding our services
• You become a customer
• You request a quotation
• You subscribe to communications or newsletters
• You attend an event or webinar
• You apply for employment opportunities with Deep River IT

We may also receive information indirectly from trusted business partners, service providers, or references where appropriate and lawful.

Lawful Basis for Processing

Deep River IT processes personal data under one or more of the lawful bases defined within Article 6 of the UK GDPR:

Consent

Where required, we will obtain your clear consent before processing personal information for specific purposes.

Contract

We may process information where necessary to fulfil a contract or take steps prior to entering into a contract.

Legal Obligation

Certain information may be processed to comply with legal or regulatory requirements.

Vital Interests

In limited circumstances, information may be processed to protect an individual’s life or wellbeing.

Legitimate Interests

We may process information where it is necessary for our legitimate business interests, provided these interests do not override your privacy rights.

Cookies

Our website uses cookies and similar technologies to improve functionality, analyse website usage, and enhance user experience.

Cookies may collect information such as:

• Browser type
• Device information
• Website usage statistics
• User preferences

Some cookies are essential for website functionality. You can manage cookie preferences through your browser settings.

For further information, please refer to our Cookie Policy.

Marketing Communications

Deep River IT may occasionally contact you regarding our products, services, events, and industry updates.

We will only send electronic marketing communications where we have obtained the necessary consent or where permitted by applicable legislation.

You may unsubscribe from marketing communications at any time by using the unsubscribe link provided or by contacting us directly.

Third-Party Service Providers

We may engage trusted third-party service providers to help deliver our services.

Where third parties process personal information on our behalf, they do so under contractual agreements that require them to:

• Maintain appropriate security measures
• Process data only under our instructions
• Comply with applicable data protection legislation
• Not use personal information for their own purposes

International Transfers

In some circumstances, personal information may be transferred outside the United Kingdom.

Where international transfers occur, Deep River IT ensures appropriate safeguards are in place, including:

• Adequacy decisions
• International Data Transfer Agreements (IDTAs)
• Standard Contractual Clauses (SCCs)
• Risk assessments aligned with ICO guidance

These measures help ensure that personal information remains protected regardless of where it is processed.

Data Retention

We retain personal information only for as long as necessary to fulfil the purpose for which it was collected, including satisfying legal, regulatory, tax, accounting, or reporting requirements.

Retention periods vary depending on the nature of the information and the services provided.

Security of Your Information

Protecting customer data is a core part of our business.

We employ a range of security measures including:

• Enterprise-grade firewalls
• Endpoint protection and antivirus solutions
• Encryption technologies
• Access controls
• Secure cloud services
• Monitoring and threat detection
• Backup and disaster recovery solutions

These measures are designed to protect personal information against unauthorised access, disclosure, alteration, or loss.

Complaints

If you have any concerns regarding how we process your personal information, we encourage you to contact us first so we can investigate and resolve the matter.

Data Protection Officer

Deep River IT
17 Ballygowan Road
Saintfield
Co Down
BT24 7ER

You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO):
Website: www.ico.org.uk

Contact Us

For any questions regarding this Privacy Policy or the processing of your personal information, please contact:

Deep River IT
Belfast, Northern Ireland

Email: privacy@deepriver.it