Privacy Notice

Who we are

What data we collect

We only collect personal data that is necessary for providing IT support, managed services, cybersecurity, consultancy, or related business services.

This may include:

• Name and job title

• Company name

• Business postal address

• Business email address(es)

• Business telephone numbers

• Domain names and technical identifiers

• Social media handles (where relevant to business contact or marketing)

• Notes and records relevant to delivering support or services

In some cases, our systems or partners may process additional data required to deliver services, such as:

• Encrypted payment or billing details

• Device, account, or service configuration data

• Security, audit, or access logs

We do not knowingly collect unnecessary personal data, and we do not collect special category data unless there is a clear legal or contractual requirement to do so.

How we use your data

We use your data to:

• Provide IT support and managed services

• Manage client relationships and contracts

• Communicate about services, incidents, or changes

• Maintain security, monitoring, and compliance obligations

• Improve our services and internal processes

• Meet legal, regulatory, and contractual requirements

We do not sell personal data.

Third-party services and processors

To deliver our services, we use trusted third-party platforms that act as data processors under appropriate agreements. These may include:

• Google Workspace (email, collaboration, and file storage)
  Google’s GDPR and security information can be found here:
  https://cloud.google.com/security/gdpr

Additional providers may include security tooling, backup platforms, remote support tools, and accounting systems. All processors are selected based on security, reliability, and compliance with UK GDPR requirements.

Data retention

We retain personal data only for as long as necessary to:

• Provide contracted services

• Meet legal and regulatory obligations

• Resolve disputes or enforce agreements

When data is no longer required, it is securely deleted or anonymised.

Your rights

Under UK GDPR, you have the right to:

• Access the personal data we hold about you

• Request correction of inaccurate data

• Request erasure of your data where appropriate

• Restrict or object to certain processing

• Request data portability

• Lodge a complaint with the Information Commissioner’s Office (ICO)

Requests can be made by contacting us at team@auroratechsupport.co.uk.

Security

We take appropriate technical and organisational measures to protect personal data against loss, misuse, unauthorised access, or disclosure. This includes access controls, encryption where appropriate, and ongoing security monitoring.

Changes to this notice

We may update this Privacy Notice from time to time. The latest version will always be published on our website.

Healthcare & NHS Data Handling Statement

Supporting healthcare and NHS-affiliated organisations

Aurora Computers provides IT support and managed services to healthcare providers and organisations that work with the NHS.

While we do not act as the owner of patient records, we may process data on behalf of our healthcare clients in our role as an IT service provider and data processor.

How healthcare data is handled

Where access to healthcare systems or data is required to deliver support, we:

• Act only on documented client instructions

• Limit access to authorised personnel on a need-to-know basis

• Use secure access controls, authentication, and audit logging

• Follow least-privilege and data-minimisation principles

• Support clients in meeting NHS DSPT and UK GDPR obligations

We do not use healthcare data for marketing or any purpose outside the delivery of contracted services.

Compliance and assurance

Our services are designed to support healthcare organisations in maintaining compliance with relevant data protection and information governance requirements, including:

• UK GDPR

• Data Protection Act 2018

• NHS Data Security and Protection Toolkit (DSPT) principles

Further details can be provided as part of supplier assurance, contracts, or due diligence processes.