Privacy & Cookie Policy

1. Who we are

Easterly IT Services is a trading name of Easterly Group (Company No. 16871751), a managed IT services provider based in Fakenham, Norfolk. We provide IT support, Microsoft 365 services, cybersecurity, network installation, and web development to small and medium-sized businesses across East Anglia.

For the purposes of the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018, Easterly Group is the data controller for personal data collected through this website.

If you have any questions about how we handle your personal data, please contact us at contact@easterlyit.com.

2. Data we collect and why

2.1 Contact enquiries

When you submit our contact form, we collect:

• Name — to address you correctly in our response
• Email address — to reply to your enquiry
• Telephone number (optional) — if you prefer a callback
• Message content — to understand your requirements

We use this information solely to respond to your enquiry and to provide the services you request. We do not use contact form submissions for unsolicited marketing.

2.2 Website analytics

With your consent, we collect anonymised data about how visitors use our website using Google Analytics 4. This may include:

• Pages visited and time spent on each page
• The website or search engine that referred you to us
• Your approximate geographic location (country and city level only — not precise location)
• Browser type, operating system, and device type

No analytics data is collected unless you click Accept Analytics on our cookie banner. You can withdraw your consent at any time by clearing your browser's local storage or contacting us at contact@easterlyit.com.

2.3 Data we do not collect

We do not collect or process:

• Special category data (health, ethnicity, biometrics, etc.)
• Payment card or banking details through this website
• Data from children — our services are directed at business owners and professionals

3. Legal basis for processing

UK GDPR requires us to have a lawful basis for each type of processing. The table below sets out the basis we rely on:

4. Who we share your data with

We do not sell, rent, or trade your personal data. We share data only with the third-party processors listed below, who are contractually required to handle it securely and solely on our instructions.

4.1 Brevo (email delivery)

Contact form submissions are delivered to our team via Brevo (formerly Sendinblue), a cloud email platform operated by Sendinblue SAS, headquartered in Paris, France. Brevo processes your name, email address, telephone number (if provided), and message content purely to transmit the email to us. Brevo is subject to EU GDPR and is covered by the UK's adequacy decision for EU data flows.

Brevo Privacy Policy: brevo.com/en/legal/privacypolicy

4.2 Google Analytics

If you accept analytics cookies, anonymised usage data is sent to Google LLC via Google Analytics 4. Google acts as a data processor under our instructions. We have enabled IP anonymisation, meaning your full IP address is never stored by Google.

Google Analytics Privacy information: policies.google.com/privacy

4.3 Legal disclosures

We may disclose personal data if required to do so by law, court order, or in response to a request from a law enforcement or regulatory authority.

5. International data transfers

Brevo is headquartered in France (EU) and your contact form data is processed within the European Economic Area. The UK recognises the EU as providing adequate data protection, so this transfer does not require additional safeguards.

Google Analytics data (collected only with your consent) is processed by Google LLC, which is based in the United States. Google has put in place Standard Contractual Clauses (SCCs) approved under the UK International Data Transfer Agreement (IDTA), providing an appropriate safeguard for this transfer. You can review Google's transfer mechanisms at business.safety.google/privacy .

6. How long we keep your data

7. Your rights under UK GDPR

You have the following rights in relation to your personal data. To exercise any of them, please contact us at contact@easterlyit.com. We will respond within one calendar month.

• Right of access — you may request a copy of the personal data we hold about you (a Subject Access Request).
• Right to rectification — you may ask us to correct inaccurate or incomplete data.
• Right to erasure — you may ask us to delete your data where there is no compelling reason for us to continue holding it.
• Right to restrict processing — you may ask us to suspend processing of your data in certain circumstances, for example while we verify its accuracy.
• Right to data portability — where processing is based on your consent or a contract, you may ask us to provide your data in a structured, machine-readable format.
• Right to object — you may object to processing based on our legitimate interests. We will stop processing unless we can demonstrate compelling grounds that override your rights.
• Right to withdraw consent — where processing is based on consent (e.g. analytics cookies), you may withdraw that consent at any time without affecting the lawfulness of processing carried out before withdrawal.
• Rights related to automated decision-making — we do not carry out automated decision-making or profiling that produces legal or similarly significant effects.

8. Cookies

Cookies are small text files placed on your device by websites you visit. This section explains the cookies used on www.easterlyit.com in line with the Privacy and Electronic Communications Regulations 2003 (PECR).

8.1 Strictly necessary

We do not set any strictly necessary cookies. Our website operates without requiring any cookies for its core functionality.

Your cookie consent preference is stored in your browser's localStorage (not as a cookie), solely to avoid showing the consent banner on every visit.

8.2 Analytics cookies (optional — consent required)

The following cookies are set by Google Analytics only if you accept analytics cookies via our cookie banner. If you decline, none of these cookies are placed on your device.

We use Google Analytics 4 with IP anonymisation enabled. Your full IP address is never stored. Google processes this data in accordance with their privacy policy at policies.google.com/privacy.

8.3 Managing your cookie preferences

You can manage your cookie preferences in any of the following ways:

• Cookie banner — on your first visit, use the Accept or Decline buttons on our cookie banner. Your choice is remembered for future visits.
• Reset your preference — clear your browser's local storage or site data to reset your choice. The banner will reappear on your next visit.
• Browser settings — most browsers allow you to block or delete cookies. See your browser's help documentation for instructions. Note that blocking all cookies may affect functionality on other websites.
• Google opt-out — you can also opt out of Google Analytics tracking across all websites using Google's browser add-on: tools.google.com/dlpage/gaoptout

9. Changes to this policy

We may update this policy from time to time, for example when we introduce new services or when legislation changes. The "Last updated" date at the top of this page will always reflect the most recent version. We encourage you to review this page periodically.

Where changes are material, we will make reasonable efforts to bring them to your attention, such as displaying a notice on our website.

10. How to contact us

For any questions, requests, or complaints about how we handle your personal data, please contact us using any of the methods below:

• Email: contact@easterlyit.com
• Phone: 01328 604504
• Post: Easterly IT Services, Summerhill House, 1 Sculthorpe Road, Fakenham, NR21 9HA, Norfolk, UK

We aim to acknowledge all data-related requests within 72 hours and to respond in full within one calendar month, as required by UK GDPR Article 12.

If you are unsatisfied with our response, you have the right to complain to the Information Commissioner's Office .