Privacy Policy
Your privacy is important to us. This policy explains how DevStack collects, uses, and protects your personal information in accordance with UK data protection laws and GDPR.
1. About This Policy
DevStack ("we," "us," or "our") is committed to protecting your privacy and personal data. This Privacy Policy explains how we collect, use, store, and protect your information when you visit our website, use our services, or interact with our business.
We are based in Leeds, United Kingdom, and comply with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and other applicable UK data protection laws.
2. Who We Are
Company: DevStack
Address: Platform, New Station Street, Leeds, LS1 4JB, United Kingdom
Email: hello@devstack.co.uk
Phone: 0113 493 1006
3. Information We Collect
3.1 Information You Provide to Us
- Contact Information: Name, email address, phone number, company name when you contact us or request our services
- Project Information: Details about your project requirements, technical specifications, and business needs
- Communication Records: Records of our conversations, meetings, and correspondence
- Payment Information: Billing details and payment information (processed securely through third-party payment providers)
3.2 Information We Collect Automatically
- Website Analytics: IP address, browser type, operating system, pages visited, time spent on site, and referring websites
- Cookies: Small files stored on your device to improve website functionality and user experience
- Technical Data: Device information, connection details, and usage patterns
4. How We Use Your Information
4.1 Legitimate Business Purposes
We process your personal data for the following legitimate business purposes:
- Service Delivery: To provide our software development and consulting services
- Communication: To respond to your inquiries and maintain business communications
- Project Management: To manage and deliver your projects effectively
- Business Development: To understand your needs and improve our services
- Legal Compliance: To comply with legal obligations and protect our business interests
4.2 Marketing Communications
With your consent, we may use your information to:
- Send you information about our services and industry insights
- Invite you to events or webinars
- Share case studies and success stories (with your permission)
You can opt out of marketing communications at any time by contacting us or using unsubscribe links in our emails.
5. Legal Basis for Processing
Under UK GDPR, we process your personal data based on:
- Contract: To fulfill our contractual obligations and provide services
- Legitimate Interests: For business development, improvement of services, and maintaining client relationships
- Consent: For marketing communications and optional services
- Legal Obligation: To comply with legal and regulatory requirements
6. Data Sharing and Third Parties
6.1 When We Share Your Data
We may share your personal data in the following circumstances:
- Service Providers: With trusted third-party providers who help us deliver our services (cloud hosting, email services, analytics)
- Professional Advisors: With lawyers, accountants, and other professional advisors
- Legal Requirements: When required by law, court order, or regulatory authority
- Business Transfer: In the event of a merger, acquisition, or sale of our business
6.2 Third-Party Services
We use the following categories of third-party services:
- Cloud Hosting: AWS, Microsoft Azure, Google Cloud Platform for secure data storage
- Analytics: Google Analytics (with IP anonymization) to understand website usage
- Communication: Email service providers for business communications
- Payment Processing: Secure payment processors for handling transactions
7. International Data Transfers
Some of our service providers may be located outside the UK. When we transfer your data internationally, we ensure:
- Transfers are to countries with adequate data protection laws
- Appropriate safeguards are in place (such as Standard Contractual Clauses)
- Your data remains protected to UK GDPR standards
8. Data Security
We implement appropriate technical and organisational security measures to protect your personal data:
- Encryption: Data encryption in transit and at rest
- Access Controls: Restricted access on a need-to-know basis
- Regular Reviews: Regular security assessments and updates
- Staff Training: Regular training on data protection and security practices
- Incident Response: Procedures for handling potential data breaches
9. Data Retention
We retain your personal data only for as long as necessary:
- Active Clients: Throughout our business relationship and for 7 years after completion for legal and accounting purposes
- Prospect Information: Up to 3 years from last meaningful contact
- Website Analytics: Up to 26 months (Google Analytics default)
- Marketing Data: Until you withdraw consent or 3 years from last engagement
10. Your Rights
Under UK GDPR, you have the following rights regarding your personal data:
- Right of Access: Request copies of your personal data
- Right to Rectification: Request correction of inaccurate data
- Right to Erasure: Request deletion of your data (subject to legal obligations)
- Right to Restrict Processing: Limit how we use your data
- Right to Data Portability: Receive your data in a structured format
- Right to Object: Object to certain types of processing
- Right to Withdraw Consent: Withdraw consent for marketing communications
To exercise any of these rights, please contact us using the details below.
11. Cookies
Our website uses cookies to improve your browsing experience:
11.1 Types of Cookies We Use
- Essential Cookies: Necessary for website functionality
- Analytics Cookies: Help us understand website usage and improve performance
- Functional Cookies: Remember your preferences and settings
11.2 Managing Cookies
You can control cookies through your browser settings. However, disabling certain cookies may affect website functionality. For more information about cookies and how to manage them, visit www.allaboutcookies.org.
12. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will:
- Notify you of significant changes via email or website notice
- Update the "Last Updated" date at the top of this policy
- Maintain previous versions for reference
13. Contact Us
Data Protection Queries
If you have any questions about this Privacy Policy, wish to exercise your rights, or have concerns about how we handle your data, please contact us:
14. Complaints
If you are not satisfied with how we handle your personal data, you have the right to lodge a complaint with the UK's data protection authority:
Information Commissioner's Office (ICO)
Website: ico.org.uk
Phone: 0303 123 1113
Post: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF