Privacy Policy

Assist Support (“Assist Support”, “we”, “us”, or “our”), respects your privacy and we are committed to complying with our obligations under applicable data protection laws, including the UK General Data Protection Regulation (UK GDPR), the EU General Data Protection Regulation (EU GDPR), the California Consumer Privacy Act (CCPA), Canada’s Personal Information Protection and Electronic Documents Act (PIPEDA), Gibraltar GDPR, Data Protection Act 2004 and the Australian Privacy Act 1988.

This Privacy Policy explains how we collect, use, share, and safeguard personal data collected through our website and in the course of providing IT support, website development, SEO, ads management, and engineer services to clinics across the jurisdictions we operate in. This Policy applies to Assist Support’s operations only. Each brand in the family maintains its own privacy policy.

This Privacy Policy applies to:

• Visitors and users of assistsupport.io
• Individuals who contact us via web forms, email, or telephone
• Prospective clients or job applicants who interact with us
• Clients whose business and contact data we hold in connection with service delivery

It does not apply to patient data held within clinical or practice management systems belonging to our clinic clients. Where we access such systems in the course of providing IT or engineer services, we do so solely under the instruction of the clinic as their data processor.

Please also review our Cookie Policy for details on how we use cookies and similar technologies.

Personal Data refers to any data relating to a living individual who can be identified directly from that data or indirectly in conjunction with other information. Under applicable privacy laws this may include, but is not limited to:

• Full names, postal or email addresses, and telephone numbers
• IP addresses, browser identifiers, or location data
• Employment or professional details
• Financial or transaction data
• Any information that, alone or combined with other data, could identify a specific individual

We may collect personal data from individuals who engage with us directly, including clients, website visitors, and job applicants. The types of personal data we collect may include:

• Identity Data– your name, job title, or role within your organisation
• Contact Data– your business email address, phone number, and correspondence address
• Technical Data– your IP address, browser type, geographical location, and usage patterns when visiting our website
• Communications Data– messages submitted via our website forms or email, including enquiries, feedback, or requests for information
• Recruitment Data– CVs, cover letters, and other information provided when applying for a position with us
• Service Data– information provided in the course of scoping, delivering, or invoicing for services

Under applicable data protection law we rely on the following lawful bases:

• Consent– where you have provided clear and informed consent, such as when opting in to receive marketing communications
• Contractual necessity– where processing is necessary to enter into or perform a contract with you
• Legitimate interests– where processing is necessary for our legitimate business purposes, such as responding to enquiries, internal administration, or improving our services, provided your rights and freedoms are not infringed
• Legal obligation– where processing is necessary to comply with applicable legal or regulatory requirements

We do not use your personal data for any incompatible or unlawful purposes.

We use your personal data solely for legitimate, clearly defined purposes. This includes:

• Responding to enquiries and providing information about our services
• Delivering, managing, and invoicing for IT support, website development, SEO, ads management, and engineer services
• Creating and managing client accounts and service records
• Managing the recruitment process where you have applied for a role
• Improving the performance, functionality, and security of our website
• Sending marketing materials or updates where you have given explicit consent

We do not use your data for profiling, automated decision-making, or targeted advertising without your clear and informed consent.

We only share personal data where necessary and with trusted third parties subject to appropriate data protection obligations. These may include:

• IT service providers supporting our website and email infrastructure
• Law enforcement authorities or regulatory bodies where legally required
• Legal, financial, or insurance professionals for compliance or advisory purposes
• Website analytics providers for traffic monitoring and user experience improvement
• Recruitment and HR service providers in connection with the hiring process

We do not sell, rent, or trade your personal data with any third parties for marketing or commercial purposes.

In certain circumstances, your personal data may be transferred to and processed in countries outside your country of residence. This may occur where we use service providers, cloud hosting providers, or technology platforms with infrastructure located in multiple jurisdictions. For example, data may be processed on AWS servers located in the United Kingdom, Gibraltar, European Union, United States, Canada, Australia, or other regions where our service providers operate.

Where possible, we seek to store and process personal data within the region in which it was collected. However, where international transfers are necessary, we implement appropriate safeguards to protect your personal data and comply with applicable data protection laws.

These safeguards may include:

• Transferring data to jurisdictions that benefit from an adequacy decision or equivalent recognition under applicable data protection laws;
• Entering into Standard Contractual Clauses (SCCs) or other approved transfer mechanisms where required;
• Relying on Binding Corporate Rules or equivalent safeguards adopted by multinational service providers; and
• Implementing contractual, technical, and organisational measures designed to ensure the security and confidentiality of personal data.

We take reasonable steps to ensure that personal data transferred internationally remains protected in accordance with applicable data protection laws and industry standards.

We implement a combination of technical and organisational measures to protect your personal data against accidental loss, misuse, or unauthorised access. These include SSL/TLS encryption, role-based access controls, secure login protocols, firewalls, and regular internal security reviews. While we are committed to maintaining high standards of security, no method of online transmission or electronic storage is entirely foolproof. Any data you share with us is at your own risk.

We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, or to meet legal, regulatory, or contractual requirements. Typical retention periods include:

• General enquiries and contact forms – up to 12 months from the date of last contact
• Job applications and CVs – up to 12 months unless the applicant is hired
• Business and contractual records – 6 to 7 years to comply with financial and tax regulations

Depending on your region, you may have the right to:

• Access your personal data
• Correct or erase your personal data
• Restrict or object to processing
• Data portability
• Withdraw consent at any time
• File a complaint with a supervisory authority

We respond to verified rights requests within the legal timeframes applicable to your jurisdiction, including one month under UK and EU law and 45 days under the CCPA. To exercise any of these rights, please contact us using the details in section 16.

If you believe your data protection rights have been violated, you also have the right to lodge a complaint with the Gibraltar Regulatory Authority, Information Commissioner’s Office or the appropriate regulatory body in your jurisdiction (e.g., Office of the Privacy Commissioner of Canada, Office of the Australian Information Commissioner, European Data Protection Authorities, or U.S. State Privacy Agencies where applicable).

We will only use your personal data for the purposes for which it was collected, unless we reasonably consider that we need to use it for another compatible purpose. If we need to use your data for a new, unrelated purpose, we will notify you in advance and explain the legal basis for doing so.

Our website uses cookies and similar technologies to provide a better user experience, gather anonymous analytics data, and improve the functionality of our online services. You can manage or disable cookies through your browser settings. For full details please refer to our Cookie Policy.

Our website may contain links to third-party websites not operated by Assist Support. These external sites have their own privacy policies which we do not control. We encourage you to read their policies before submitting any personal data. Assist Support accepts no responsibility or liability for how third-party websites handle your information.

Our services are not directed to children under the age of 13, or the minimum age required by applicable data protection laws in the relevant jurisdiction. We do not knowingly collect, use, or process personal information from children without the consent of a parent, guardian, or other lawful authority where such consent is required.

If we become aware that we have collected personal information from a child in a manner that does not comply with applicable law, we will take reasonable steps to delete or anonymise the information as soon as practicable.

If you believe that a child has provided us with personal information without appropriate consent, please contact us immediately using the details provided in the “Contact Us” section.

If you have any questions about this Privacy Policy or wish to exercise any of your rights, please contact us at:

• Email: privacy@assistsupport.io
• Address: 2 Neptune House, 2 Marina Bay, Gibraltar, GX11 1AA

We reserve the right to update this Privacy Policy from time to time. If we make material changes we will notify you by means of a prominent notice on the website prior to the change becoming effective.