Privacy Notice

IT Support & Managed Services

Legal Document

Effective Date: 24 February 2026

Last Updated: 24 February 2026

Download PDF version

1. Introduction

GNL Solutions (“we,” “us,” “our,” or “Provider”) is committed to protecting your privacy and ensuring transparent data handling practices.

This Privacy Notice explains:

  • What data we collect
  • How we use it
  • How long we keep it
  • Your rights regarding your data

This Privacy Notice applies to all IT support and related services provided by GNL Solutions and complies with UK data protection law, including the Data Protection Act 2018 and General Data Protection Regulation (GDPR).

2. Who We Are

Data Controller: GNL Solutions

Controller Details:

  • Graham Long
  • Unit 6a, Hammonds Green Farm
  • Hammonds Green, Framfield
  • Uckfield, East Sussex TN22 5QH
  • Email: support@gnlsolutions.co.uk

We are responsible for deciding how your data is collected and used.

3. What Data We Collect

Account & Contact Information

  • Your name, email address, and phone number
  • Business name and address
  • Billing address
  • Payment information (processed securely via GoCardless)

Technical & Device Data

  • Device names, operating system versions, IP addresses
  • Hardware specifications (RAM, disk space, processor type)
  • Antivirus status and security threat detections
  • Software installed on your devices
  • Network configuration information
  • Device online/offline status and uptime logs

Support & Session Data

  • Support ticket details (issue descriptions, resolutions)
  • Remote session logs (timestamp, duration, device accessed, operator)
  • Files accessed during support (file names and paths, not content stored)
  • Support communications (email, ticket messages)
  • Time tracking data (how long support sessions lasted)

Monitoring & Security Data

  • Security events detected by ESET (malware, threats, suspicious activity)
  • Vulnerability scan results
  • Patch installation logs
  • System update history

Usage & Analytics Data

  • Frequency of support requests
  • Types of issues reported
  • Support time utilisation
  • System performance metrics

We process your data under the following legal bases:

Contract Performance

  • To provide GNL Protect services (support, monitoring, updates)
  • To manage your account and billing
  • To log support sessions for audit and dispute resolution

Legal Obligation

  • To comply with UK tax and financial regulations
  • To respond to legal requests or court orders

Legitimate Interest

  • To improve our service quality
  • To prevent fraud or misuse
  • To ensure system security
  • To troubleshoot technical issues

5. How We Use Your Data

Service Delivery

  • Installing and maintaining monitoring agents on your devices
  • Providing remote support and technical troubleshooting
  • Monitoring system health and security status
  • Performing updates, patches, and maintenance

Billing & Administration

  • Processing monthly payments
  • Issuing invoices
  • Managing your account
  • Communicating service changes or issues

Security & Fraud Prevention

  • Detecting and preventing misuse of the service
  • Investigating security threats
  • Protecting against unauthorised access
  • Maintaining system integrity

Service Improvement

  • Analysing support trends and common issues
  • Identifying ways to improve service quality
  • Developing new features or services
  • Training and quality assurance

Legal & Compliance

  • Responding to legal requests
  • Maintaining audit trails
  • Enforcing our Terms of Service

6. Session Logging & Audit Trails

What We Log

All remote support sessions are logged with:

  • Date & Time — When the session started and ended
  • Duration — How long the session lasted
  • Device — Which of your devices was accessed
  • Operator — Who (Graham) connected to your device
  • Ticket Reference — Which support issue was being addressed
  • Session Activity — General description of actions taken

What We Do NOT Log

  • Screen Content — We do not record screenshots or video of your screen
  • Keyboard Input — We do not capture what you type
  • File Content — We do not store or backup your files (except logs of file names accessed during support)
  • Personal Data Accessed — We do not log the content of sensitive data visible on screen

Why We Log

  • To provide audit trails for disputes
  • To ensure accountability and transparency
  • To allow you to verify who accessed your devices and when
  • To demonstrate compliance with professional standards

Your Access to Logs

You may request an audit report of all sessions on your account at any time. We will provide this within 5 business days at no charge.

7. Data Retention

Session & Support Data

  • Remote session logs are retained for 24 months
  • Support tickets are retained for 24 months
  • After 24 months, logs are automatically deleted
  • You may request earlier deletion of your logs

Billing & Invoice Data

  • Invoices and payment records are retained for 7 years (UK tax requirement)
  • Payment card details are not stored by us (processed by GoCardless)

Account Data

  • Your account information is retained while you are a subscriber
  • Upon cancellation, account data is retained for 12 months for dispute resolution
  • After 12 months, account data is deleted or anonymised

Device & Technical Data

  • Monitoring data (health, security status) is retained for 24 months
  • Historical device information is deleted after 24 months
  • We do not backup or archive your device data after service ends

Communications

  • Email and ticket messages are retained for 24 months
  • Deleted messages may be recoverable from backups for up to 90 days

8. Who We Share Your Data With

Third-Party Service Providers

ESET (Antivirus & Security Monitoring)

  • We share device security data with ESET to provide threat detection and antivirus updates
  • ESET processes data under their own privacy policy
  • Data shared: device name, OS version, security event logs, threat detections

MeshCentral (Remote Access Platform)

  • We share device availability data with MeshCentral to provide remote support
  • MeshCentral is self-hosted by GNL Solutions (we control the infrastructure)
  • Data shared: device online/offline status, device identifiers, session timestamps

GoCardless (Payment Processing)

  • We share your name, email, and payment authorisation with GoCardless
  • GoCardless processes data under their privacy policy
  • Data shared: name, email, payment authorisation (not full card details)

Other Disclosures

Legal Requirements

  • We may disclose data if required by law, court order, or government request
  • We will notify you of such requests unless legally prohibited

Data Breach

  • If your data is involved in a security breach, we will notify you within 72 hours as required by GDPR

Service Providers & Contractors

  • We do not hire external contractors for support services
  • If we do in the future, we will enter data processing agreements ensuring equivalent protection

No Selling of Data

We do not sell, rent, or trade your personal data to marketing companies or other third parties.

9. Data Security

How We Protect Your Data

Technical Safeguards

  • Encrypted connections (HTTPS/SSL) for all web services
  • Password-protected accounts with multi-factor authentication available
  • Firewalls and intrusion detection on our servers
  • Regular security updates and patches
  • Secure storage of session logs

Administrative Safeguards

  • Limited access to data (only Graham has access)
  • Confidentiality agreements for any contractors
  • Regular security audits
  • Incident response procedures

Physical Safeguards

  • Secure facility with access controls
  • Backup systems to prevent data loss

Your Responsibility

You are responsible for:

  • Maintaining strong passwords
  • Not sharing login credentials
  • Reporting suspected security breaches
  • Keeping your devices updated

10. International Data Transfers

Your data is stored and processed within the United Kingdom. We do not transfer your data outside the UK or EU unless:

  • You explicitly consent
  • It is necessary to provide the service
  • It is required by law

11. Your Rights Under Data Protection Law

You have the following rights regarding your data:

Right of Access

  • Request a copy of all data we hold about you
  • Request must be submitted in writing to support@gnlsolutions.co.uk
  • We will provide your data within 30 days at no charge

Right to Rectification

  • Request correction of inaccurate data
  • We will correct errors within 14 days where feasible

Right to Erasure (“Right to be Forgotten”)

  • Request deletion of your data (subject to legal retention requirements)
  • We may be unable to comply if data is needed for legal, contractual, or regulatory reasons
  • Billing and invoice data must be retained for 7 years

Right to Restrict Processing

  • Request that we limit how we use your data
  • We may continue to store data but will limit active processing

Right to Data Portability

  • Request your data in a structured, portable format (e.g., CSV)
  • We will provide this within 30 days at no charge

Right to Object

  • Object to processing of your data for legitimate interest purposes
  • We will cease processing unless we have a compelling reason to continue

Rights Related to Automated Decision-Making

  • We do not use automated decision-making to make decisions about your service
  • All significant decisions are made following manual review

How to Exercise Your Rights

To exercise any of these rights, please contact:

  • Email: support@gnlsolutions.co.uk
  • Mail: Graham Long, Unit 6a Hammonds Green Farm, Framfield, Uckfield, East Sussex TN22 5QH

We will respond within 30 days.

12. Data Retention Schedule

Data Type Retention Period Reason
Session Logs 24 months Audit trail & dispute resolution
Support Tickets 24 months Service history & support quality
Device Monitoring Data 24 months Historical device health & security
Account Information 12 months after cancellation Dispute resolution & compliance
Billing & Invoices 7 years UK tax & financial regulations
Email Communications 24 months Service documentation
Payment Information Not stored by us Processed by GoCardless only

13. Automated Decision-Making & Profiling

We do not use automated decision-making or profiling to:

  • Determine eligibility for service
  • Adjust pricing
  • Make service changes
  • Suspend or terminate your account

All significant decisions are made following manual review.

14. Third-Party Links & Services

This Privacy Notice applies only to GNL Solutions. If you access third-party websites or services linked from our portal (e.g., ESET, MeshCentral), their privacy policies apply. We are not responsible for their data practices.

15. Cookies & Tracking

Our Website

Our website does not use analytics, advertising cookies, or tracking technologies.

We use local storage only to remember your theme preference (light/dark mode). This does not track users or collect personal data.

Support Portal

Our support portal uses session cookies to:

  • Maintain your login
  • Remember your preferences
  • Protect against CSRF attacks

Third-Party Services

ESET and MeshCentral may use their own cookies. Refer to their privacy policies.

16. Data Processing Agreement (for Business Customers)

If you are a business customer and require a formal Data Processing Agreement (DPA) under GDPR Article 28, please contact us at support@gnlsolutions.co.uk.

We can provide a standard DPA for clients who act as data controllers and have personal data processed by us.

17. Data Breach Notification

Our Commitment

If a security breach occurs that compromises your data, we will:

  1. Investigate the breach immediately
  2. Notify you within 72 hours (as required by GDPR)
  3. Provide details of what data was affected
  4. Explain steps we’re taking to remedy the breach
  5. Advise you on protective measures you should take

Your Responsibility

Where applicable, business customers may have separate legal obligations to notify affected individuals.

18. Complaints & Regulatory Authority

If You’re Not Satisfied

If you believe we have violated your data privacy rights, you may:

  1. Contact Us First
    Email: support@gnlsolutions.co.uk
    We will investigate and respond within 30 days
  2. Escalate to the ICO
    Information Commissioner’s Office (ICO)
    Phone: 0303 123 1113
    Address: Water Lane, Wilmslow, Cheshire SK9 5AF

The ICO is the UK’s independent regulatory authority for data protection.

19. Changes to This Privacy Notice

We may update this Privacy Notice at any time. Significant changes will be announced via email at least 30 days in advance.

Continued use of our services after changes take effect indicates acknowledgment of the updated Privacy Notice.

20. Contact Information

Data Controller: GNL Solutions
Contact Person: Graham Long

For Data Privacy Questions:

  • Email: support@gnlsolutions.co.uk
  • Mail: Unit 6a Hammonds Green Farm, Framfield, Uckfield, East Sussex TN22 5QH
  • Response time: Within 30 days

21. Acknowledgment

By subscribing to GNL Protect, you acknowledge that you have read and understood this Privacy Notice.

If you have any questions about how your data is handled, please contact us immediately.

Last Updated: 24 February 2026

Terms of Service Acceptable Use Policy Back to GNL Protect