Privacy Policy
Last updated: 26 May 2026.
Gigante Tech (“we”, “us”) respects your privacy and is committed to being straightforward about how we handle your personal data. This page explains what we collect, why, and what rights you have under UK GDPR and the Data Protection Act 2018.
1. Who we are
Gigante Tech is an independent IT support and managed services business, operated by Paul Rimmer and based in Broadwater, Worthing, West Sussex. We are the data controller for any personal data you provide through this website.
You can contact us about privacy matters at info@gigantetech.com.
2. What data we collect
When you visit this website, we collect:
- Anonymised page-view analytics via a self-hosted instance of Umami — cookieless, IP-anonymised, and never shared with third parties. Umami does not use cookies or track you across sites.
- Server access logs (your IP address, user agent, and requested URL) held for a maximum of 7 days for security and operational purposes.
When you use the contact form, we collect the information you enter:
- Your name and email address (required)
- Phone number (optional)
- Business name (optional)
- Enquiry details
When you email or WhatsApp us directly, we retain the correspondence needed to respond to your enquiry.
If you received a cold outreach email from us (typically from paul@getgigantetech.com), the data we held about you was limited to the public information described in section 2a below.
2a. Cold outreach to small businesses
We carry out direct B2B outreach to UK limited companies whose data is published in the Companies House public register under the Open Government Licence v3.0. We use this data to identify small West Sussex businesses that may benefit from independent Microsoft 365 IT support.
For each outreach prospect we may hold:
- Company name, registered company number, and registered address (Companies House)
- A primary web domain identified from public sources
- A general business email address discovered on that public website (e.g.
info@,hello@) - Findings from automated security and configuration checks on publicly-reachable services on that domain (e.g. missing DMARC, expired SSL) used to personalise the email
- Whether you opened our email, clicked a link, or replied (only when open- and click-tracking is enabled — see section 4a)
We never collect personal data from password-protected, authenticated, or private sources, and we never scrape or buy mailing lists.
Lawful basis: legitimate interests (UK GDPR Article 6(1)(f)) for direct B2B marketing to corporate subscribers (PECR Reg 22(2) does not apply to corporate subscribers). You can object at any time and we will stop — see section 7.
To remove yourself from cold outreach immediately:
- Reply with “STOP” to any email and we will suppress your address permanently within 24 hours
- Use the one-click unsubscribe link in the email footer (when present)
- Email info@gigantetech.com and we will action it manually
Once suppressed, your address and domain are recorded in a suppression list held indefinitely for the sole purpose of ensuring you are never contacted again.
3. Why we collect it and the lawful basis
| What | Why | Lawful basis (UK GDPR) |
|---|---|---|
| Website analytics | Understand how visitors use the site so we can improve it | Legitimate interest (Article 6(1)(f)) |
| Server access logs | Security, fraud prevention, service continuity | Legitimate interest (Article 6(1)(f)) |
| Contact form and email correspondence | Respond to your enquiry and, where relevant, provide the services you ask about | Legitimate interest (pre-contract) or contract performance (Article 6(1)(b)) |
| Invoicing and client records (for paying clients) | Fulfil the service contract and meet legal obligations (HMRC records) | Contract performance (Article 6(1)(b)) and legal obligation (Article 6(1)(c)) |
4. Cookies
This website does not set cookies for analytics or advertising. The Cloudflare Turnstile widget on the contact form may set a short-lived functional cookie to verify you are a human; this is strictly necessary for anti-spam purposes and is not used for tracking.
4a. Email tracking (cold outreach only)
When we send a cold outreach email we may include:
- A 1×1 transparent tracking pixel that records whether the email was opened, served by
www.gigantetech.com - Tracked links (a redirect through
www.gigantetech.com/r/) that record whether a link in the email was clicked
When enabled, this is disclosed in the email footer and the footer carries a one-click unsubscribe link. Tracking is off by default for the initial cold outreach campaign sent in mid-2026; it may be enabled for later, lower-volume follow-ups. The data captured is limited to: prospect identifier (a per-recipient token), event type (open or click), target URL (for clicks only), truncated user agent, and a salted SHA-256 hash of the source IP (never the raw IP). It is retained for 90 days and then purged.
This tracking does not set any cookies in your browser. Tracking is suppressed permanently the moment you reply STOP or unsubscribe.
5. Who we share data with
We do not sell, rent, or share your personal data for marketing purposes. Where necessary to provide the service, your data may be processed by:
- Cloudflare — for Turnstile anti-spam verification on the contact form
- Our self-hosted mail server (Stalwart) — for outbound and inbound email on
gigantetech.comandgetgigantetech.com. We do not relay your messages through any third-party mail provider. - WhatsApp (Meta) — if you choose to contact us via WhatsApp
- HMRC and professional advisors — where legally required
Each of these is itself a data controller or processor under UK GDPR and has its own appropriate safeguards.
6. How long we keep it
| Data | Retention |
|---|---|
| Website analytics | 12 months, in aggregate form |
| Server access logs | Maximum 7 days |
| Contact form submissions (no subsequent engagement) | 12 months |
| Cold outreach prospect records (no reply) | 12 months from last contact, then purged |
| Cold outreach email open/click events (when tracking enabled) | 90 days, then purged |
| Suppression list (replies of STOP, unsubscribes, hard bounces) | Indefinite, to ensure we never contact you again |
| Client records, correspondence, invoices | 6 years after the end of the engagement, to meet HMRC requirements |
7. Your rights
Under UK GDPR you have the right to:
- Access the personal data we hold about you
- Correct inaccurate data
- Ask us to delete your data where there is no legitimate reason to keep it
- Restrict or object to our processing of your data
- Receive your data in a portable format
- Withdraw consent where processing was based on consent
- Complain to the UK Information Commissioner’s Office (ICO) at ico.org.uk
To exercise any of these, email info@gigantetech.com. We’ll respond within one calendar month.
8. Security
We apply reasonable technical and organisational measures to protect your data, including TLS encryption in transit, restricted administrative access, and endpoint protection on the systems we use. No internet-facing service is ever 100% secure, but we treat your data with the same discipline we apply to our business clients.
9. Changes to this policy
We may update this policy from time to time. The “last updated” date at the top will change when we do. Material changes will be announced here.
10. Contact
Privacy questions, subject access requests, or any other data protection matter: info@gigantetech.com.