How Bernier Tech collects, processes and protects personal data.

GDPR and UK GDPR aware processing.

Bernier Tech is the data controller for personal information collected through this website and through order and service delivery processes. We process personal data lawfully, fairly and in a transparent manner, and we make every effort to ensure data is only used for the purposes described below.

Who is responsible for your data?

Bernier Tech is the data controller. If you have questions about this policy or want to exercise your rights, contact privacy@berniertech.com.

Categories of personal data.

Lawful bases for processing.

• Contract performance: to fulfil orders, deliver software, SaaS and advisory services, and manage service relationships.
• Legitimate interests: to operate the website, manage enquiries, improve service delivery, secure our systems and comply with legal obligations.
• Consent: where you opt in to marketing or optional communications, you may withdraw consent at any time.

Processing purposes.

• Responding to enquiries, preparing quotes and confirming service scope.
• Delivering software, SaaS access, reports, analyses and advisory work.
• Managing orders, renewals, invoices, refunds and customer support.
• Maintaining website security, preventing fraud and ensuring service availability.
• Meeting legal and regulatory obligations, including tax, accounting and dispute resolution.

Website analytics and tools.

We use essential cookies and may use limited analytics cookies for site performance and usage metrics. We do not use cookies for behavioural advertising or profiling. If you require details of any cookies in use, contact privacy@berniertech.com.

Sharing and processors.

We may share personal data with third-party processors that help provide our services, including payment processors, hosting providers, email systems, and customer support platforms. These providers are required to use your personal data only for the purposes we specify and to protect it in accordance with applicable law.

Payment processing is handled by third-party checkout platforms such as Lemon Squeezy, Stripe, or Fastspring. Their privacy policies also apply to payment-related data submitted during checkout.

Transfers outside the UK and EU.

Personal data may be processed outside the UK or EU by service providers that host or support our systems. Where required, we use appropriate safeguards such as UK/EU standard contractual clauses or rely on adequacy decisions to protect your data.

How long we keep personal data.

We retain personal data only for as long as necessary to fulfil the purpose of processing, comply with legal obligations, resolve disputes and support our business operations. Generally, order and contract information is retained for up to 7 years, while marketing permissions are retained until withdrawn.

Data subject rights.

• Right of access to the personal data we hold about you.
• Right to rectification of inaccurate or incomplete data.
• Right to erasure, where processing is no longer necessary or lawful.
• Right to restriction of processing in certain circumstances.
• Right to data portability where processing is based on consent or contract.
• Right to object to processing based on legitimate interests.
• Right to withdraw consent for marketing at any time.

To exercise any of these rights, email privacy@berniertech.com. You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) in the UK or the relevant EU supervisory authority.

Safeguards and protection.

We implement reasonable technical and organisational measures designed to protect personal data from unauthorised access, loss or alteration. We regularly review our security practices and update them as needed.

Privacy enquiries.

For questions about this policy or to exercise your data rights, email privacy@berniertech.com.