Privacy Policy

Last updated: 04/02/2026

1. Introduction

Mister O Consulting ("we," "us," or "our") is committed to protecting your privacy and complying with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. This Privacy Policy explains how we collect, use, store, and protect your personal information when you use our website at mistero.consulting (the "Website").

2. Who We Are

Mister O Consulting is a sole trader consulting business operated by Orlando Bellocchio, based in Peebles, Scotland, providing IT consultancy services including legacy systems, system design, technical troubleshooting, and DevOps consulting.

We are the data controller for any personal data you provide to us through this Website.

3. Information We Collect

We collect and process the following types of personal data:

  • Account Information: when you create an account, we collect: username, email address, and password (mandatory). You may optionally provide your company name, phone number, and postal address.
  • Service Requests: when you request services, we collect your selections and any additional information you provide in text fields.
  • Feedback Submissions: when you submit feedback, we collect your comments, optional screenshot, and optional email address.
  • Communications: all correspondence through our Website, including chat transcripts, messages, and service updates, is stored in our systems.
  • Technical Data: when you log in, we use session cookies to keep you logged in. We do not use analytics tools or tracking cookies.
  • Usage Information: we may collect basic information about how you interact with the Website (e.g., pages visited) from standard server logs. This information is used for internal system administration and security monitoring, and is not used to identify individual users.

We do not collect or process any special category data (e.g., health information, political opinions, religious beliefs).

4. How We Collect Your Information

We collect personal data through:

  • Account registration on our client portal
  • Service request forms on our Website
  • Feedback forms on our Website
  • Direct interactions when you communicate with us through the Website
  • Automated technologies (session cookies) to maintain your login state

5. Legal Basis for Processing

Under UK GDPR, we must have a lawful basis for processing your data. We rely on the following:

  • Contract Performance: to provide our consulting services, manage your account, and fulfill service requests
  • Legal Obligation: to comply with tax, accounting, and regulatory requirements (e.g., retaining financial records)
  • Legitimate Interests: we rely on legitimate interests for network and information security, including monitoring server logs and preventing unauthorised access.
  • Consent: we rely on your consent when you opt in to receive email or push notifications. All other processing does not rely on consent

6. How We Use Your Information

We use your personal data for the following purposes:

  • To create and manage your account
  • To provide and manage our consulting services
  • To communicate with you about projects, service requests, and updates
  • To process feedback and improve our services
  • To send email or push notifications (where you have opted in) containing links to activity on the Website (notifications do not contain private data)
  • To comply with legal obligations (e.g., tax and accounting)
  • To maintain the security and functionality of our systems

7. Data Retention

We retain your personal data only as long as necessary for the purposes we collected it.

  • Account Information: Indefinitely while your account is active. If you delete your account, we immediately delete all private data (email, phone, address, etc.). We do retain your account ID for system integrity (e.g., to prevent username reuse and maintain audit trails)
  • Service Requests and Communications: 3 years from the date of the request or communication
  • Feedback Submissions: 3 years from the date of submission
  • Financial Records: 6 years (to comply with HMRC requirements)

8. Data Sharing and Third Parties

We do not sell, rent, or trade your personal data. All information you provide stays with us.

We only share data in the following limited circumstances:

  • Hetzner Online GmbH (Germany): our Website is hosted on Hetzner's servers in Germany. Data is stored on our virtual private servers, to which only we have access.
  • Professional advisors: if necessary, we may share data with our accountants or legal counsel for legitimate business purposes.
  • Regulatory bodies: if required by law, we may share data with HMRC or other authorities.

We do not use any third-party analytics, marketing, or tracking tools. All data remains under our control.

9. International Transfers

Your data is stored on servers located in Germany (within the European Economic Area). The UK GDPR currently recognizes the EEA as providing adequate data protection. No additional safeguards are required.

We do not transfer your data outside the UK or EEA.

10. Your Data Protection Rights

Under UK data protection law, you have the following rights:

  • Right to Access: request copies of your personal data
  • Right to Rectification: request correction of inaccurate or incomplete data
  • Right to Erasure: request deletion of your personal data ("right to be forgotten"). Account deletion triggers immediate erasure of private data
  • Right to Restriction: request limitation of how we process your data
  • Right to Object: object to processing based on legitimate interests
  • Right to Complain: lodge a complaint with the Information Commissioner’s Office (ICO) if you believe we have not handled your data correctly (www.ico.org.uk)
  • Right to Data Portability: request transfer of your data to another organization in a structured, machine-readable format

To exercise any of these rights, please contact us at mistero@mistero.consulting. We will respond within one month.

11. Children's Privacy

Our Website and services are not directed at children under the age of 16. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us, and we will delete it.

12. Cookies

We use only essential cookies:

  • Session cookies: these are required to keep you logged in to your account and maintain your session. They are deleted when you close your browser.

We do not use any non-essential cookies (e.g., for analytics, marketing, or tracking). Because we only use essential cookies, we do not need to ask for your consent. They are necessary for the Website to function.

13. Data Security

We take data security seriously. We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. These include:

  • Data stored on secure, access-controlled virtual private servers
  • Using encryption protocols to protect your personal information during transmission
  • Password-protected accounts with hashed passwords
  • Regular system updates and security monitoring
  • Limited staff access to data

While we strive to protect your data, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security.

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. The updated version will be indicated by a revised "Last updated" date. If we make material changes, we will notify account holders through the Website or by email.

15. Contact Us

If you have questions about this Privacy Policy, wish to exercise your data protection rights, or would like to request deletion of your account, please contact us:

Mister O Consulting
Attn: Orlando Bellocchio
3, Haswellsykes Cottage
EH45 9JL
Peebles
United Kingdom

ICO Registration Number

Email: mistero@mistero.consulting