Skip to main content
PathMon

GDPR & Data Protection

Last updated: 21 March 2025

1. Our Commitment

PatchMon Ltd is committed to protecting your personal data in accordance with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and the EU General Data Protection Regulation (EU GDPR). This page supplements our Privacy Policy with specific information about GDPR compliance.

2. Data Controller

PatchMon Ltd is the data controller for personal data processed through our website and services. Our contact details are:

PatchMon Ltd

71-75 Shelton Street, Covent Garden, London, United Kingdom, WC2H 9JQ

Email: support@patchmon.net

Telephone: +44 1706 404099

3. Lawful Basis for Processing

We process personal data only when we have a lawful basis to do so. The lawful bases we rely on include:

Contract Performance (Article 6(1)(b))

Processing necessary to provide our Services to you, including account management, service delivery, and customer support.

Legitimate Interests (Article 6(1)(f))

Processing necessary for our legitimate business interests, such as improving our Services, ensuring security, and preventing fraud. We balance our interests against your rights and only rely on this basis where appropriate.

Consent (Article 6(1)(a))

Where you have given clear consent for us to process your personal data for a specific purpose, such as receiving marketing communications. You may withdraw consent at any time.

Legal Obligation (Article 6(1)(c))

Processing necessary to comply with legal or regulatory obligations, such as tax reporting or responding to lawful requests from authorities.

4. Your Rights Under GDPR

As a data subject, you have the following rights:

Right of Access (Article 15)

You can request a copy of the personal data we hold about you. We will provide this within 30 days of receiving your request.

Right to Rectification (Article 16)

You can request that we correct any inaccurate or incomplete personal data we hold about you.

Right to Erasure (Article 17)

You can request that we delete your personal data where there is no compelling reason for its continued processing. Also known as the "right to be forgotten".

Right to Restriction of Processing (Article 18)

You can request that we restrict the processing of your personal data in certain circumstances, such as when you contest the accuracy of the data.

Right to Data Portability (Article 20)

You can request a copy of your personal data in a structured, commonly used, machine-readable format and have it transferred to another controller.

Right to Object (Article 21)

You can object to processing based on legitimate interests or for direct marketing purposes. We will stop processing unless we demonstrate compelling legitimate grounds.

Rights Related to Automated Decision-Making (Article 22)

You have the right not to be subject to a decision based solely on automated processing, including profiling, that produces legal or similarly significant effects. PatchMon does not currently use automated decision-making.

To exercise any of these rights, please contact us at support@patchmon.net. We will respond to your request within 30 days. In exceptional circumstances, we may extend this period by a further 60 days, in which case we will inform you of the extension and the reasons for it.

5. Data Processing Activities

5.1 PatchMon Cloud (Data Processor)

When you use PatchMon Cloud, we act as a data processor for the infrastructure data collected by the PatchMon agent. This data includes server hostnames, operating system information, installed packages, and update status. You, as the Cloud customer, remain the data controller for this information.

5.2 Self-Hosted (No Data Processing by PatchMon)

When you self-host PatchMon (Community or PRO), all infrastructure data remains on your own servers. PatchMon does not receive, process, or have access to any of this data. Your organisation is both the data controller and data processor.

5.3 Data Processing Agreements

PatchMon Cloud customers who require a Data Processing Agreement (DPA) for GDPR compliance can request one by contacting support@patchmon.net.

6. International Data Transfers

Where personal data is transferred outside the UK or EEA, we ensure appropriate safeguards are in place:

  • Adequacy decisions: transfers to countries recognised by the UK or EU as providing adequate data protection.
  • Standard Contractual Clauses (SCCs): approved contractual terms that provide appropriate safeguards for cross-border transfers.
  • UK International Data Transfer Agreement (IDTA): where required for transfers from the UK.

7. Data Breach Notification

In the event of a personal data breach that poses a risk to your rights and freedoms, we will:

  • Notify the Information Commissioner's Office (ICO) within 72 hours of becoming aware of the breach.
  • Notify affected individuals without undue delay where the breach is likely to result in a high risk to their rights and freedoms.
  • Document all breaches, including their effects and the remedial actions taken.

8. Supervisory Authority

If you are not satisfied with our response to a data protection concern, you have the right to lodge a complaint with a supervisory authority:

Information Commissioner's Office (ICO)

Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF

Telephone: 0303 123 1113

Website: ico.org.uk

If you are located in the EU/EEA, you may also contact your local data protection authority.

9. Contact Us

For any data protection queries or to exercise your rights, please contact us:

Email: support@patchmon.net

Telephone: +44 1706 404099

Address: 71-75 Shelton Street, Covent Garden, London, United Kingdom, WC2H 9JQ