Privacy Policy

Effective Date: 7th August 2025

1. Introduction

Whitestar Services Ltd (“we”, “us”, “our”) is committed to protecting your privacy and handling your personal data lawfully, fairly, and transparently in accordance with:

the UK General Data Protection Regulation (UK GDPR),

the Data Protection Act 2018 (DPA 2018),

the Data Use and Access Act 2025 (DUAA), and

the Privacy and Electronic Communications Regulations 2003 (PECR).

This Policy explains how we collect, use, share, store, and protect your personal data, and outlines your rights under these frameworks.

2. Who We Are

Data Controller & Data Processor

Whitestar Services Ltd may act as both a:

Data Controller, when we determine the purposes and means of processing personal data; and

Data Processor, when we process data on behalf of a client and under their written instructions.

Registered Office:
Whitestar Services Ltd
141 Englishcombe Lane
Bath, BA2 2EL
United Kingdom

Company Registration: 13417041
ICO Registration Number: ZB077961
VAT Registration Number: GB382674368
Contact Email: neil@whitestarservices.co.uk

3. Definitions

Personal Data: Any information that relates to an identified or identifiable living individual (UK GDPR Art. 4(1))

Processing: Any operation performed on personal data (e.g., collection, storage, use, deletion) (UK GDPR Art. 4(2))

Special Category Data: Sensitive personal data requiring extra protection (UK GDPR Art. 9)

Access Data (DUAA): Information on when, where, and by whom a data record was accessed.

SRI (Senior Responsible Individual): DUAA-specific role for accountability and audit.


4. What Personal Data We Collect

We may collect the following categories of personal data:

Category

Examples

Contact Data

Name, email address, telephone number, job title, business address

Payment Data

Billing contact details, invoice records, payment confirmations

Website Usage Data

IP address, device type, browser, referral source, pages viewed, time spent

Marketing Data

Email preferences, communication history

We do not knowingly collect or process special category data unless explicitly required and lawfully justified.

5. How We Collect Personal Data

Directly from you: via contact forms, emails, phone calls, events, or service requests.

Indirectly: from referrals, publicly available sources, client instructions.

Via our website: using cookies and analytics tools (see Section 11).

6. Legal Bases for Processing

We process personal data under the following lawful bases (UK GDPR Art. 6):

Contractual Obligation: Where processing is necessary for the performance of a contract.

Legitimate Interests: For example, business development, internal administration, fraud prevention.

Consent: For optional marketing communications or where legally required.

Legal Obligation: To comply with UK law or regulatory requirements.

7. How We Use Personal Data

We may use your data to:

Respond to enquiries or requests

Fulfil contractual obligations to clients

Administer accounts and billing

Maintain website functionality and user experience

Send business-to-business (B2B) communications

Comply with legal obligations

Maintain audit trails for access (DUAA Section 15)

You may opt out of marketing communications at any time by contacting: neil@whitestarservices.co.uk

8. Data Sharing

We may share data with the following parties, where lawful:

IT and cloud service providers (e.g. hosting, email, CRM)

Payment providers (e.g. Stripe – acting as a Data Processor)

Our professional advisers (e.g. accountants, legal counsel)

Regulatory authorities, including the Information Commissioner’s Office (ICO) and law enforcement

DUAA access log requests, when permitted under Section 16 of the Act

We ensure that all third-party service providers agree to meet our data protection standards.

We do not transfer data outside the UK or EU unless adequate safeguards are in place (e.g., adequacy decisions or Standard Contractual Clauses).
 

9. Data Security Measures

We implement appropriate technical and organisational measures (TOMs) to secure your data, including:

Role-based access controls

Encrypted cloud storage

Device encryption

Multi-factor authentication

Staff training in data protection

For more, you may request our Technical & Organisational Measures (TOMs) Summary via: neil@whitestarservices.co.uk

10. Data Retention

We retain personal data only for as long as necessary:

Type of Data

Retention Period

Client records

7 years after final service

Website contact form data

1 year

Suppression list (opt-outs)

Indefinitely (unless erased on request)

We securely delete data when no longer required, or where legally obligated to do so.

11. Cookie Policy

a. What Are Cookies?

Cookies are small data files placed on your device when you visit our site. They help us:

Recognise returning users

Analyse usage patterns

Customise content

Improve functionality

b. Types of Cookies We Use

Type

Purpose

Strictly Necessary

Required for core website functionality

Performance/Analytics

Used to collect anonymous site usage data

Functionality

Remembers user preferences and enhances site behaviour

Marketing

May track user behaviour for tailored advertising (only with consent)

c. Legal Basis & Consent

Under PECR and UK GDPR, we require consent to store non-essential cookies (Analytics, Marketing).

You can manage your preferences via our Cookie Banner or update them anytime in your browser settings.

d. Third-Party Cookies

We may allow trusted partners (e.g. Google Analytics) to place cookies. You can view and control these in our Cookie Notice.

e. Disabling Cookies

You can disable cookies via your browser settings. However, doing so may limit certain functionalities.

12. Your Rights (UK GDPR & DUAA)

You have the following rights in relation to your personal data:

Right

Description

Access

Request a copy of your personal data (Art. 15 UK GDPR)

Rectification

Correct inaccurate or incomplete data

Erasure (“Right to be Forgotten”)

Ask for your data to be deleted in certain circumstances

Restriction

Request a pause in processing under certain grounds

Objection

Object to processing based on legitimate interests or direct marketing

Portability

Receive your data in a machine-readable format

Access Log Requests (DUAA Sec. 16)

Request information about when and by whom your data was accessed

Withdraw Consent

At any time where consent was the legal basis

To exercise these rights, email: neil@whitestarservices.co.uk

You may be asked to verify your identity before we respond.

13. Children’s Data

Our services are not intended for children under 16. We do not knowingly collect or process data relating to minors. If we learn that we have inadvertently done so, we will delete it promptly.

14. Senior Responsible Individual (SRI)

In accordance with Section 12 of the Data Use and Access Act 2025, Whitestar Services Ltd has appointed an SRI to oversee data accountability and ensure access transparency.

To contact the SRI directly, email: neil@whitestarservices.co.uk


15. Complaints & Contacting the Regulator

We always aim to resolve data concerns promptly. However, if you are dissatisfied, you may raise a concern with:

Information Commissioner's Office (ICO)
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
Tel: 0303 123 1113
https://ico.org.uk/make-a-complaint/
Email: casework@ico.org.uk

16. Updates

We may update this Privacy & Cookie Policy to reflect changes in law or business operations. Please check this page regularly for updates. Last updated: 7th August 2025.

Whitestar Services Limited

Reg ID: 13417041

Reg Address: 141 Englishcombe Lane, Bath, BA2 2EL.

2025 © Copyright. All rights reserved. Privacy Policy

We need your consent to load the translations

We use a third-party service to translate the website content that may collect data about your activity. Please review the details in the privacy policy and accept the service to view the translations.