Privacy Policy

1. Introduction

Whitestar Services Ltd (“we”, “us”, “our”) is committed to protecting your privacy and handling your personal data lawfully, fairly, and transparently in accordance with:

the UK General Data Protection Regulation (UK GDPR),

the Data Protection Act 2018 (DPA 2018),

the Data Use and Access Act 2025 (DUAA),

the Privacy and Electronic Communications Regulations 2003 (PECR),

the Consumer Protection from Unfair Trading Regulations 2008 (CPRs), and

the Consumer Rights Act 2015 (CRA).

This Policy explains how we collect, use, share, store, and protect your personal data, and outlines your rights under these frameworks. It should also be read in light of the Human Rights Act 1998, Article 8 (right to private and family life), which underpins modern data protection law.

2. Who We Are

Data Controller & Data Processor
Whitestar Services Ltd may act as both a:

Data Controller, when we determine the purposes and means of processing personal data; and

Data Processor, when we process data on behalf of a client and under their written instructions.

Registered Office:
Whitestar Services Ltd
141 Englishcombe Lane
Bath, BA2 2EL
United Kingdom

Company Registration: 13417041
ICO Registration Number: ZB077961
VAT Registration Number: GB382674368
Contact Email: neil@whitestarservices.co.uk

3. Definitions

Personal Data: Any information that relates to an identified or identifiable living individual (UK GDPR Art. 4(1))

Processing: Any operation performed on personal data (e.g., collection, storage, use, deletion) (UK GDPR Art. 4(2))

Special Category Data: Sensitive personal data requiring extra protection (UK GDPR Art. 9)

Access Data (DUAA): Information on when, where, and by whom a data record was accessed.

SRI (Senior Responsible Individual): DUAA-specific role for accountability and audit.

4. What Personal Data We Collect

We may collect the following categories of personal data:

Category

Examples

Contact Data

Name, email address, telephone number, job title, business address

Payment Data

Billing contact details, invoice records, payment confirmations

Website Usage Data

IP address, device type, browser, referral source, pages viewed, time spent

Marketing Data

Email preferences, communication history

We do not knowingly collect or process special category data unless explicitly required and lawfully justified.

5. How We Collect Personal Data

Directly from you: via contact forms, emails, phone calls, events, or service requests.

Indirectly: from referrals, publicly available sources, client instructions.

Via our website: using cookies and analytics tools (see Section 11).

From third-party sources such as public registers (e.g. Companies House) and professional networking sites where permitted by law.

6. Legal Bases for Processing

We process personal data under the following lawful bases (UK GDPR Art. 6):

Contractual Obligation: Where processing is necessary for the performance of a contract.

Legitimate Interests: For example, business development, internal administration, fraud prevention.

Consent: For optional marketing communications or where legally required.

Legal Obligation: To comply with UK law or regulatory requirements.

7. How We Use Personal Data

We may use your data to:

Respond to enquiries or requests

Fulfil contractual obligations to clients

Administer accounts and billing

Maintain website functionality and user experience

Send business-to-business (B2B) communications

Comply with legal obligations

Maintain audit trails for access (DUAA Section 15)

Under UK GDPR Art. 6(1)(f), where we rely on legitimate interests, we balance those interests against your rights and freedoms (Recital 47 – includes direct marketing as a potential legitimate interest).

Marketing activities are conducted in line with PECR Regs. 22–23 (electronic marketing) and the CPRs 2008 Regs. 3–6 (misleading or aggressive practices).

We do not engage in automated decision-making or profiling under UK GDPR Art. 22, unless required by law, and would notify you if this changes.

We will always provide a clear opportunity to object to direct marketing at the point of collection and in every message we send.

You may opt out of marketing communications at any time by contacting: neil@whitestarservices.co.uk

8. Data Sharing and International Transfers

We may share data with the following parties, where lawful:

IT and cloud service providers (e.g. hosting, email, CRM)

Payment providers (e.g. PayPal, Stripe – acting as Data Processors)

Communication providers (e.g. Twilio, Zendesk)

Cloud infrastructure providers (e.g. Microsoft Azure)

Our professional advisers (e.g. accountants, legal counsel)

Regulatory authorities, including the Information Commissioner’s Office (ICO) and law enforcement

DUAA access log requests, when permitted under Section 16 of the Act

Where these providers are located outside the UK or EU, we ensure transfers are protected by either:

UK adequacy decisions, or

Standard Contractual Clauses (SCCs) approved by the UK Government or European Commission, supplemented by transfer risk assessments.

Records are maintained under UK GDPR Art. 30 (RoPA) and transfer risk assessments follow ICO guidance.

Where appropriate, we also use the UK International Data Transfer Agreement (IDTA) or the UK Addendum to the EU SCCs.

Framework References: Articles 13 & 14 UK GDPR, DPA 2018 Part 2, DUAA 2025 Section 13.

 

9. Data Security Measures

We implement appropriate technical and organisational measures (TOMs) to secure your data, including:

Role-based access controls

Encrypted cloud storage

Device encryption

Multi-factor authentication

Staff training in data protection

For more, you may request our Technical & Organisational Measures (TOMs) Summary via: neil@whitestarservices.co.uk

These measures are required under UK GDPR Art. 32(1), DPA 2018 Sch. 1, and DUAA 2025 Sec. 15.

We maintain incident response procedures and will assess personal data breaches without undue delay and notify the ICO and affected individuals where required by law.

10. Data Retention

We retain personal data only for as long as necessary:

Type of Data

Retention Period

Legal Basis / Reference

Client records

7 years after final service

HMRC record-keeping requirements; UK GDPR Art. 13(2)(a)

Website contact form data

1 year

Business necessity

Suppression list (opt-outs)

Indefinitely (unless erased on request)

Legitimate interest in respecting marketing objections

Financial transaction data (invoices, receipts)

6 years

Companies Act 2006; HMRC

We securely delete or anonymise data when no longer required, unless retention is mandated by law.

When deletion is not feasible, we will securely anonymise the data so it can no longer be associated with an identifiable individual.

Retention periods are also influenced by HMRC record-keeping duties and the Consumer Rights Act 2015 where applicable.

11. Cookie Policy

a. What Are Cookies?
Cookies are small data files placed on your device when you visit our site. They help us:

Recognise returning users

Analyse usage patterns

Customise content

Improve functionality

b. Types of Cookies We Use

Type

Purpose

Strictly Necessary

Required for core website functionality

Performance/Analytics

Used to collect anonymous site usage data

Functionality

Remembers user preferences and enhances site behaviour

Marketing

May track user behaviour for tailored advertising (only with consent)

c. Legal Basis & Consent
Under PECR and UK GDPR, we require consent to store non-essential cookies (Analytics, Marketing).

Our Cookie Banner provides “Accept all”, “Reject all”, and “Manage settings” options so you can grant consent by purpose.

You can manage your preferences via our Cookie Banner or update them anytime in your browser settings.

d. Third-Party Cookies
We may allow trusted partners (e.g. Google Analytics) to place cookies. You can view and control these in our Cookie Notice.

Where third-party cookie providers process data outside the UK/EU, we apply the transfer safeguards described in Section 8.

e. Disabling Cookies
You can disable cookies via your browser settings. However, doing so may limit certain functionalities.

Strictly necessary cookies are exempt under PECR Reg. 6(4). Non-essential cookies require consent under UK GDPR Art. 6(1)(a).

Session cookies expire when you close your browser; analytics cookies may last up to 2 years.


12. Your Rights (UK GDPR & DUAA)

You have the following rights in relation to your personal data:

Access (Art. 15 UK GDPR): Request a copy of your personal data.

Rectification: Correct inaccurate or incomplete data.

Erasure (“Right to be Forgotten”): Ask for your data to be deleted in certain circumstances.

Restriction: Request a pause in processing under certain grounds.

Objection: Object to processing based on legitimate interests or direct marketing.

Portability (Art. 20 UK GDPR): Receive your data in a machine-readable format, and request that we transfer it to another controller where technically feasible.

Access Log Requests (DUAA Sec. 16): Request information about when and by whom your data was accessed.

Withdraw Consent: At any time where consent was the legal basis.

Statutory Update Obligation (DUAA Sec. 13): We must ensure your data is accurate and updated promptly where inaccuracies are identified, and you may request verification of this duty.

DPA 2018 Part 2 – UK-specific provisions on special category/criminal data.

HRA 1998 Art. 8 – protection of your right to private and family life.

You have the right to lodge a complaint with the ICO without prejudice to any other administrative or judicial remedy.

To exercise these rights, email: neil@whitestarservices.co.uk

We may ask you to verify your identity before we respond.

13. Children’s Data

Our services are not intended for children under 16. We do not knowingly collect or process data relating to minors. If we learn that we have inadvertently done so, we will delete it promptly.

We comply with UK GDPR Art. 8 (conditions for children’s consent in relation to information society services).

14. Senior Responsible Individual (SRI)

In accordance with Section 12 of the Data Use and Access Act 2025, Whitestar Services Ltd has appointed an SRI to oversee data accountability and ensure access transparency.

To contact the SRI directly, email: neil@whitestarservices.co.uk


15. Complaints & Contacting the Regulator

We always aim to resolve data concerns promptly.

We will acknowledge your complaint and aim to respond within one month.

However, if you are dissatisfied, you may raise a concern with:

Information Commissioner’s Office (ICO)
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
Tel: 0303 123 1113
https://ico.org.uk/make-a-complaint/
Email: casework@ico.org.uk

Depending on the nature of the issue, you may also have recourse to the Competition and Markets Authority (CMA), or the Advertising Standards Authority (ASA) if concerns relate to unfair trading or marketing practices.

16. Updates

We may update this Privacy & Cookie Policy to reflect changes in law or business operations. Please check this page regularly for updates.

We will notify you of significant updates via our website and, where appropriate, by direct communication (e.g. email).

Last updated: 25th September 2025.


Annex A – Legal Frameworks Covered

UK GDPR – Articles 4, 5, 6, 8, 13–15, 20, 22, 30, 32; Recital 47.

DPA 2018 – Part 2, Sch. 1.

DUAA 2025 – Secs. 12, 13, 15, 16.

PECR 2003 – Regs. 6, 22, 23.

Consumer Protection from Unfair Trading Regs (CPRs) 2008 – Regs. 3–6.

Consumer Rights Act 2015 – Part 2 (fairness of terms).

Companies Act 2006 – s.82 disclosures; retention duties.

HMRC record-keeping rules.

Human Rights Act 1998 (Art. 8).

CMA & ASA oversight – unfair trading and marketing standards.

 

Terms of Website Use

Last updated: 25th September 2025

Welcome to the Whitestar Services Ltd website (www.whitestarservices.co.uk). By accessing and using our website, you agree to comply with and be bound by these Terms of Use. If you do not agree, please do not use our website.

1. About Us

Whitestar Services Ltd (“we”, “us”, “our”) is a company registered in England and Wales.

Company number: 13417041

Registered office: c/o 141 Englishcombe Lane, Bath, BA2 2EL, United Kingdom

Contact email: neil@whitestarservices.co.uk

VAT number: GB382674368

We provide consultancy services in data protection and compliance.

2. Website Content

The content on this website is provided for general information only.

It is not intended to constitute legal or professional advice and should not be relied upon as such.

While we take reasonable care to ensure the accuracy of information, we make no warranties or representations that the content is complete, accurate, or up to date.

3. Use of the Website

You may use our website only for lawful purposes.

You must not:

use the website in any way that breaches applicable local, national, or international law;

attempt to gain unauthorised access to the website, its servers, or any connected databases;

introduce viruses, trojans, worms, or other harmful material.
 

4. Intellectual Property

All content on this website, including text, graphics, logos, and design, is owned by Whitestar Services Ltd or licensed to us.

You may view, download, and print content for your personal use, but you must not reproduce, distribute, or exploit it for commercial purposes without prior written consent.

5. Liability

To the maximum extent permitted by law, we exclude all liability for any loss or damage arising from your use of this website.

Nothing in these Terms excludes or limits liability for death or personal injury caused by negligence, fraud, or any liability that cannot be excluded under English law.

6. External Links

Our website may contain links to third-party websites.

We are not responsible for the content, security, or practices of those external websites.

7. Changes to the Website or Terms

We may update our website or amend these Terms from time to time.

Please check this page regularly to ensure you are aware of the current version.

8. Governing Law

These Terms are governed by and construed in accordance with the laws of England and Wales. Disputes shall be subject to the exclusive jurisdiction of the courts of England and Wales.

Legal Framework References

Companies Act 2006 (s.82) – trading disclosure requirements

Electronic Commerce (EC Directive) Regulations 2002 – information duties for online service providers

Consumer Rights Act 2015 – where B2C applies

Defamation Act 2013 & Copyright, Designs and Patents Act 1988 – underpin content/IP rules

 

Whitestar Services Limited

VAT: GB382674368

Reg ID: 13417041

Reg Address: 141 Englishcombe Lane, Bath, BA2 2EL.

2025 © Copyright. All rights reserved. 

Privacy Policy

Accessibility Statement

Website Disclaimer

Whitestar Services Ltd provides this website for general information only. The content does not constitute legal or professional advice. While we endeavour to keep information accurate, we accept no liability for reliance on it. For full details, please see our Terms of Website Use

We need your consent to load the translations

We use a third-party service to translate the website content that may collect data about your activity. Please review the details in the privacy policy and accept the service to view the translations.