Legal

Privacy notice

How Just DSARs Limited processes personal data collected through this website, in line with the UK GDPR and the Data Protection Act 2018.

Last updated: 18 May 2026 · Version 1.0

1. Who we are

Just DSARs Limited is the controller for the personal data we collect through this website.

  • Registered in England & Wales
  • Company number: [to be inserted before launch]
  • Registered office: 14 Hurricane Court, Langley, Slough, SL3 8FA
  • Contact: hello@justdsars.com

References to "we", "us", and "our" in this notice mean Just DSARs Limited.

2. What personal data we collect

We collect personal data from you only when you choose to provide it, and the website collects limited technical data automatically. Specifically:

  • Information you provide through the contact form — your name, work email, organisation, role (optional), the nature of your enquiry, and any free-text detail you choose to share.
  • Information you provide by email — if you write to us directly, we receive whatever content and metadata your email contains.
  • Technical data collected automatically — IP address (truncated for analytics where used), browser type, device type, referrer, and pages visited. See our cookies notice for detail on cookies and similar technologies.

3. Why we process your personal data and our lawful basis

We process your personal data for the following purposes:

  • To respond to enquiries and explore engagement — lawful basis: UK GDPR Art. 6(1)(b) (taking steps at your request prior to entering into a contract).
  • To send service-related communications during a live engagement — lawful basis: UK GDPR Art. 6(1)(b) (performance of a contract).
  • To run the website securely and understand how it's used — lawful basis: UK GDPR Art. 6(1)(f) (legitimate interests in maintaining and improving our website). We balance this interest against your rights; you can object at any time.
  • To set optional cookies (analytics) — lawful basis: your consent under regulation 6 of the Privacy and Electronic Communications Regulations 2003 (PECR). You can withdraw consent at any time via the cookie preferences link in the footer.
  • To comply with legal and regulatory obligations — for example, record-keeping requirements — lawful basis: UK GDPR Art. 6(1)(c) (legal obligation).

4. Who we share your personal data with

We share personal data only where necessary, and under appropriate contractual safeguards. Recipients may include:

  • Our cloud and hosting providers — for example, Netlify, Inc. (website hosting and form processing) and Microsoft Corporation (email and document storage via Microsoft 365), each acting as our processor.
  • Our CRM provider — HubSpot, Inc., acting as our processor, where we use it to manage business communications.
  • Group entities — for relevant enquiries, we may route to or coordinate with our sister practice VulaPri Limited (advisory) where this is appropriate to your enquiry.
  • Professional advisers — legal, insurance, and accounting advisers, under duties of confidence.
  • Regulators, courts, and law enforcement — where required by law.

We do not sell your personal data and we do not share it for third-party marketing.

5. International transfers

Some of our processors are based outside the UK. Where personal data is transferred outside the UK, we rely on either an adequacy decision (for example, the UK's adequacy regulations for the EEA) or an appropriate safeguard such as the UK International Data Transfer Agreement (IDTA) or the UK Addendum to the EU Standard Contractual Clauses, in line with UK GDPR Art. 46.

6. How long we keep your personal data

  • Enquiry data where no engagement results — up to 12 months, then deleted, unless we are required to retain it longer.
  • Client engagement records — for the duration of the engagement and for 6 years after its end, to meet legal and limitation-period requirements.
  • Records required by HMRC and Companies House — for the periods set by statute (typically 6 years).
  • Website analytics — as detailed in our cookies notice.

7. Your rights

Under UK GDPR you have the following rights, exercisable free of charge in most cases:

  • Access (Art. 15) — to obtain a copy of your personal data.
  • Rectification (Art. 16) — to correct inaccurate data.
  • Erasure (Art. 17) — to ask us to delete your data, subject to legal limits.
  • Restriction (Art. 18) — to limit processing in specified circumstances.
  • Portability (Art. 20) — to receive your data in a structured, machine-readable format.
  • Object (Art. 21) — to stop processing carried out under legitimate interests.
  • Withdraw consent (Art. 7(3)) — where processing is based on consent, with no effect on prior lawful processing.
  • Not to be subject to solely automated decisions (Art. 22). We do not make any decisions about you using solely automated processing.

To exercise any of these rights, write to us at hello@justdsars.com. We will respond within one month (UK GDPR Art. 12(3)), extendable in limited circumstances.

8. Complaints

If you are not satisfied with how we have handled your personal data, you have the right to complain to the Information Commissioner's Office (ICO).

  • ICO website: ico.org.uk/make-a-complaint
  • Helpline: 0303 123 1113
  • Address: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF

We'd appreciate the chance to address your concern first — please contact us before complaining to the ICO if you can.

9. Cookies

See our separate cookies notice for the cookies and similar technologies this website uses, and how to control them.

10. Changes to this notice

We may update this notice from time to time. The version and date at the top of this page show when it was last revised. Material changes will be flagged on the site before they take effect.

11. Contact

Questions about this notice or our processing? Write to us at hello@justdsars.com, or by post to Just DSARs Limited, 14 Hurricane Court, Langley, Slough, SL3 8FA.

Back to home