Privacy Policy
Version Control
• Version: 2.0
• Last Updated: 17 November 2025
• Effective Date: 17 November 2025
• Next Review Date: 17 November 2026
⠀
Introduction
Will Whawell is committed to protecting the privacy and security of the personal data we handle in accordance with the UK General Data Protection Regulation (UK GDPR) and Data Protection Act 2018. This privacy policy outlines how we collect, use, and protect information provided by our clients and website visitors.
About Will Whawell
Will Whawell is a sole trader providing ISO auditing, strategic analysis (including GAP, SWOT, and PESTLE assessments), regulatory intelligence, specialist blog writing, and office manual creation services to UK businesses. Our services support organisations in achieving ISO certification, managing operational risk, and maintaining regulatory alignment.
Business Address: The Old Waterloo Arms Abermule, Montgomery Powys SY15 6ND
Contact Email: info@wjw33.co.uk
ICO Registration: Registered with the Information Commissioner's Office ICO Registration Number
Data Controller
For the purposes of UK GDPR, Will Whawell is the data controller responsible for the personal data we collect and process in connection with our business operations.
What Personal Data We Collect
We may collect and process the following categories of personal data:
1. Client Contact Information
• Full name
• Job title and organisation
• Business email address
• Telephone number
• Business postal address
⠀2. Project and Service Delivery Data
• Information provided during consultations and discovery meetings
• Documentation, reports, and analysis shared as part of project delivery
• Communication records (emails, meeting notes, correspondence)
• Invoicing and payment information
⠀3. Website and Communications Data
• IP address and browser information (if you visit our website)
• Email engagement data (e.g., open rates, click-throughs if using email marketing tools)
• Cookies (if applicable—see section on cookies below)
How We Use Your Personal Data
We process personal data only where we have a lawful basis to do so. The primary lawful bases we rely on are:
1. Contract Performance
To deliver ISO auditing, strategic analysis, blog writing, and related services as agreed in our client contracts or service agreements.
2. Legitimate Interests
To manage our business operations, maintain client relationships, respond to enquiries, and improve our services.
3. Legal Obligation
To comply with legal and regulatory requirements, including accounting, tax, and professional standards.
4. Consent (where applicable)
For marketing communications or newsletter subscriptions, where you have explicitly opted in.
Who We Share Your Data With
We do not sell, rent, or trade your personal data. We may share your information only in the following limited circumstances:
1. Third-Party Service Providers
We may use trusted third-party service providers to support our operations, including:
• Accounting and invoicing software
• Email and communication platforms
• Cloud storage and document management systems
• Website hosting and analytics services
⠀All third-party processors are required to handle your data securely and in accordance with UK GDPR.
2. Legal and Regulatory Authorities
We may disclose personal data if required by law, regulation, or court order, or to protect our legal rights.
Data Security
We implement appropriate technical and organisational measures to protect personal data against unauthorised access, accidental loss, destruction, or damage. These measures include:
• Secure password-protected systems
• Encryption of sensitive data in transit and at rest
• Regular backups and secure storage
• Access controls limiting data access to authorised personnel only
Data Retention
We retain personal data only for as long as necessary to fulfil the purposes for which it was collected or to comply with legal, regulatory, or contractual obligations.
Retention Periods:
• Client project data: Retained for the duration of the project and up to 7 years following completion (in line with UK accounting and tax requirements).
• Marketing data: Retained until you withdraw consent or request deletion.
• Website analytics data: Typically retained for 2 years or as configured in analytics tools.
⠀When personal data is no longer required, it will be securely deleted or anonymised.
Your Data Protection Rights
Under UK GDPR, you have the following rights regarding your personal data:
1. Right of Access: Request a copy of the personal data we hold about you.
2. Right to Rectification: Request correction of inaccurate or incomplete data.
3. Right to Erasure: Request deletion of your personal data (subject to legal retention requirements).
4. Right to Restrict Processing: Request that we limit how we use your data.
5. Right to Data Portability: Request a copy of your data in a structured, machine-readable format.
6. Right to Object: Object to processing based on legitimate interests or for direct marketing purposes.
7. Right to Withdraw Consent: Withdraw consent at any time where processing is based on consent.
⠀To exercise any of these rights, please contact us at: info@wjw33.co.uk
Cookies and Website Analytics
If our website uses cookies or analytics tools (such as Google Analytics), we will provide clear notice and obtain consent where required. Cookies help us understand how visitors use our website and improve user experience.
You can manage or disable cookies through your browser settings. Note that disabling cookies may affect website functionality.
International Data Transfers
We do not routinely transfer personal data outside the United Kingdom. If international transfers are necessary (e.g., use of cloud services hosted abroad), we ensure appropriate safeguards are in place, such as:
• Standard Contractual Clauses (SCCs)
• Transfers to countries with adequacy decisions under UK GDPR⠀
Changes to This Privacy Policy
We may update this privacy policy from time to time to reflect changes in our practices, services, or legal requirements. The "Last Updated" date at the top of this policy indicates when the most recent changes were made.
We encourage you to review this policy periodically. Continued use of our services following any updates constitutes acceptance of the revised policy.
Contact Us
If you have any questions, concerns, or requests regarding this privacy policy or how we handle your personal data, please contact us:
Will Whawell The Old Waterloo Arms Abermule, Montgomery Powys SY15 6ND
Email: info@wjw33.co.uk
Complaints
If you are not satisfied with how we have handled your personal data, you have the right to lodge a complaint with the Information Commissioner's Office (ICO), the UK's data protection regulator.
ICO Contact: Website: www.ico.org.uk Telephone: 0303 123 1113