Skip to main content

PRIVACY POLICY, GDPR NOTICE & DATA PROTECTION POLICY

Effective Date: 28 May 2026
Last Updated: 28 May 2026



1. INTRODUCTION

This Privacy Policy, GDPR Notice & Data Protection Policy (“Policy”) explains how Woodborough Admin Services Ltd (“Company”, “we”, “us”, or “our”) collects, processes, stores, protects, shares, and manages personal data in accordance with:

  • The UK General Data Protection Regulation (“UK GDPR”)
  • The EU General Data Protection Regulation (“EU GDPR”)
  • The Data Protection Act 2018
  • The Privacy and Electronic Communications (EC Directive) Regulations 2003 (“PECR”)
  • Applicable UK and EU privacy, electronic communications, employment, and commercial laws

This Policy applies to:

  • Website visitors
  • Customers and clients
  • Suppliers and contractors
  • Employees and applicants
  • Business contacts
  • Service users
  • Any individual whose personal data is processed by the Company

By accessing our website or using our services, you acknowledge that you have read and understood this Policy.



2. DATA CONTROLLER DETAILS

For the purposes of UK GDPR and EU GDPR, the Data Controller is:

Woodborough Admin Services Ltd

Penman Way
Leicester
Leicestershire
LE19 1SY
United Kingdom

Email: admin@was-uk.com

Website: www.was-uk.com

Business Hours: Monday – Friday, 8:00am – 5:00pm

ICO REGISTRATION

Woodborough Admin Services Ltd is registered with the UK Information Commissioner’s Office (ICO) in accordance with UK data protection legislation.

ICO Registration Number: ZC061312

The Company processes personal data in compliance with UK GDPR, EU GDPR, the Data Protection Act 2018, and all applicable data protection laws.



3. DEFINITIONS

For the purposes of this Policy:

  • “Personal Data” means any information relating to an identified or identifiable natural person.
  • “Processing” means any operation performed on personal data including collection, storage, use, disclosure, transfer, restriction, deletion, or destruction.
  • “Data Subject” means the individual to whom the personal data relates.
  • “Special Category Data” means sensitive personal data under Article 9 GDPR.
  • “Controller” means the entity determining the purposes and means of processing personal data.
  • “Processor” means any person or organisation processing personal data on behalf of the Controller.

4. DATA PROTECTION PRINCIPLES

The Company processes personal data in accordance with the principles established under Article 5 GDPR.

Personal data shall be:

  • Processed lawfully, fairly, and transparently
  • Collected only for specified, explicit, and legitimate purposes
  • Adequate, relevant, and limited to what is necessary
  • Accurate and kept up to date
  • Retained only for as long as necessary
  • Processed securely and confidentially
  • Processed in a manner demonstrating accountability and compliance

5. PERSONAL DATA WE MAY COLLECT

We may collect and process the following categories of personal data.


5.1 Identity Information

  • Full name
  • Date of birth
  • Nationality
  • Government-issued identification where legally required

5.2 Contact Information

  • Email address
  • Telephone number
  • Postal address 

5.3 Business & Service Information

  • Business correspondence
  • Service records
  • Contract information
  • Customer communications

5.4 Financial Information

Where applicable:

  • Banking information
  • Payment records
  • Invoicing details
  • Tax-related information

5.5 Technical Information

  • IP addresses
  • Browser type and version
  • Device information
  • Geographic location data
  • Cookies and analytics data
  • Session logs and website usage statistics

5.6 Recruitment & Employment Information

Where applicable:

  • Employment history
  • Qualifications
  • References
  • Right-to-work documentation
  • Professional certifications

5.7 Special Category Data

We may process Special Category Data only where legally permitted, including:

  • Health information
  • Disability information
  • Equality and diversity information
  • Criminal conviction information where authorised by law

Such data shall only be processed:

  • With explicit consent; or
  • Where legally required under employment, regulatory, or public interest obligations.

6. HOW PERSONAL DATA IS COLLECTED

We may collect personal data:

  • Directly from the individual
  • Through website forms and enquiries
  • Via telephone, email, meetings, and correspondence
  • Through contractual relationships
  • Through cookies and website technologies
  • Through publicly available lawful sources
  • Through third-party service providers where legally permitted

7. LEGAL BASES FOR PROCESSING

We process personal data under one or more lawful bases established under Article 6 GDPR.

7.1 Consent

Where the individual has provided informed consent.

7.2 Contractual Necessity

Where processing is necessary:

  • To enter into a contract
  • To perform contractual obligations
  • To provide requested services

7.3 Legal Obligation

Where processing is necessary to comply with legal or regulatory obligations.

7.4 Legitimate Interests

Where processing is necessary for legitimate business interests including:

  • Business administration
  • Customer support
  • Fraud prevention
  • Information security
  • Service improvement
  • Legal enforcement and defence

We ensure such interests do not override the rights and freedoms of the individual.



8. PURPOSES OF PROCESSING

We may process personal data for purposes including:

  • Providing and managing services
  • Managing customer and supplier relationships
  • Communicating with users and customers
  • Managing contracts and payments
  • Recruitment and employment administration
  • Legal and regulatory compliance
  • Fraud prevention and security monitoring
  • Website management and analytics
  • Internal auditing and record keeping
  • Exercising or defending legal claims

We shall not process personal data for purposes incompatible with this Policy without lawful justification.



9. COOKIES & ELECTRONIC COMMUNICATIONS

Our website may use cookies and similar technologies in accordance with PECR and GDPR requirements.

Cookies may be used for:

  • Essential website functionality
  • User authentication
  • Website analytics
  • Performance monitoring
  • Security purposes

Where legally required:

  • Users shall be presented with a cookie consent mechanism
  • Non-essential cookies shall not be placed without valid consent

Users may manage cookie preferences through browser settings.



10. DISCLOSURE OF PERSONAL DATA

We may disclose personal data to:

  • Professional advisers
  • IT and hosting providers
  • Payment processors
  • Government authorities
  • Regulatory bodies
  • Law enforcement agencies
  • Service providers operating under contractual obligations

All third parties processing personal data on behalf of the Company shall be required to:

  • Maintain confidentiality
  • Implement appropriate technical and organisational measures
  • Comply with GDPR obligations
  • Process personal data only on documented instructions

We do not sell personal data to third parties.



11. INTERNATIONAL DATA TRANSFERS

Where personal data is transferred outside the United Kingdom or European Economic Area (“EEA”), we shall ensure appropriate safeguards are implemented including:

  • UK International Data Transfer Agreements
  • EU Standard Contractual Clauses
  • Adequacy decisions
  • Other lawful transfer mechanisms recognised under GDPR

We take all reasonable steps to ensure transferred personal data receives an adequate level of protection.



12. DATA RETENTION

Personal data shall be retained only for as long as necessary for:

  • Contractual purposes
  • Legal and regulatory obligations
  • Tax and accounting requirements
  • Legitimate business interests
  • Dispute resolution and legal proceedings

Retention periods shall be determined according to:

  • Applicable laws
  • Regulatory guidance
  • Nature of the information
  • Operational requirements

Upon expiry of retention periods, data shall be securely deleted, anonymised, or destroyed.



13. DATA SECURITY

We implement appropriate technical and organisational security measures to protect personal data against:

  • Unauthorised access
  • Unlawful processing
  • Accidental loss
  • Destruction or damage
  • Disclosure
  • Cybersecurity threats

Security measures may include:

  • Encryption
  • Password protection
  • Secure servers and hosting
  • Firewall protection
  • Access controls
  • Staff confidentiality obligations
  • Security monitoring and incident response procedures

Despite reasonable efforts, no electronic transmission or storage method can be guaranteed completely secure.



14. DATA SUBJECT RIGHTS

Under UK GDPR and EU GDPR, individuals have the right to:

  • Access personal data
  • Correct inaccurate data
  • Request erasure (“right to be forgotten”)
  • Restrict processing
  • Object to processing
  • Data portability
  • Withdraw consent
  • Object to direct marketing
  • Request review of automated decisions

Requests may be submitted using the contact details provided in this Policy.

We reserve the right to request proof of identity before responding to any request.



15. AUTOMATED DECISION-MAKING

The Company does not carry out solely automated decision-making producing legal or similarly significant effects without meaningful human involvement.



16. DATA BREACHES

In the event of a personal data breach, the Company shall:

  • Investigate the incident promptly
  • Take remedial and mitigating action
  • Notify the relevant supervisory authority where legally required
  • Notify affected individuals where there is a high risk to rights and freedoms

17. THIRD-PARTY WEBSITES

Our website may contain links to third-party websites.

The Company accepts no responsibility for:

  • The privacy practices of third-party websites
  • External website content
  • Third-party security measures

Users access third-party websites at their own risk.



18. CHILDREN’S PRIVACY

Our services are not intended for individuals under the age of 18.

We do not knowingly collect personal data from children without lawful authority or parental consent where required by law.



19. REGULATORY COMPLAINTS

Individuals have the right to lodge a complaint with the relevant supervisory authority.

United Kingdom

Information Commissioner’s Office (ICO)
Website: https://ico.org.uk

European Union

Individuals may contact their local EU supervisory authority.

We encourage individuals to contact us first to allow us the opportunity to resolve concerns directly.



20. CHANGES TO THIS POLICY

We reserve the right to amend, modify, or update this Policy at any time to reflect:

  • Changes in law
  • Regulatory guidance
  • Operational requirements
  • Technological developments

Updated versions shall become effective immediately upon publication unless otherwise stated.



21. CONTACT DETAILS

For all privacy, compliance, or data protection matters, contact:

Woodborough Admin Services Ltd

Penman Way
Leicester
Leicestershire
LE19 1SY
United Kingdom

Email: admin@was-uk.com

Website: www.was-uk.com

Business Hours: Monday – Friday, 8:00am – 5:00pm

ICO Registration Number: ZC061312

*Disclaimer- Woodborough Admin Services Ltd (The Service Provider) may outsource payroll, HR, or administrative obligations to third- party providers, without affecting the Worker’s rights under any Agreement.


Registered with the ICO (UK). Registration Number:ZC061312.

Information provided is for general purposes only and does not constitute legal advice.