Who We Are
CorePrivacy Ltd (“we”, “our”, “us”) provides outsourced Data Subject Access Request (DSAR) management and privacy support services. We are committed to protecting the privacy and security of the personal data we process.

Depending on the service we provide, we act as either:

• Data Controller:when we collect personal data directly from you (e.g., enquiries, website sign-ups).
• Data Processor:when we process personal data on behalf of our clients as part of DSAR management services.

Data We Collect
We may collect and process the following types of personal data:

• Contact information:name, email address, phone number, job title, and organisation.
• Organisation data:company name, business contact details, and role-specific information.
• DSAR-related information:personal data provided by data subjects when we are assisting clients.
• Website usage information:IP address, browser type, pages visited, and other analytics collected through cookies.

How We Use Your Data
We use personal data to:

• Provide our DSAR management and privacy support services.
• Communicate with clients, potential clients, and suppliers.
• Respond to enquiries, complaints, or requests for information.
• Improve our services and website.
• Comply with legal obligations, including data protection requirements.

Legal Basis for Processing
We process personal data based on one or more of the following legal bases:

• To perform a contract with you or your organisation.
• To comply with legal obligations.
• To pursue our legitimate interests, such as providing services and improving our business, provided this does not override your rights and freedoms.
• With your consent where applicable.

How We Share Your Data
We do not sell or rent your personal data. We may share personal data:

• With our service providers who assist us in delivering our services (e.g., IT or cloud service providers).
• When required by law or to protect our legal rights.
• With clients in connection with the provision of DSAR management services, strictly as necessary for the service.

Data Retention
We retain personal data only as long as necessary to provide our services, comply with legal obligations, resolve disputes, and enforce our agreements. Specific retention periods may vary depending on the type of data and legal requirements.

Your Rights
Under the UK GDPR, you have the right to:

• Access your personal data.
• Request correction of inaccurate data.
• Request deletion of your data.
• Restrict or object to processing.
• Withdraw consent where processing is based on consent.
• Lodge a complaint with theInformation Commissioner’s Office (ICO) if you believe your data has been mishandled.

Data Security
We implement appropriate technical and organisational measures to protect personal data from unauthorised access, disclosure, alteration, or destruction.

Cookies
Our website uses cookies to improve user experience and analyse website traffic. You can manage or disable cookies through your browser settings.

Contact Us
If you have questions about this privacy notice or our data processing practices, you can contact us at:

CorePrivacy Ltd
Email: info@coreprivacy.co.uk
Address: 3rd Floor, 86-90 Paul Street, London, England

Updates to this Notice
We may update this privacy notice from time to time. The latest version will always be available on our website, with the date of the last revision clearly indicated.

Last Updated: 9th February 2026