Privacy Policy

1. Introduction and Data Controller

**DSAR Helper** is committed to protecting the privacy and security of your personal data. This policy explains how we collect, use, and protect the personal data of our customers, in compliance with the **UK General Data Protection Regulation (UK GDPR)** and the Data Protection Act 2018.

For the purpose of the UK GDPR, the Data Controller is **[Company Name Placeholder]**, registered in England and Wales under company number **[Company Reg Number]**.

Our contact for data protection issues is:

**Email:** support@dsarhelper.com

2. What Data Do We Collect?

We only collect data that is strictly necessary for providing and securing the DSAR Helper service.

A. Customer Account Data

• **Identity and Contact Data:** Name, business email address, and company name.
• **Financial Data:** Billing address, subscription details, and transaction history (payment processing is handled securely by Stripe).

B. Service Usage Data

We track technical usage data related to how you interact with our service (e.g., login times, features used, IP address for security), which helps us troubleshoot and improve the platform.

C. DSAR Content (CRITICAL Distinction)

DSAR Helper is a data processor regarding the DSAR content you input.

When you input data subject information and associated records into DSAR Helper, **you remain the Data Controller** for that data. We only process this data on your behalf, strictly to provide the DSAR management and PDF generation service as per our Terms of Use. We will never access, share, or use this content for any purpose other than providing the Service.

3. The Legal Basis for Processing (GDPR)

Under UK GDPR, we must have a lawful basis for processing your personal data. We rely on the following:

• **Contract:** Processing is necessary to fulfill the services you have subscribed to (e.g., creating and managing your DSAR Helper account).
• **Legal Obligation:** Processing is necessary to comply with legal requirements (e.g., tax, financial reporting).
• **Legitimate Interests:** Processing is necessary for our legitimate interests (or those of a third party), provided your interests and fundamental rights do not override those interests. This includes security, fraud detection, and continuous service improvement.

4. Sharing Your Data

We only share your personal data with the following third parties who help us provide our Service:

• **Stripe:** For secure payment processing and subscription management. We do not store your full card details.
• **Firebase/Cloud Hosting:** For secure hosting and database services (where our application data, including DSAR content, is stored).

We require all third parties to respect the security of your personal data and to treat it in accordance with the law.

5. Your UK GDPR Rights

As a data subject, you have rights under the UK GDPR in relation to your own Customer Account Data (but not the DSAR content you input, for which your end-user is the data subject). These rights include:

• The right to be informed.
• The right of access to your data.
• The right to rectification if your data is inaccurate.
• The right to erasure ("right to be forgotten").
• The right to restrict processing.
• The right to data portability.
• The right to object to processing.
• Rights in relation to automated decision-making and profiling.

If you wish to exercise any of these rights, please contact us at support@dsarhelper.com.

Complaints to the ICO

You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk).