Privacy & Data Protection Policy

    Jawwws Ltd — Effective Date: 1 February 2026

    Jawwws Ltd ("we", "our", "us") is committed to protecting and respecting your privacy. This policy explains how we collect, use, store and protect personal data when you visit our website or engage our services.

    1. Who We Are

    Jawwws Ltd is a company registered in England and Wales.

    For the purposes of UK data protection law, Jawwws Ltd acts as:

    • A Data Controller in relation to website visitors, enquiries, and marketing communications.
    • A Data Processor where we process personal data on behalf of clients during consultancy engagements.

    Privacy enquiries can be directed to: hello@jawwws.com

    2. What Personal Data We Collect

    Website Enquiries & Subscriptions

    We may collect:

    • Name
    • Email address
    • Company name
    • Telephone number
    • Information submitted via contact forms
    • Newsletter subscription details

    Technical & Usage Data

    When you visit our website, we may collect:

    • IP address
    • Browser type and version
    • Device information
    • Pages visited
    • Referring URL
    • Interaction data

    Client Engagement Data

    Where we provide consultancy services, we may process personal data on behalf of clients. In such cases:

    • The client remains the Data Controller.
    • Jawwws Ltd acts as Data Processor.
    • Processing is governed by contract and, where appropriate, a Data Processing Agreement (DPA).

    3. How We Use Personal Data

    We process personal data to:

    • Respond to enquiries
    • Deliver consultancy services
    • Manage client relationships
    • Send marketing communications (where consent is provided)
    • Improve website performance
    • Comply with legal obligations

    We do not sell personal data.

    4. Lawful Basis for Processing

    We rely on:

    • Consent – for newsletters and optional communications
    • Legitimate Interests – responding to B2B enquiries and improving services
    • Contractual Necessity – delivering agreed services
    • Legal Obligation – regulatory compliance

    5. Data Retention

    We retain personal data only for as long as necessary:

    • Enquiry data: up to 24 months
    • Client contractual data: in line with statutory obligations
    • Marketing data: until consent is withdrawn

    6. Data Security

    We implement appropriate security measures including:

    • Secure hosting infrastructure
    • Encrypted data transmission (HTTPS)
    • Role-based access controls
    • Controlled third-party integrations

    7. Third-Party Processors

    We may use trusted providers including:

    • Hosting providers
    • Email marketing platforms
    • CRM systems
    • Backend and database services
    • Google reCAPTCHA (spam protection)
    • Analytics providers

    Where personal data is transferred outside the UK, appropriate safeguards such as Standard Contractual Clauses are implemented.

    8. International Transfers

    Where personal data is transferred outside the UK, we ensure adequate protection in accordance with UK GDPR.

    9. Your Rights

    Under UK GDPR, you have the right to:

    • Access your data
    • Rectify inaccurate data
    • Request erasure
    • Restrict processing
    • Object to processing
    • Request data portability
    • Withdraw consent at any time

    You may also lodge a complaint with the UK Information Commissioner's Office (ICO): www.ico.org.uk

    10. Data Breach Procedure

    In the event of a data breach, we will:

    • Investigate promptly
    • Notify affected clients where required
    • Support regulatory reporting obligations

    11. Changes to This Policy

    We may update this policy periodically. The latest version will always be published on this page.