DataStation Privacy & Cookie Policy

Last updated: July 2026

1. Who we are

DataStation Limited (“DataStation”, “we”, “us” or “our”) is a UKbased provider of cloudhosted softwareasaservice (SaaS) solutions.

Company details
DataStation Limited
Registered in England and Wales (Company No. 05050170)
Registered Address: Office 117, The EpiCentre, Enterprise Way, Haverhill, Suffolk, CB9 7LR, United Kingdom

For the purposes of UK data protection law, DataStation acts as:

  • a data controllerin relation to personal data processed for its own business purposes; and
  • a data processorwhere it processes personal data on behalf of customers under a subscription agreement.

2. This privacy notice

This notice explains how we collect, use, store and protect personal data when you:

  • visit our website;
  • use our SaaS platform;
  • contact us; or
  • act as an authorised user, customer contact, supplier or business contact.

This notice is provided in accordance with the UK General Data Protection Regulation (“UK GDPR”), the Data Protection Act 2018, and the Data (Use and Access) Act 2025.

Where applicable, this notice also reflects our obligations under:

  • the EU General Data Protection Regulation (EU GDPR);
  • the Australian Privacy Principles under the Privacy Act 1988; and
  • Canadian privacy laws including PIPEDA, in relation to international customers and data processing activities

3. Personal data we collect

Depending on your relationship with DataStation, and whether you are accessing our website or our platform, we may process the following categories of personal data:

  • Name, job title and organisation
  • Business contact details (email address, telephone number)
  • Demographic information, such as postcode, preferences and interests
  • Other information pertaining to special offers and surveys
  • User account and access credentials
  • System usage, audit and access logs
  • Support requests and incident records
  • Communications with us
  • Billing and contractual details
  • Technical data such as IP address, device and browser information

We do not intentionally collect special category data unless this results from a customer’s configured use of the platform.

4. How we use personal data

We use personal data to:

  • Communicate with customers, users and business contacts
  • To send service updates, product information, event invitations and marketing communications where we have an appropriate legal basis to do so.
  • To contact you for market research.
  • Provide, operate and support the DataStation SaaS platform
  • Manage user access and authentication
  • Deliver customer support and incident management services
  • Monitor platform security, performance and availability
  • Manage contracts, billing and business administration
  • Comply with legal and regulatory obligations
  • Improve, maintain and develop our services

5. Lawful bases for processing

We process personal data under one or more of the following lawful bases:

a) Contract

Where processing is necessary to perform a contract with you or the organisation you represent.

b) Legal obligation

Where processing is required to comply with applicable laws and regulations.

c) Legitimate interests

Where processing is necessary for our legitimate business interests, including:

  • ensuring the security, integrity and resilience of our systems;
  • preventing fraud and misuse of our services;
  • service monitoring, continuity and improvement.

Where permitted, we rely on recognised legitimate interests introduced by the Data (Use and Access) Act 2025, including cybersecurity and safeguarding activities. We ensure that such processing does not override the rights and freedoms of individuals.

Marketing Communications
Where required by law, we will obtain your consent before sending electronic marketing communications. Where permitted under applicable laws, including the Privacy and Electronic Communications Regulations (PECR), we may rely on our legitimate interests to communicate with existing customers and business contacts about relevant products, services, updates and industry information. You may opt out of marketing communications at any time by using the unsubscribe link included in our emails or by contacting us directly.

5(d) Consent

We rely on consent where required by law, including for certain categories of electronic marketing and non-essential cookies. Individuals may withdraw consent at any time without affecting the lawfulness of processing carried out before consent was withdrawn.

6. Automated processing

DataStation uses automated processes within its systems to support service operation, such as:

  • routing and prioritising support tickets;
  • generating reports;
  • enforcing access controls.

These activities do not produce legal or similarly significant effects on individuals without meaningful human oversight.

7. Cookies and analytics

What is a cookie?

A cookie is a small file placed on your computer’s hard drive. It enables our website to identify your computer as you view different pages on our website.

Cookies allow websites and applications to store your preferences in order to present content, options or functions that are specific to you. They also enable us to see information like how many people use the website and what pages they tend to visit.

We use cookies and similar technologies to:

  • enable essential website functionality;
  • improve performance and user experience;
  • collect aggregated analytics information. Aggregated usage data helps us improve the website structure, design, content and functions.
  • identify whether you are signed in to our website. A cookie allows us to check whether you are signed in to the site.
  • test content on our website.
  • store information about your preferences. The website can then present you with information you will find more relevant and interesting.
  • to recognise when you return to our website. We may show your relevant content, or provide functionality you used previously.

Certain analytics and functionality cookies may be set without consent where permitted under the Privacy and Electronic Communications Regulations, as amended by the Data (Use and Access) Act 2025.

Controlling cookies

You can use your web browser’s cookie settings to determine how our website uses cookies. If you do not want our website to store cookies on your computer or device, you should set your web browser to refuse cookies.

However, please note that doing this may affect how our website functions. Some pages and services may become unavailable to you.

Unless you have changed your browser to refuse cookies, our website will issue cookies when you visit it.

8. Sharing personal data

We may share personal data with:

  • trusted third-party service providers, including cloud hosting providers, infrastructure providers, customer support tools and payment processors, who act as our processors and only process personal data on our documented instructions;
  • professional advisers, such as legal, financial or audit providers;
  • public authorities and regulators, where required by law or to protect our legal rights.

Where we act as a data processor, we only share personal data in accordance with our customer’s instructions and the applicable data processing agreement.

All third parties are contractually required to:

  • process personal data only for specified purposes;
  • implement appropriate technical and organisational security measures; and
  • comply with applicable data protection laws.

9. International data transfers

DataStation operates a geographically structured hosting model:

  • Personal data relating to UK, European Economic Area (EEA) and Australian customersis hosted on secure servers located in the United Kingdom.
  • Personal data relating to specific Canadian customersis hosted on secure servers located in Canada.

Where personal data is transferred internationally, we ensure that appropriate safeguards are in place, including:

  • reliance on UK adequacy regulationswhere applicable (for example, transfers from the UK to the EEA);
  • use of approved standard contractual clauses (SCCs)or equivalent contractual mechanisms where required;
  • implementation of technical and organisational security measuresto protect personal data in transit and at rest;
  • assessment that the level of protection is not materially lower than UK standards, in accordance with the Data (Use and Access) Act 2025.

For customers subject to the EU General Data Protection Regulation (EU GDPR), transfers are supported by:

  • the UK’s adequacy status under EU law; or
  • appropriate safeguards such as Standard Contractual Clauses where required.

For customers subject to Canadian privacy laws, including the Personal Information Protection and Electronic Documents Act (PIPEDA), personal data is stored within Canada where applicable, and any cross-border processing is subject to contractual and security safeguards.

Customer data is not routinely transferred between hosting regions except where required for support, legal obligations, disaster recovery, or customer-requested services. We provide further details on international transfers on request.

10. Data processing on behalf of customers

Where DataStation acts as a data processor, we process personal data strictly in accordance with the instructions of our customers and the terms of our data processing agreements.

Customers are responsible for ensuring that they have a lawful basis for processing personal data and for providing appropriate privacy information to data subjects.

DataStation implements appropriate technical and organisational measures to ensure a level of security appropriate to the risk, including:

  • access controls and authentication;
  • encryption and secure data transmission;
  • system monitoring and audit logging;
  • incident detection and response procedures.

11. Data retention

We retain personal data only for as long as necessary for the purposes for which it was collected, including to meet legal, contractual and operational requirements. Retention periods vary depending on the nature of the data and the relevant relationship.

12. Your data protection rights

You have rights under UK data protection law, including the right to:

  • access your personal data;
  • request correction of inaccurate data;
  • request erasure in certain circumstances;
  • restrict or object to processing;
  • request data portability;
  • lodge a complaint with the UK data protection authority.

When responding to data subject access requests, we apply a reasonable and proportionate search approach as provided for by the Data (Use and Access) Act 2025.

13. Links from our site

Our website may contain links to other websites.

Please note that we have no control of websites outside our domain. If you provide information to a website to which we link, we are not responsible for its protection and privacy.

Always be wary when submitting data to websites. Read the site’s data protection and privacy policies fully.

14. How to contact us

If you have any questions about this privacy notice or how we process personal data, please contact:

Email: Support@datastation.co.uk
Post: DataStation Limited, Rubine House, Manor Road, Haverhill, Suffolk, CB9 0EP

You also have the right to complain to the Information Commissioner’s Office (ICO) or your local supervisory authority if you are dissatisfied with how we handle your personal data.

15. Changes to this notice

We may update this privacy notice from time to time. The most current version will always be available through our website or on request.