PRIVACY POLICY

Last updated: January 2026

This Privacy Policy explains how Wallis Shipping Services Ltd (“we”, “us”, “our”) collects, uses, discloses and protects personal data when you use our websites and interact with us, and sets out your rights under UK data‑protection law.


This Policy should be read together with our Cookie Policy, which explains how we use cookies and similar technologies and how you can manage your preferences.

 

1. WHO WE ARE AND HOW TO CONTACT US

  • Controller: Wallis Shipping Services Ltd
  • Registered address: Unit 19, Langham Barns, Langham, Colchester, CO4 5ZS
  • Contact email (privacy): info@wssl.co.uk
  • Data Protection Officer: We have not appointed a statutory DPO. You can contact us using the email above for any privacy matters.

We are the data controller for the processing described in this Policy. This satisfies the transparency duties under UK GDPR Articles 13/14. [gdpr-info.eu]

 

2. SCOPE - THE WEBSITERS AND SERVICES COVERED

This Policy applies to personal data collected through our websites operated under the wssl.co.uk domain and related group websites, and through business interactions (e.g., enquiries, quotations, account management, and service delivery).

 

3. THE PERSONAL DATA WE COLLECT

We collect:

  • Identity & contact data: name, job title, company, postal address, email address and telephone number.
  • Enquiry and quote data: information you submit via our Contact Us, Quote Request or similar forms, including shipment details, service requirements and any supporting information you choose to provide.
  • Business & account data: correspondence, meeting notes and information necessary to manage enquiries, quotations and customer relationships.
  • Technical & usage data: device identifiers, IP address, browser type and website interaction data, collected via cookies only where you have given consent.
  • Marketing and communication data: subscription details and preferences for email communications sent via MailerLite.
  • Records: communications we send or receive, including email correspondence and records of data‑protection requests or complaints.

We collect personal data directly from you when you submit online forms, contact us by email or telephone, subscribe to our communications, or otherwise interact with us.

 

4. WHY WE PROCESS PERSONAL DATA AND OUT LAWFUL BASIS

We only process personal data when we have a lawful basis and for specified purposes.

  1. Reply to enquiries; provide quotations; enter into contracts
    • Lawful basis: Contract (Article 6(1)(b)) where processing is needed pre‑contract or to perform a contract; or Legitimate interests (Article 6(1)(f)) in responding efficiently to B2B enquiries. [gdpr-info.eu]

  2. Handling enquiries and quote requests

When you complete a Contact Us form or Quote Request form, we will use the details you provide to:

o    Contact you regarding your enquiry or quotation request

o    Pass your enquiry to the relevant internal team

o    Prepare and issue a quotation or service proposal

Your information will be processed within our in‑house logistics and quotation software (Exportease) for the purpose of assessing requirements and producing accurate quotations.

Lawful basis: Contract (Article 6(1)(b)) – taking steps at your request prior to entering into a contract Legitimate interests (Article 6(1)(f)) – responding efficiently to business enquiries and managing logistics services

  1. Deliver logistics/freight services; manage customer accounts; invoicing; supplier management
    • Lawful basis: Contract (Article 6(1)(b)); Legal obligation (Article 6(1)(c)) for tax/accounting and compliance record‑keeping. [gdpr-info.eu]

  2. Email communications and marketing (MailerLite)
    • Where you choose to subscribe to our communications, or where permitted under applicable electronic marketing laws, we use MailerLite, an email marketing platform, to send:
    • Service updates
    • Business communications
    • Marketing or informational emails related to our logistics services

We use the personal data you provide (such as your name, company and email address) to manage subscriptions and send these communications.

You can unsubscribe at any time using the link included in every email or by contacting us directly

    • Lawful basis: Consent (Article 6(1)(a)) Soft opt‑in where permitted under PECR, for similar services to those you have previously enquired about

  1. Website operation and security (strictly necessary cookies)
    • Lawful basis: Legitimate interests (site integrity, security) and PECR exemptions for strictly necessary storage/access (no consent needed). [ico.org.uk]

  2. Website analytics (Google Analytics 4)
    • Lawful basis: Consent (Article 6(1)(a)); cookies set only after opt‑in (see Cookie Policy). Analytics are non‑essential under PECR and require prior consent unless an applicable exemption is introduced and in force. [ico.org.uk], [aesirx.io]

  3. Advertising measurement / remarketing (Google Ads)
    • Lawful basis: Consent (Article 6(1)(a)); marketing/advertising cookies set only after opt‑in under PECR. [ico.org.uk]

  4. Direct electronic marketing (email/SMS)
    • Lawful basis: Consent or (where permitted) the UK “soft‑opt‑in” equivalents under PECR for similar products/services; always with an unsubscribe option. [ico.org.uk]

  5. Handling data‑protection complaints and rights requests
    • Lawful basis: Legal obligation (UK GDPR / DPA 2018) and Legitimate interests in administering requests; acknowledges DUAA developments on internal complaint handling. [gov.uk], [mills-reeve.com]

We do not rely on consent where UK GDPR provides another lawful basis—and we do not use pre‑ticked boxes or implied consent. Consent is freely given, specific, informed and unambiguous, and can be withdrawn at any time. [ico.org.uk]

 

5. COOKIES, GOOGLE ANALYSTIC, AND GOOGLE ADS

We use cookies and similar technologies as described in our Cookie Policy. In summary:

  • Strictly necessary cookies run to operate our websites; no consent required under PECR.
  • Analytics (GA4): set only after consent; used to understand website usage and improve performance. Some data may be processed by Google LLC on servers outside the UK with appropriate safeguards (see Section 8).
  • Advertising (Google Ads): set only after consent; used for campaign measurement and, where enabled, interest‑based advertising by Google across sites/devices. You can refuse or withdraw consent at any time via our banner/preferences.

For details and controls, see our Cookie Policy (banner provides Accept / Reject / Manage with equal prominence and a link to change preferences later). These mechanics reflect ICO expectations for valid consent. [ico.org.uk], [smartsmsso...utions.com]

 

6. SHARING YOUR PERSONAL DATA (RECIPIENTS)

We may share personal data with:

  • Service providers / processors:  Exportease (our internal logistics and quotation software), MailerLite (our email communications platform), IT hosting, email, security, analytics, consent management, and professional advisers, under contracts that require data protection.
  • Logistics partners / subcontractors: where required to deliver the services you request (e.g., carriers, customs agents).
  • Authorities / regulators: where required by law.

We ensure appropriate contractual safeguards and limit sharing to what is necessary, consistent with UK GDPR transparency duties. [gdpr-info.eu]

We do not sell personal data.

 

7. HOW LONG WE KEEP YOUR DATA (RETENION)

We retain personal data only as long as needed for the purposes above, and then securely delete or anonymise it. Typical retention periods:

  • Enquiry and quotation data (including Exportease records): retained in line with business and compliance requirements, typically up to 6 years where related to contractual or accounting records
  • Customer/supplier records: current contract + 6 years (tax and accounting)
  • Email subscription data (MailerLite): retained until you unsubscribe or withdraw consent
  • Marketing preferences: until you withdraw consent or objecT
  • Cookie consent records / analytics logs: per tool‑specific durations and legal/accountability needs

Retention aligns with the right to be informed and accountability principles under UK GDPR. [ico.org.uk]

 

8. INTERNATIONAL TRANSFERS

Where we transfer personal data outside the UK (e.g., via Google Analytics/Ads or global service providers), we use appropriate safeguards such as the UK International Data Transfer Agreement (IDTA) or the UK Addendum to the EU Standard Contractual Clauses, and conduct transfer risk assessments where required. [ico.org.uk],

We only proceed with transfers where we are satisfied that individuals’ rights remain protected, following ICO guidance. [ico.org.uk]

 

9. SECURITY

We implement technical and organisational measures to protect personal data against unauthorised access, alteration, disclosure or loss. No online system is fully secure, but we work to industry‑standard practices and review controls regularly, consistent with UK GDPR’s accountability and integrity principles. [ico.org.uk]

 

10. CHILDREN'S DATA

Our websites and services are intended for business users. We do not knowingly collect personal data from children. If you believe a child has provided personal data, please contact us so we can take appropriate steps.

 

11. YOUR RIGHTS

Subject to certain conditions and exemptions, you have:

  • Right to be informed (this notice)
  • Right of access to your personal data (subject access / SAR)
  • Right to rectification
  • Right to erasure
  • Right to restrict processing
  • Right to data portability
  • Right to object (including to direct marketing)
  • Rights in relation to automated decision‑making/profiling

You can exercise these rights by contacting us (Section 1). We will respond within one month and free of charge, except where requests are manifestly unfounded or excessive; in such cases we may refuse or charge a reasonable fee, in line with ICO guidance. [ico.org.uk]

 

12. COMPLAINTS HANDLING (DUAA 2025)

We maintain an internal data‑protection complaints process. If you believe your rights have been infringed, please complain to us first so we can investigate and respond. We will:

  • Acknowledge your complaint within 30 days
  • Take appropriate steps without undue delay
  • Keep you informed of progress and provide an outcome

This reflects new statutory requirements introduced by the Data (Use and Access) Act 2025 (to be phased in by secondary legislation) and emerging ICO guidance. [mills-reeve.com], [kennedyslaw.com], [gov.uk]

If you remain dissatisfied, you can raise your complaint with the ICO via its website. [ico.org.uk]

 

13. DIRECT MARKETING AND PECR

We comply with PECR for electronic marketing. We will only send you electronic marketing (email/SMS) where you have consented or (where permitted) under applicable soft‑opt‑in rules for similar products/services, and you can unsubscribe at any time. [ico.org.uk]

 

14. THIRD-PARTY WEBSITES

Our websites may contain links to third‑party sites. Those sites have their own privacy notices and we are not responsible for their content or practices.

 

15. UPDATES TO THIS POLICY

We may update this Policy to reflect changes in law, guidance or our practices. Any updates will be posted here and become effective on publication. We encourage you to review it periodically.

 

16. HOW TO CONTACT US

For questions, rights requests or complaints, contact:

Wallis Shipping Services Ltd
Unit 19, Langham Barns, Langham, Colchester, CO4 5ZS
Email: info@wssl.co.uk

You can also contact the Information Commissioner’s Office (ICO) if you are unhappy with how we have handled your data. [ico.org.uk]

 

Cookies Consent
This site uses cookies