Privacy Statement

Thanks for visiting!

Like you, we believe personal integrity is important and we support your privacy rights.

We want to ensure that we always process your personal data in accordance with legal requirements and your reasonable expectation that we will uphold your rights and observe the data protection principles.

This Privacy Statement is relevant for any natural person sharing their personal data directly or indirectly with Allstrat Limited (trading as Responsible Data Use) when visiting our website, interacting with us face-to-face or using our services at

(were you looking for our Privacy Policy? Our approach to data protection and privacy is that the purpose of our privacy policy is to describe how we go about processing personal data. It is used to guide our internal behaviour and to clarify for employees and contractors what their responsibilities are with regard to personal data and how we will hold them accountable. As such our Privacy Policy is a confidential internal document.

For the purpose of communicating our approach to data protection and privacy to our external stakeholders we use this privacy statement.)

Allstrat Limited is a company established in the UK and as such, we adhere to the UK GDPR which sits alongside the Data Protection Act 2018 and the Privacy and Electronic Communications Regulations 2003 (PECR). Our address is Suite 316, Castle House, 1 Baker Street, Stirling, FK8 1AL.

Allstrat Ltd is registered as a data controller with the ICO in the UK - ZA317070.

With regard to data protection matters, we are happy to receive your questions or concerns by email to: or by letter to: Data Privacy, Allstrat Ltd, Suite 316, 1 Baker Street, Stirling, FK8 1AL.

In this Privacy Statement, we explain what types of personal data we process and for what purposes. We also explain the choices you have in relation to our processing and how you can learn more about our processing and exercise your rights.

Who this statement is for

Please note that this Privacy Policy concerns the processing of personal data for which Allstrat is the data controller, i.e. where Allstrat has decided the purposes and means of the processing.

For the avoidance of doubt, this Privacy Statement does not concern any processing of personal data that Allstrat may conduct as a data processor as a result of your use of our services.

The personal data we process

Personal data refers to data that can be related to you as a natural person. We process the following types of personal data related to you:

  • Contact details such as name, e-mail address and phone number.

  • User information if you use our services, e.g. if you log in to an Allstrat online account.  Such information may include IP address, device and browser type and also information about how you interact with our services, e.g. which features are used and which buttons are clicked.

  • Other information we receive from you through your contacts with us.  This will include your responses to questionnaires and assessments.Information used when you schedule a call or online meeting using the calendar system or engage in a coaching session on the website.

  • Information used when you pay for products and services on an invoice basis.  Usually payments are handled online using a secure payment card handler for this purpose.  We use Stripe and Paypal for this purpose and they are data controllers for their payment services.

Why we process your personal data (purposes)

We process personal data for the following general purposes:

  • To provide our services in accordance with relevant terms and conditions.

  • Administration of the business relationship with you.

  • To develop and improve our services.

  • To provide you as a current or potential Allstrat/Responsible Data Use customer information and offers about our services, and also from selected third parties.

  • To market and promote our services.

  • To comply with legislation.

A privacy notice is provided at each point where we collect personal data which is specific to and contains clear information about that purpose of processing.

Sharing data and transfers to 3rd countries

Where personal data is shared with a service provider in a 3rd country, the sharing activity is governed by "Standard Contractual Clauses" (SCCs) in a data sharing agreement between Allstrat Ltd as the data controller (exporter) and the service provider as a data processor (importer).

In such circumstances a Transfer Risk Assessment (TRA) will be completed.

Where personal data is transferred to a service provider headquartered in the USA you should be aware that the law in the USA allows for government agencies to enforce access to information of non-US citizens for certain purposes. Where a purpose of processing involves the use of such a service provider, the privacy notice will provide you with information about this and your options.

Information security practices

We take appropriate administrative, physical, and technical measures (collectively “Security Measures”) to protect your personal information from loss, misuse, unauthorised access or disclosure, alteration and destruction.

We follow generally accepted standards when implementing and maintaining such Security Measures, including, but not limited to, TLS/SSL for data encryption in transit, encryption of data at rest, limiting unnecessary access, using encryption, monitoring for unauthorised access attempts, and mitigating activities by bad actors.

These Security Measures are periodically reviewed and, if necessary, updated to ensure they meet current and generally accepted best practices.

Furthermore, only authorised personnel have access to personally identifiable information on a need to know basis.

We also take measures to ensure service providers that process personal data on our behalf also have appropriate security controls in place.

We use an internal Privacy Policy to clarify and enforce information security behaviour for our staff and contractors.

How long we keep your data

We keep a data retention schedule as part of the documentation of our purposes of processing. The exact retention period depends on the purpose of processing. This information will always be provided to you using a privacy notice at the time we initially collect personal data from you.

Your rights

The General Data Protection Regulation (UK GDPR) and Data Protection Act 2018 gives you rights over your personal data.

Here is a brief statement to inform you of those rights and our obligations to uphold them.

  • You have the right to be informed about how your personal data is, or will be, processed.

  • You have the right of access to your personal data.

  • You have the right to rectify any errors contained in your personal data.

  • You have the right to ask for your personal data to be erased from our records.

  • You have the right to restrict processing of your personal data. You have the right to data portability.

  • You have the right to have your personal data provided to you in a "portable" machine-readable format.

  • You have the right to object to any aspect of our processing of your personal data.

  • You have rights regarding the use of automated decision-making.

You can enforce your rights by issuing us with a Subject Access Request (SAR). You can make your SAR by completing the form on this page:

Data protection principles

Your personal data shall be collected and processed:

  • Lawfully, fairly and in a transparent manner.

  • Collected for specified, explicit and legitimate purposes and not processed in a manner that is incompatible with those purposes.

  • Adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed (data minimisation).

  • Accurate and kept up to date.

  • Kept in a form which permits identification of data subjects for no longer than is necessary.

  • Kept in a manner that ensures appropriate security and integrity of the personal data.

  • It is our obligation to be accountable for the data processing carried out under our control.

How to complain

It is our obligation to only process personal that is accurate, relevant, necessary taking into account our legitimate purposes, and you have the right to control that we do so.

You can find out more about your rights by visiting the website for the UK Information Commissioner’s Office at

To update personal data that we process about you, please get in touch with us through

To receive a free of charge excerpt of personal data that we process about you, please use the Subject Access Request (SAR) form on the website or send us a physical, signed letter to Data Privacy, Allstrat Ltd, Suite 316, Castle House, 1 Baker Street, Stirling, FK8 1AL.

(note that in all cases we must first take steps to verify your identity)

When this statement was last updated

Monday 15th May 2023