Subject Access ("we", "us", "our") respects your privacy and is committed to protecting your personal data. This privacy policy explains how we collect, use, and protect personal data when you visit subjectaccess.com, in accordance with the UK GDPR and EU GDPR where applicable.

This policy applies to all visitors to our website.

You can contact the data controller using the contact form available at: https://subjectaccess.com/contact

We may collect and process the following data:

• Technical data, including:
  • IP address
  • Browser type and version
  • Operating system
  • Referring URLs
  • Date and time of access


• Usage data, such as:
  • Pages visited
  • Interaction patterns


• Information you voluntarily provide, for example via contact forms or email communications (if applicable)

We do not intentionally collect special category data (such as health, biometric, or political information).

We process personal data under the following legal bases:

• Legitimate interests – to operate, secure, and improve our website
• Consent – where required, such as for non-essential cookies or analytics
• Legal obligations – where applicable

We use collected data to:

• Operate and maintain the website
• Monitor and improve website performance and security
• Analyse usage patterns to improve user experience
• Respond to enquiries or communications

We do not sell personal data.

We use cookies and similar technologies.

• Essential cookies are necessary for the website to function
• Non-essential cookies (such as analytics) are used only with your consent

You can manage or withdraw cookie consent at any time via your browser settings or our cookie banner.

We may use third-party service providers (such as hosting, analytics, or security services) who process data on our behalf under contractual obligations.

These providers only process data in accordance with our instructions and applicable data protection laws.

If any third-party services transfer data outside the UK or EU, we ensure appropriate safeguards are in place (such as adequacy decisions or standard contractual clauses).

We retain personal data only for as long as necessary for the purposes described in this policy, or as required by law.

Log and analytics data is typically retained for a limited period for security and performance analysis.

Under GDPR, you have the right to:

• Request access to your personal data
• Request correction of inaccurate data
• Request deletion of your data
• Restrict or object to processing
• Request data portability
• Withdraw consent at any time
• Lodge a complaint with a supervisory authority

To exercise these rights, contact us at: https://subjectaccess.com/contact

If you are in the UK, you may also complain to the Information Commissioner's Office (ICO).

We implement appropriate technical and organisational measures to protect personal data against unauthorised access, loss, or misuse.

We may update this privacy policy from time to time. The latest version will always be available on this page.