GET A QUOTE

Privacy Policy

Issued by: Westshore Group Limited (Globally Award-Winning Company)
 Trading As: Westshore VA Services
 Registered Office: 128 City Road, London, EC1V 2NX, United Kingdom
 Effective Date: 24 August 2025
 Last Updated: 24 August 2025

At Westshore VA Services, we take your privacy and data protection seriously. As a subsidiary of Westshore Group Limited, a globally award-winning company, we are committed to safeguarding the personal information of all clients, both within the UK and internationally.

1. Introduction

1.1 This Privacy Policy explains how Westshore VA Services (“we”, “our”, or “us”) collects, uses, stores, and protects your personal data.

1.2 It applies to:

  • Clients and prospective clients.

  • Visitors to our websites.

  • Third parties interacting with our services (e.g., vendors, suppliers, travel partners).

1.3 This policy is designed to comply with:

  • UK GDPR (General Data Protection Regulation).

  • Data Protection Act 2018.

  • International privacy laws where applicable.

2. Data Controller & Contact Details

  • Data Controller: Westshore Group Limited

  • Trading Name: Westshore VA Services

  • Registered Office: 128 City Road, London, EC1V 2NX, United Kingdom

  • Data Protection Contact: privacy@westshoregroup.co.uk

If you have any questions or requests regarding this policy, please contact us using the details above.

3. What Data We Collect

We may collect the following types of personal and business information:

3.1 Client Identification Data
  • Full name

  • Date of birth

  • Residential address

  • Contact numbers

  • Email addresses

  • AML documentation (photo ID, proof of address)

3.2 Business & Corporate Data
  • Company name and registration details

  • Director information (AML compliance)

  • Business addresses

  • VAT or tax identification numbers

3.3 Financial Information
  • Payment details for packages and services (stored securely through approved payment gateways such as GoCardless).

  • Records of transactions, invoices, and AML checks.

Note: Westshore VA Services never stores raw card information directly. All sensitive data is handled via encrypted third-party systems.

3.4 Service-Related Data
  • Task instructions and communications.

  • Documentation provided for specific services (e.g., property details, travel itineraries).

  • Third-party authorisations (e.g., solicitors, accountants, government agencies).

3.5 Website & Technical Data
  • IP address, browser type, and device information for website optimisation and security.

  • Cookies and tracking data (see separate Cookie Policy).

4. How We Use Your Data

We use the information we collect for the following purposes:

  • To provide our virtual assistant and lifestyle management services.

  • To verify client identity and comply with AML legal obligations.

  • To manage bookings, payments, and communications.

  • To track service usage and package hours (managed internally by Westshore VA Services staff).

  • To liaise with third parties under a signed Authority to Act agreement.

  • To comply with UK law and regulatory reporting requirements.

  • To improve our services and client experience.

5. Secure Handling of Sensitive Data

5.1 Passwords & Credentials
  • All sensitive access information, including passwords, must be provided exclusively via Westshore VA Services’ encrypted, secure password wallet system.

  • Passwords must never be sent via:

    • Email

    • WhatsApp or other messaging apps

    • SMS

    • Phone calls or verbal communication

Any breach of this rule will result in immediate termination of services without refund.

5.2 Encryption & Security Measures

We use advanced encryption and strict internal protocols to ensure the protection of all client data, including:

  • Encrypted cloud storage for documents and records.

  • Role-based access control (only senior staff and Directors can access sensitive files).

  • Regular staff training on data security and compliance.

  • Routine security audits.

6. Legal Basis for Processing Data

Under UK GDPR, we rely on the following lawful bases to process personal data:

  • Contractual Necessity – to deliver the services you have purchased.

  • Legal Obligation – to comply with AML and regulatory requirements.

  • Legitimate Interests – to improve services, prevent fraud, and ensure operational efficiency.

  • Consent – for marketing communications (clients may opt-out at any time).

7. Sharing Your Data

We only share your data with third parties when necessary and in strict compliance with GDPR.

Examples include:

  • Solicitors, accountants, or government agencies listed on your Authority to Act form.

  • Travel booking providers (e.g., Westshore Escapes).

  • AML verification services for compliance checks.

  • Payment processors such as GoCardless.

We never sell or rent client data to third parties.

8. International Data Transfers

  • For international clients, we ensure that data transfers comply with UK GDPR and international privacy standards.

  • Where data is processed outside the UK, we use appropriate safeguards such as Standard Contractual Clauses (SCCs).

9. Data Retention

We retain client data only as long as necessary for the following purposes:

Type of Data

Retention Period

AML & compliance documents

5 years (minimum legal requirement)

Financial records & invoices

7 years (for UK tax compliance)

Service-related communications

Duration of contract + 2 years

Passwords & credentials

Deleted immediately upon contract end

After these periods, data is securely destroyed.

10. Client Rights Under UK GDPR

As a client, you have the following rights:

  • Access: Request a copy of the personal data we hold about you.

  • Rectification: Request corrections to inaccurate data.

  • Erasure: Request deletion of data when legally permissible.

  • Restriction: Request limited processing of your data.

  • Data Portability: Receive your data in a machine-readable format.

  • Objection: Opt-out of certain data processing activities, including marketing.

To exercise these rights, please contact our Data Protection Officer at privacy@westshoregroup.co.uk.

11. Client Responsibilities

Clients must:

  • Provide accurate and up-to-date personal and business information.

  • Notify Westshore VA Services of any changes to contact details or corporate structures.

  • Ensure compliance with password sharing rules by only using the encrypted secure wallet system.

  • Understand that failure to follow these protocols may result in service suspension or termination.

12. Data Breach Procedure

  • In the event of a data breach, we will notify affected clients within 72 hours as required by UK GDPR.

  • We will take immediate action to secure data and mitigate any risks.

13. Cookies & Tracking

Westshore VA Services uses cookies to enhance website performance and user experience.
 Full details are provided in our Cookie Policy.

14. Changes to This Privacy Policy

  • We may update this policy periodically to reflect legal, operational, or technological changes.

  • The “Last Updated” date will always be displayed at the top of this document.

  • Clients will be notified of material changes via email.

15. Governing Law

This Privacy Policy is governed by the laws of England and Wales, and any disputes will be subject to the exclusive jurisdiction of the UK courts.

Summary of Key Points

  • Westshore VA Services complies fully with UK GDPR.

  • Passwords must only be shared through our encrypted secure wallet.

  • AML and compliance data is retained for 5 years minimum.

  • Clients have clear rights to access, correction, and deletion of their data.

  • International data transfers are protected through legal safeguards.

This Privacy Policy is issued under the authority of Westshore Group Limited, the globally award-winning parent company of Westshore VA Services, Westshore Escapes, Westshore Property Care, and future subsidiaries. All companies under the Group adhere to this policy to maintain exceptional standards of compliance and client trust.