Privacy Statement

1. Data Controller and Contact Information

For the purposes of the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018, Document Network Services Limited acts as the data controller.

You may contact us regarding your personal data by emailing our Data Protection Contact at gdpr@dnslimited.co.uk.

This statement was last reviewed in May 2026 and will be reviewed regularly to reflect changes in legislation, internal processes, or best practices. Updates will be posted on this page.

2. How Do We Collect Data?

We gather data through various interactions, including:

Direct interactions
Face-to-face meetings, phone or video calls, email exchanges, letters, and other written communications, including when we receive a business card.

Contractual agreements
When you enter into a contract with us for products, services, or finance-related agreements.

Website submissions
When you complete forms on our website, such as subscribing to newsletters, responding to surveys, submitting enquiries, or engaging with live chat features.

Digital engagement
When you interact with our digital channels, including email communications and platforms such as LinkedIn.

Cookies
Please see section 9 for further information on our use of cookies and similar technologies.

3. Processing of Personal Data

We collect and process personal information only as necessary to support our services, fulfil legal obligations, and maintain security.

Types of data we may collect include:

• Contact and identification information
  Name, address, email address, and telephone number.

• Transaction information
  Payment details and records of transactions with us.

• Communication preferences
  Your preferences regarding how you wish to be contacted.

• Usage information
  Information about your use of our website, including traffic and browsing data.

• Call recordings
  Calls may be recorded for training, monitoring, and quality assurance purposes. Where calls are recorded, you will be informed at the time of the call.

Where personal data is transferred outside the UK, we ensure appropriate safeguards are in place in accordance with UK GDPR. These include adequacy decisions, the UK International Data Transfer Agreement (IDTA), or Standard Contractual Clauses (SCCs).

4. How Do We Use Your Information?

 We process personal data under one or more lawful bases, depending on the purpose of processing

• Relationship management, including responding to enquiries and maintaining communication records
  Types of data used: Contact and interaction data
  Lawful basis: Legitimate interests (managing business relationships)

• Providing products and services
  Types of data used: Contact and transaction data
  Lawful basis: Performance of contract

• Managing payments, billing and accounts
  Types of data used: Contact and financial data
  Lawful basis: Performance of contract and legal obligation

• Improving our website, services and customer experience
  Types of data used: Usage data
  Lawful basis: Legitimate interests (service improvement)

• Requesting feedback and reviews
  Types of data used: Contact and interaction data
  Lawful basis: Legitimate interests (service improvement)

• Sending marketing communications and updates
  Types of data used: Contact data
  Lawful basis: Consent (for new contacts where required) and legitimate interests (for existing customers, in line with PECR)

• Complying with legal or regulatory requirements
  Types of data used: Relevant personal data
  Lawful basis: Legal obligation

Where we rely on legitimate interests, we ensure these are balanced against your rights and freedoms. We may carry out legitimate interest assessments (LIAs) where appropriate to ensure processing is fair, proportionate, and does not override your rights.

5. Data Sharing and Third-Party Transfers

 Your data may be shared with:

• Third-party service providers and professional advisers, including IT providers, finance partners, leasing providers, accountants, and legal advisers, who process data on our behalf under appropriate contractual safeguards.

• Regulatory or law enforcement authorities where required by law or to protect our legal interests.

Where data is transferred outside the UK, we ensure appropriate safeguards are in place in accordance with UK GDPR, such as adequacy decisions, IDTAs, or Standard Contractual Clauses.

6. Data Security and Retention

We implement appropriate technical and organisational measures to protect your data, including:

• Secure storage and encryption of sensitive information

• Regular security reviews and Cyber Essentials accreditation

• Access controls and monitoring where appropriate

We retain personal data only for as long as necessary for the purposes for which it was collected, including to meet legal, accounting, and reporting obligations.

Retention periods vary depending on the nature of the data. For example, financial records are typically retained for up to six years to comply with legal requirements.

We regularly review the data we hold and securely delete or anonymise it when it is no longer required.

7. Data Subject Rights 

Under UK GDPR, you have rights in relation to your personal data, including:

• Right of access – Request a copy of the data we hold about you

• Right of rectification – Correct inaccurate or incomplete data

• Right to erasure – Request deletion of your data in certain circumstances

• Right to restrict processing – Request limitation of processing in specific cases

• Right to data portability – Receive your data in a structured, machine-readable format

• Right to object – Object to processing, particularly for direct marketing

To exercise your rights, contact gdpr@dnslimited.co.uk.

You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO). We would welcome the opportunity to address your concerns before you contact the ICO.

8. Data Breach Notification 

In the event of a personal data breach, we will assess the risk and notify the Information Commissioner’s Office (ICO) and affected individuals where required by law.

9. Use of Cookies 

We use cookies and similar technologies to ensure our website functions effectively, analyse usage, and support marketing activities.

Some technologies may be provided by trusted third parties, including business-to-business analytics tools such as Lead Forensics. These tools collect information about website visits, including IP address and browsing behaviour, and may identify the organisation associated with a visit using publicly available information.

These tools are designed to identify organisations rather than individuals, although in some cases the data may be considered personal data.

Where required, we only use non-essential cookies after obtaining your consent via our cookie banner. When you first visit our website, you can accept all cookies or choose to allow only those that are strictly necessary.

You may withdraw or manage your consent at any time through your browser settings or our cookie management tool.

Information collected may include:

• IP address

• Browser type

• Device information

• Pages visited

• Interaction with our website

This information is used for analytics, marketing insights, and to understand interest in our services.

10. Updates to This Statement

We reserve the right to update this privacy policy to reflect legal or operational changes. Any significant updates will be published on our website and, where appropriate, communicated directly.

11. Contact Information

Questions or comments about this privacy policy should be addressed to:

Document Network Services Limited
The Innovation Centre
Unit 9 Royal Scot Road
Pride Park
Derby
DE24 8AJ

Tel: 01332 362 900
Email: gdpr@dnslimited.co.uk

For unresolved concerns, you may contact the Information Commissioner’s Office via their website.