Privacy Policy

Last updated: 16 May 2026

This privacy notice explains how WSH Software Solutions Ltd ("we", "us", "our") handles personal data collected through wshsoftwaresolutions.co.uk and wshsoftwaresolutions.com (together, "this website"). It is written to comply with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

For privacy information about our products (HeimdallHR and HeimdallPresent), see each product's own privacy notice.

Who we are

The data controller for this website is WSH Software Solutions Ltd, a company registered in England & Wales (company number 17186192). Our registered office is 73a High Street, Little Lever, Bolton, England, BL3 1NA. You can contact us at [email protected].

What data we collect

This website is intentionally minimal. We collect only:

  • Server access logs — IP address, request URL, user-agent string, and timestamp. These are recorded by our web server for security and diagnostic purposes.
  • Information you send us by email — if you contact us at [email protected], we will hold your message, email address, and any information you choose to share with us.

We do not use cookies, fingerprinting, advertising trackers, or any third-party analytics on this website. See our Cookie Policy for more.

Why we use it and our legal basis

  • Access logs — to keep the website running, detect abuse, and diagnose problems. Legal basis: legitimate interests (running a secure website).
  • Email enquiries — to respond to you. Legal basis: legitimate interests, or the performance of a contract if you become a customer.

How long we keep it

  • Access logs are kept for up to 30 days, then deleted.
  • Email correspondence is kept for as long as is reasonably necessary to maintain the relationship or meet legal record-keeping obligations (typically up to 6 years for tax records under UK law).

Who we share it with

We use a small number of third-party processors to operate the website and respond to you:

  • Our VPS hosting provider (server infrastructure).
  • Our email provider (sending and receiving messages).

We do not sell, rent, or share your personal data with anyone for marketing purposes.

International transfers

Our infrastructure is hosted within the UK or the European Economic Area wherever possible. Where data must be transferred outside the UK/EEA, we rely on adequacy decisions or standard contractual clauses as required by UK GDPR.

Your rights

Under UK GDPR you have the right to:

  • access the personal data we hold about you;
  • ask us to correct inaccurate data;
  • ask us to delete your data ("right to erasure");
  • ask us to restrict how we use your data;
  • object to processing based on legitimate interests;
  • request a copy of your data in a portable format.

To exercise any of these rights, email [email protected]. We'll respond within one month.

Complaints

If you're unhappy with how we've handled your data, please tell us first so we can put it right. You also have the right to complain to the UK's Information Commissioner's Office (ICO) at ico.org.uk.

Changes to this policy

We may update this notice from time to time. The "last updated" date at the top of this page shows when it was last revised.