GDPR Compliance Statement

Last updated: 4 June 2026

1. Data controller

The data controller for stairliftguru.co.uk is Whito Ltd, registered in England and Wales (company number 10918465), registered address 20-22 Wenlock Road, London, N1 7GU. ICO registration reference: ZA297473.

Data protection contact: contact@stairliftguru.co.uk

2. Lawful bases for processing

We process personal data under the following lawful bases as defined in UK GDPR Article 6:

• Consent (Art 6(1)(a)): when you voluntarily submit a quote request or sell-a-stairlift form, you consent to us sharing your details with UK stairlift suppliers or buyers.
• Legitimate interest (Art 6(1)(f)): for website analytics (Google Analytics 4, Microsoft Clarity) to improve site performance and user experience, and for responding to email enquiries.
• Legal obligation (Art 6(1)(c)): for managing cookie consent records under PECR.

3. Categories of personal data

• Contact information: name, email address, telephone number, postcode
• Stairlift requirements: staircase type, features needed, budget preferences
• Stairlift selling details: make, model, age, serial number, condition
• Technical data: anonymised IP address, browser type, device type, pages visited
• Consent records: cookie consent preferences

4. Data processors

We use the following third-party processors:

• Fillout Inc. (form hosting, US-based, SCCs in place)
• Google LLC (Analytics 4, IP anonymisation enabled)
• Microsoft Corporation (Clarity session recording)
• iubenda S.r.l. (cookie consent management)
• LiteSpeed Technologies (server-side caching)

When you submit a quote request, your data is shared with one or more UK-based stairlift suppliers who become independent data controllers for the data they receive.

5. Data retention

• Quote and sell form submissions: 24 months, then deleted
• Google Analytics data: 14 months (GA4 default)
• Microsoft Clarity recordings: 30 days
• Cookie consent records: 12 months
• Email enquiries: 24 months from last correspondence

6. International transfers

Some processors (Fillout, Google, Microsoft) are based in the United States. Transfers are safeguarded by UK adequacy regulations or Standard Contractual Clauses approved by the ICO.

7. Your rights

Under UK GDPR, you have the right to access, rectify, erase, restrict, port, and object to the processing of your personal data. You also have the right to withdraw consent at any time. To exercise these rights, email contact@stairliftguru.co.uk. We will respond within one month.

8. Data security

We implement appropriate technical and organisational measures to protect personal data, including encrypted data transmission (TLS/SSL), access controls limiting data access to authorised personnel, regular security updates to our WordPress installation and plugins, and secure hosting with server-side protections.

9. Data protection impact assessments

We conduct data protection impact assessments (DPIAs) where processing is likely to result in a high risk to individuals’ rights and freedoms, as required by UK GDPR Article 35.

10. Breach notification

In the event of a personal data breach that poses a risk to individuals’ rights and freedoms, we will notify the ICO within 72 hours of becoming aware of the breach, as required by UK GDPR Article 33. Where the breach poses a high risk, we will also notify affected individuals without undue delay.

11. Complaints

You have the right to lodge a complaint with the Information Commissioner’s Office:

• Website: ico.org.uk/make-a-complaint
• Telephone: 0303 123 1113
• Address: Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF

12. Related policies

• Privacy Policy (full detail on data collection and processing)
• Cookie Policy (specific cookies used on this site)
• Terms and Conditions