Last updated: 16 September 2025
Whisky & White Paper (“we”, “our”, “us”) respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, and safeguard information when you interact with our website, services, and communications.
1. Who we are
Whisky & White Paper is a sole trader business providing operations management and business support services.
Contact: hello@whiskyandwhitepaper.com
2. Data we collect
We may collect and process the following personal data:
Identity data (name, business name).
Contact data (email address, phone number if provided).
Booking information (via TidyCal: call type, time, date).
Communication data (emails, contact form submissions).
Payment data (via Stripe or Xero — we do not store card details).
Technical data (cookies, IP address, browser type, device).
3. How we collect data
Directly: when you contact us, book a call, or become a client.
Automatically: through cookies and similar technologies on our website.
Third parties: to deliver services, we use tools including:
TidyCal (scheduling)
Suitedash (client portal)
Google Workspace (forms, email, file storage)
Kit.com (email marketing platform)
Stripe and/or Xero (payments and invoicing)
HelloSign and/or PandaDoc (e-signatures)
Typeform (optional, for questionnaires or surveys)
Zapier (integrations and automations)
Password vault software (for secure storage of client credentials)
4. Why we use your data (lawful basis)
We process personal data to:
Respond to enquiries (legitimate interest).
Provide and manage services under contract.
Process payments and invoices (legal obligation + contract).
Maintain client records (legitimate interest).
Send relevant updates or resources where consent has been given (consent).
Improve our website and services (legitimate interest).
5. Data storage and security
We store data in secure cloud-based systems (Google Workspace, Suitedash, TidyCal, Kit.com, Stripe, Xero, HelloSign, PandaDoc, Typeform, Zapier, password vault software).
We apply appropriate technical and organisational measures to prevent loss, misuse, or unauthorised access.
6. Data retention
We keep personal data only as long as necessary to fulfil the purpose it was collected for, including for legal, accounting, or reporting requirements.
Client records are typically retained for up to 7 years after the relationship ends, in line with UK accounting standards.
7. Sharing of data
We do not sell or rent personal data.
We may share data with trusted third-party processors (listed in section 3) solely to provide our services. Each of these providers has its own GDPR-compliant policies.
8. Cookies
Our website uses cookies and similar technologies for functionality and analytics. You can set your browser to refuse cookies, but some parts of the site may not work properly.
If third-party analytics tools (such as Google Analytics or Meta Pixel) are added, this policy will be updated.
9. Your rights
Under UK GDPR you have the right to:
Request access to your personal data.
Request correction or deletion of your data.
Object to processing or request restriction.
Request transfer of your data.
Withdraw consent at any time (where processing is based on consent).
You may exercise these rights by emailing hello@whiskyandwhitepaper.com.
You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO) at www.ico.org.uk.
10. Changes to this policy
We may update this policy from time to time. The latest version will always be posted on our website with the date of revision noted above. You are encouraged to review this page periodically for the latest version.