PRIVACY POLICY

1.1 DSHA Partners Ltd

(hereinafter referred to as “Data Controller,” “we,” “our,” or “us”) is committed to safeguarding your privacy and ensuring that your personal data is processed in a lawful, fair, and transparent manner. We apply appropriate technical, administrative, and physical security measures to protect your information.

DSHA Partners Ltd is an independent UK-registered company providing consulting and management services. We operate solely under our own legal entity and are not part of any wider corporate group unless expressly stated. Any third parties engaged by us will act only under our instruction and in accordance with applicable data protection laws.

1.2 Purpose of This Privacy Notice

This privacy notice explains how we process personal data in accordance with applicable data protection legislation, including the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

It provides information regarding:

• The personal data we collect
• The purposes for which we process this data
• The lawful basis on which we rely
• Your rights in relation to your personal data
• How to contact us for additional information or to make a request

In this notice, “personal data” may also be referred to as “your information.”

1.3 Scope of This Privacy Notice

This privacy notice outlines how we collect, process, store, and protect information about you when:

a) Providing services to you or to our clients;
b) You access, use, or interact with our website; or
c) Carrying out any other activities necessary for the operation of our business, as further detailed in this notice.

When we refer to “our website” or “this website,” we mean the official DSHA Partners website and any associated webpages or online platforms that link to this privacy notice.

For the purposes of this privacy notice, “process” includes any operation carried out on your personal data, including collecting, recording, organising, structuring, storing, updating, using, transferring, restricting, erasing, or otherwise making data available.

1.4 Standalone or Service-Specific Notices

On occasion, we may provide a separate, service-specific privacy notice or an ad-hoc notice in relation to a particular activity (for example, when completing a survey, form, or application). In such cases, you will be informed at the point of collection and directed to the relevant additional terms.

If you engage DSHA Partners for any of our specialised consulting or management services, you may be provided with additional service-specific privacy information where required. This ensures that you understand how your personal data is handled within the context of that particular service.

Where such additional information is provided, it will apply in addition to this general privacy notice.

If no service-specific notice has been provided to you, please refer to the information contained in this privacy notice.

This privacy notice applies to DSHA Partners Ltd, which acts as the Data Controller for the personal data processed in connection with our services and website.

Registered Office:
Suite 728, 4 Montpelier Street
London, SW7 1EE
United Kingdom

This privacy notice also applies to any affiliated entities that DSHA Partners Ltd owns or controls, where applicable.

DSHA Partners Ltd does not require a mandatory Data Protection Officer under the UK GDPR; however, we have designated a contact point for all data protection and privacy-related enquiries.

You may contact us at:

Email: inquiries@dshapartners.com
Postal Address:
DSHA Partners Ltd
Suite 728, 4 Montpelier Street
London, SW7 1EE
United Kingdom

5.1

In the course of providing services to you or to our clients, performing business enquiries or due-diligence checks, or communicating with you regarding potential services, DSHA Partners Ltd may collect or receive personal data about you in both physical and electronic form. We may also collect personal data when you use our website or interact with us online.

5.2 We may collect or obtain personal data because:

•  You provide it to us (e.g., through contact forms, emails, online enquiries, or documents you share with us);
• A third party provides it to us (e.g., your employer, adviser, or service providers who support our business operations);
• It is publicly available (e.g., Companies House records, LinkedIn, professional directories, or other open sources).

5.3 Automatically Collected Data

We may also collect or infer personal data based on the way you interact with our website or communications. To improve your experience and ensure proper website functionality, we (or our service providers) may use cookies and similar technologies which may collect personal data such as usage patterns, IP address, and device information.

Full details can be found in our Cookie Notice on the DSHA Partners website.

5.4 The personal data we may process includes (but is not limited to):

• Name, title, and basic identifying information;
• Contact details such as address, email, telephone number, and country of residence;
• Professional information, including employment details, role, and education;
• Identification details where required for compliance purposes (e.g., passport number or company registration information);
• Information you provide when communicating with us, including messages, enquiries, or uploads via our website;
• Technical information such as IP address, browser type, device type, access times, and website usage data;
• Information relating to how you use our services;
• Business information necessary for client onboarding, due diligence, or service delivery (e.g., company ownership details, management background, or publicly available compliance information);
• Media or publicly sourced information relevant to business verification, where appropriate.

5.5 Special Categories of Personal Data

DSHA Partners does not routinely collect special category data (e.g., health information, ethnicity, or religious beliefs). However, in limited circumstances, such data may be processed only where you provide it voluntarily and where strictly necessary. For example:

• Accessibility or health requirements for a meeting or event
• Information required for identity verification in compliance or onboarding processes

We will always process such data in accordance with legal requirements and only with an appropriate lawful basis.

5.6 If You Choose Not to Provide Information

If you choose not to provide certain information, or if you object to us processing specific data, DSHA Partners may be unable to fulfil our contractual obligations, complete compliance checks, or continue providing some or all services to you or our client.

6.1 Use of Personal Data to Provide Our Services

• We use your personal data to provide consulting, management, administrative and related services to you, to our clients, or to third parties where necessary. This may include using your personal data during correspondence related to the services we provide. Such communication may occur with you, authorised representatives, third-party service providers, or relevant authorities where required.
• We may use your personal data to conduct identity checks, due diligence, anti-money-laundering (AML) checks, sanctions screening, or other compliance activities, where applicable.
• As our services vary, the specific way we use your personal data will depend on the nature of the engagement. Examples may include:
  • i. Processing client or stakeholder information for project delivery, consultancy work, or strategic advisory tasks;
  • ii. Using business or professional details to support onboarding or communication during a service engagement;
  • iii. Reviewing publicly available corporate or compliance information for business verification purposes.

6.2 Use of Personal Data for Activities Necessary to Operate Our Business

We may also use your personal data for purposes that support the general operation and administration of DSHA Partners Ltd, including:

• Compliance with applicable legal, regulatory, or professional obligations;
• Responding to lawful requests or communications from regulators or authorities;
• Client onboarding, administrative functions, and account management;
• Internal financial processes such as invoicing, accounting, auditing, and risk management;
• Protecting our legal rights, the rights of our clients, and the integrity of our services.

6.3 Use of Personal Data for Marketing and Business Development

We may use your personal data for relationship management, marketing, and business development activities, including:

• Sending you updates, insights, news, service information, or materials that we believe may be relevant or of interest to you;
• Contacting you for feedback on our services;
• Inviting you to events, webinars, briefings, or consultations;
• Using testimonials or statements with your explicit permission for promotional purposes;
• Communicating with prospective clients or partners where a legitimate business interest exists.

All marketing communications from DSHA Partners will adhere to applicable laws, and you can opt out at any time.

6.4 Use of Personal Data Collected via Our Website

Personal data collected through your interaction with our website may be used for:

• Enabling navigation and functionality of the website;
• Managing, maintaining, and improving website performance and user experience;
• Tailoring website content to provide a more personalised browsing experience and to highlight services or information that may interest you;
• (Where consent is provided) delivering targeted advertising or analytical insights using cookies or similar technologies;
• Responding to enquiries or requests submitted through our website contact forms or communication channels.

7.1 Providing Services and Operating Our Business

For the purposes described in Sections 6.1 and 6.2, DSHA Partners Ltd relies on one or more of the following lawful bases under the UK GDPR:

• Contractual necessity – the processing is necessary to perform a contract we have with you or to take steps at your request before entering into a contract.
• Legal obligation – the processing is necessary for us to comply with the law (for example, record-keeping, taxation, responding to lawful authorities, or fulfilling compliance requirements such as anti-money-laundering checks).
• Legitimate interests : the processing is necessary for our legitimate business interests, which may include:
  • Providing and delivering our services to clients or third parties and ensuring engagements are well-managed;
  • Preventing fraud or misuse of our services;
  • Protecting and managing our business operations and systems;
  • Handling, investigating, and resolving complaints or enquiries;
  • Ensuring the security and integrity of our services and website.
• Consent: where you have explicitly agreed that we may process your personal data for a specific purpose.

7.2 Marketing, Relationship Management, and Website Use

For the purposes outlined in Sections 6.3 and 6.4, we rely on:

• Legitimate interests, such as:
  • Developing our business and maintaining professional relationships;
  • Assessing, developing, or improving our services;
  • Providing information about our services, updates, insights, and events unless you opt out.

• Consent, where required (for example, certain marketing communications or cookie-related activities).

You may withdraw your consent at any time.

7.3 Special Categories of Personal Data

DSHA Partners normally does not process special category data.
However, if such data must be processed for a legitimate and clearly defined purpose, we will only do so under one of the following lawful bases:

• Explicit consent given by you;
• Processing required by law (for example, identity verification or compliance checks);
• Processing necessary for obligations in employment, social protection, or similar legal frameworks;
• Processing necessary for the establishment, exercise, or defence of legal claims;
• The information has been manifestly made public by you.

7.4 Withdrawal of Consent

If you withdraw your consent, this does not affect the lawfulness of any processing carried out before that withdrawal.
In certain circumstances, we may still process your personal data if another lawful basis applies, as outlined above.

8.1 Who We May Share Your Personal Data With

In connection with the purposes described in Section 6 (How We Use Your Personal Data), DSHA Partners Ltd may share your personal data with the following recipients or categories of recipients:

• Third-party service providers who support our business operations, such as IT service providers, cloud hosting platforms, communication tools, compliance or identity-verification providers, accountants, or legal advisers.
• Competent authorities or regulators, including courts, governmental bodies, or law enforcement, where required by law or where necessary to protect our legal rights
• Your employer or organisation, where our services are provided on their behalf or where they act as the primary contracting party.
• Your authorised advisers or representatives, where relevant and appropriate.
• Third parties involved in a potential business transaction, such as a merger, restructuring, sale, or acquisition involving DSHA Partners Ltd. In such cases, your data will only be used for the same purposes for which it was originally collected.
• Credit reference agencies, fraud-prevention bodies, or similar organisations where necessary for risk management, financial verification, or to prevent fraud.
• Other third parties who reasonably require access to your personal data for the purposes outlined in Section 6, provided that such access is lawful and proportionate.

We ensure that any third party receiving personal data from us does so under appropriate confidentiality and security obligations.

8.2 Social Media, Public Platforms, and User-Generated Content

Our website or online platforms may contain links to external social media channels or tools that allow you to interact, comment, or share content publicly.

Please be aware that:

• Any personal data you submit through public channels, comment sections, or social media may be visible to other users.
• DSHA Partners Ltd has no control over how other users may view, collect, or use such information.
• We cannot guarantee that personal data shared voluntarily by you in these spaces will be handled in accordance with this privacy notice.

We encourage you to use caution when sharing personal information through public or social media features.

9.1 International Transfers

In certain circumstances, DSHA Partners Ltd may transfer your personal data to countries outside the United Kingdom or the European Economic Area (EEA). This may occur where:

• We work with clients, partners, or service providers located outside the UK;
• You are based outside the UK or provide instructions requiring international communication;
• Our third-party service providers (such as cloud hosting or communications platforms) process data internationally.

These countries may have data protection laws that differ from those in the UK, and your information may be subject to access by foreign authorities under their local laws.

9.2 Safeguards for International Transfers

Whenever we or our third-party service providers transfer your personal data outside the UK or EEA, we ensure that adequate safeguards are in place to protect your information. These safeguards may include:

• Transfers to countries deemed “adequate” by the UK government (i.e., countries legally recognised as offering an equivalent level of data protection);
• Use of appropriate contractual mechanisms, such as the UK International Data Transfer Agreement (IDTA) or Standard Contractual Clauses (SCCs), requiring the recipient to protect your data to UK standards;
• Your explicit consent, where applicable and appropriate.

Where required, we carry out risk assessments to ensure that international transfers maintain an adequate level of protection.

9.3 Transfers Required by Law

If we must transfer your personal data outside the UK or EEA due to legal obligations. For example, responding to a lawful request from an authority—we will take reasonable steps to ensure that your information continues to be handled securely and in accordance with applicable data protection law.

9.4 Sharing Non-Personal or Aggregated Information

We may share non-personal, anonymised, or aggregated data with third parties for purposes such as:

• Research
• Analytics
• Industry insights or reporting
• Thought leadership
• Marketing or promotional materials

This information does not identify any individual and does not constitute personal data.

10.1 Retention of Personal Data

DSHA Partners Ltd uses information systems and processes designed to minimise the collection and retention of personal data wherever possible.

We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected, including to meet legal, regulatory, or contractual requirements. Specifically, we keep your personal data for the longest of the following periods:

• For as long as necessary to carry out the relevant activity or provide the services;
• For the period required by applicable law, regulatory obligations, or professional standards (such as tax, accounting, or compliance requirements);
• For the duration during which a legal claim, investigation, or dispute could reasonably be brought, relating to the services provided.

We maintain internal retention schedules and policies that set out how long different categories of personal data are kept before being securely deleted or anonymised.

11.1 Security Measures

DSHA Partners Ltd takes the security of your personal data seriously and implements a range of organisational, administrative, and technical measures to ensure that your information remains secure, accurate, and up to date. These measures include:

• Training and awareness for relevant staff to ensure they understand data protection obligations and follow best practices when handling personal data;
• Access controls, ensuring that personal data is only accessible to individuals who need it to perform their role (“need-to-know” basis);
• Technical safeguards, such as secure systems, encryption, firewalls, multi-factor authentication, and anti-virus protections;
• Physical security measures, such as controlled office access and secure storage for any physical records.

We regularly review our security procedures to ensure they remain appropriate and effective.

11.2 Data Transmission

While we take steps to secure personal data once it is received by us, please note that transmission of information over the internet is not completely secure.

Although we do our best to protect your personal data, we cannot guarantee the security of data transmitted to us via email, online forms, or other electronic means. Any such transmission is at your own risk.

12.1 Your Data Protection Rights

Under the UK GDPR, you have several rights in relation to your personal data. These include the right to:

• Access your personal data – request confirmation of whether we process your data and obtain a copy of the personal data we hold about you;
• Be informed – receive clear information about how and why your data is processed, including the categories of data, recipients, storage periods, sources, and whether automated decision-making occurs;
• Rectification – ask us to update or correct personal data that you believe is inaccurate or incomplete;
• Erasure or restriction – request that we delete your personal data or restrict how we process it, where legally permitted;
  • You may also withdraw your consent at any time where processing is based on consent;
• Data portability – receive your personal data in a structured, commonly used, machine-readable format and transmit it to another controller (where processing is based on consent or contract);
• Marketing preferences – request at any time that we stop sending you marketing communications, using the contact details provided in this Privacy Notice;
• Object – object to our processing of your personal data where we rely on legitimate interests or perform tasks in the public interest.

12.2 Responding to Your Requests

If you request access to your personal data or exercise any of your rights, we will respond within one month, in accordance with UK data protection legislation.
Where additional time is required due to complexity, you will be informed.

We will always meet our legal obligations when handling rights requests.

12.3 Keeping Your Information Up to Date

We aim to ensure that the personal data we hold is accurate and current.
Please notify us of any changes to your details using the contact information provided in this Privacy Notice.

You may also use these contact details if you wish to make a privacy-related complaint.
We will take any such concerns seriously and work to resolve them promptly.

13.1 Marketing and Relationship Communications

If we believe that you are a client, potential client, or business contact who may be interested in our insights, updates, or services, DSHA Partners Ltd may use your personal information to contact you from time to time.
We may inform you—by email, telephone, letter, or other electronic methods—about:

• services or offerings similar to those you have engaged with previously;
• updates, insights, articles, or thought leadership content;
• events, briefings, webinars, or consultations;
• other information related to our services that we believe may be of interest to you.

We will only send marketing communications in accordance with applicable law and your stated preferences.

13.2 Business Development Activities

From time to time, we may use your information to:

• maintain and develop business relationships;
• invite you to participate in surveys, feedback requests, or industry discussions;
• share relevant updates about DSHA Partners and our services.

We do not operate an Alumni Network or any similar programme; therefore, any references to such schemes do not apply.

13.3 Changing Your Marketing Preferences

You may withdraw your consent or change your marketing preferences at any time by:

• following the unsubscribe or preference instructions included in our communications, or
• contacting us using the details provided in this Privacy Notice.

We will process your request promptly in accordance with applicable data protection laws.

14.1 Contacting DSHA Partners

If you wish to exercise any of your rights set out in Section 12, or if you have questions, concerns, or comments about how your personal data is handled, you may contact us in the following ways:

a) Write to us at:
DSHA Partners Ltd
Suite 728, 4 Montpelier Street
London, SW7 1EE
United Kingdom

b) Email us at:
inquiries@dshapartners.com

We will respond to your request or enquiry as promptly as possible and in accordance with applicable data protection legislation.

14.2 Contacting the Information Commissioner’s Office (ICO)

If you have concerns about how we process your personal data and you feel that your concerns have not been fully resolved by us, you have the right to lodge a complaint with the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection.

You can contact the ICO in the following ways:

a) Write to:
Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
United Kingdom

b) Submit a complaint online via the ICO’s data protection complaints tool:
https://ico.org.uk/make-a-complaint/

We may update or amend this Privacy Notice from time to time to reflect changes in our practices, legal requirements, or the way we operate. When updates are made, the revision date at the top of this page will be changed accordingly.
The updated Privacy Notice will take effect from the date it is published.

We encourage you to review this Privacy Notice periodically to stay informed about how we protect and use your personal data.

As DSHA Partners Ltd is established in the United Kingdom and may process personal data of individuals located within the European Economic Area (EEA), we may be required to appoint an EEA Data Protection Representative in accordance with Article 27 of the EU GDPR.

Where applicable, our appointed EEA representative is:

DSHA Partners – EEA Representative
Suite 728, 4 Montpelier Street

SW7 1EE London, United Kingdom 

inquiries@dshapartners.com

You may contact our EEA representative regarding matters related to the processing of personal data of individuals in the EEA.

If you are submitting a personal data request on behalf of another individual, you must provide appropriate proof that you are authorised to act on their behalf.

Acceptable forms of authorisation may include:

• a signed written authorisation from the individual,
• or a valid power of attorney,
• or other legally acceptable evidence confirming your authority.

Please submit such requests using the contact details provided in this Privacy Notice. DSHA Partners Ltd may request additional information where necessary to verify your identity and your authority to act on behalf of the data subject.