Legal
Privacy Policy
Last updated: 13 June 2026
Doral Systems Ltd ("Doral Systems", "we", "us", or "our") respects your privacy and is committed to protecting your personal data. This Privacy Policy explains what personal information we collect through our website, how we use and protect it, and the rights you have under UK data protection law. We are a technical solutions consultancy based in Cheltenham, England. Our website is informational, and the only personal data we collect from the public is the information you choose to provide through our contact form. We do not sell your personal information. This policy is a general template and should be reviewed by a qualified solicitor before launch to confirm it reflects our actual practices and complies with applicable law.
Who We Are
Doral Systems Ltd is the data controller responsible for your personal data when you use this website. We are a boutique technical solutions consultancy based in Cheltenham, England. If you have any questions about this policy or about how we handle your information, you can reach us at hello@doralsystems.co.uk.
Information We Collect
We collect only the personal information you choose to submit through our website contact form: your name, your email address, an optional subject line, and the contents of your message. We do not require you to create an account, and we do not collect payment details, special category data, or location data through the website. Our site does not use third-party advertising or analytics trackers, so we do not build profiles of visitors or track you across other sites. A limited amount of technical information, such as a standard server log entry, may be generated automatically when the site is accessed; this is used only to keep the site secure and running and is not used to identify members of the public.
How We Use Your Information
We use the information you submit through the contact form for one purpose: to read, respond to, and follow up on your enquiry. That includes contacting you by email to answer your question, to provide the information you asked for, or to discuss whether and how our services might fit your needs. We do not use your contact-form information for marketing, and we will not add you to any mailing list without a separate, clear opt-in. We never sell, rent, or trade your personal information.
Legal Bases for Processing
Under the UK GDPR we must have a lawful basis for processing your personal data. We rely on your consent, which you give by choosing to complete and submit the contact form, and on our legitimate interests in responding to enquiries, communicating with prospective clients, and operating and securing our website — balanced against your rights and expectations. Where you contact us about engaging our services, processing may also be necessary to take steps at your request before entering into a contract. You can withdraw your consent at any time by contacting us, which will not affect the lawfulness of any processing carried out beforehand. If you are located in the European Economic Area, the EU GDPR may also apply on the same bases.
How We Store and Protect Your Information
Contact-form submissions are stored in a managed PostgreSQL database provided by Supabase, hosted on servers located in the European Economic Area (Ireland). Access to that database is restricted to authorised personnel and protected by authentication controls. We apply reasonable technical and organisational measures designed to protect personal information against unauthorised access, disclosure, alteration, or destruction, including encryption in transit. No method of transmission or storage is completely secure, however, and we cannot guarantee absolute security, so please avoid sending highly sensitive or confidential information through the contact form.
Data Retention
We keep contact-form information only for as long as we need it to handle your enquiry, and for a reasonable period afterwards to maintain a record of our correspondence, follow up on related discussions, and meet any legal or accounting obligations. When the information is no longer needed for these purposes we delete it or otherwise remove its connection to you. If you ask us to delete your information sooner, we will do so unless we are required to keep it by law.
Sharing and Sub-Processors
We do not sell your personal information and we do not share it for anyone else's marketing. We rely on a small number of service providers (sub-processors) who process information on our behalf and under our instructions. Supabase hosts the database and provides the authentication used by our internal team. When we reply to your enquiry, we do so from our own business email accounts. We may also disclose information where required by law, to comply with legal process, or to protect our rights, safety, or property and those of others.
Your Rights
Under UK data protection law you have rights over your personal data, including the right to be informed; to access the information we hold about you; to have inaccurate information corrected; to have your information erased; to restrict or object to certain processing; to data portability; and to withdraw consent at any time. To exercise any of these rights, contact us at hello@doralsystems.co.uk. We will respond within the time limits set by law and may need to verify your identity first. If you are unhappy with how we have handled your personal data, you have the right to complain to the Information Commissioner's Office (ICO), the UK's data protection regulator, at ico.org.uk — though we would appreciate the chance to put things right first.
Cookies
Our public website uses only minimal, strictly necessary cookies. We do not use advertising, marketing, or third-party analytics cookies. The single functional cookie we use is a session cookie that supports the internal developer login used to maintain the site; it is not used to track members of the public. Because we rely only on strictly necessary cookies, the site does not require a cookie consent banner under the Privacy and Electronic Communications Regulations (PECR), though your browser settings let you block or delete cookies if you prefer.
Children's Privacy
Our website and services are intended for businesses and adults. We do not knowingly collect personal information from children under 13. If you believe a child has provided us with personal information through the contact form, please contact us at hello@doralsystems.co.uk and we will delete it.
International Data Transfers
Your information is stored within the European Economic Area. Some of our service providers may process limited information in other countries. Where personal data is transferred outside the UK or the EEA, we take steps to ensure it is protected by appropriate safeguards, such as the UK government's adequacy regulations or the International Data Transfer Agreement, as required by UK data protection law.
Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. When we make changes we will revise the effective date shown at the top of this policy and post the updated version on our website. We encourage you to review this policy periodically so you stay informed about how we handle personal information.
How to Contact Us
If you have questions about this Privacy Policy, about how we handle your personal information, or if you wish to exercise any of your rights, please contact us at hello@doralsystems.co.uk. Doral Systems is based in Cheltenham, England. You can also contact the Information Commissioner's Office (ICO) at ico.org.uk if you have concerns we have not been able to resolve.