Legal · Privacy
Privacy Notice
Last updated: 28 April 2026. This notice explains what personal data Tamazia collects when you engage with the firm, what we do with it, who has access to it, and what rights you have under UK GDPR, EU GDPR, UAE PDPL, and equivalent regimes.
1. Who we are
Tamazia is an international SEO and regulatory-compliance content firm operated by Aman Pareek. For data-protection purposes Tamazia acts as the data controller for personal data collected through tamazia.co.uk. Contact for privacy matters: [email protected].
2. The personal data we collect
| Source | Data | Purpose |
|---|---|---|
| Quick Audit form (homepage) | Domain or keyword, work email, sector | To deliver the requested compliance and SEO audit and follow-up |
| Briefing request form (Contact section) | Name, work email, company, role, sector, primary outcome | To respond to the briefing request and assess fit |
| Footer briefings signup | To send the regulatory briefings (opt-in marketing under PECR / CAN-SPAM) | |
| Server logs (Cloudflare Pages) | IP address, user agent, request URL, timestamp | Security and abuse prevention; aggregated for performance review |
3. Lawful basis
- Consent (Article 6(1)(a) UK/EU GDPR; Article 5 UAE PDPL): briefing signup, audit form, contact form.
- Legitimate interests (Article 6(1)(f) UK/EU GDPR): server logs for security; consent banner storage.
- Legal obligation (Article 6(1)(c) UK/EU GDPR): retention of records where required by accounting, AML, or sectoral regulation.
4. Who we share data with
Personal data is shared only with the processors required to deliver the service:
- Cloudflare, Inc. · hosting, CDN, DDoS protection (US/EU). Data Processing Addendum in place.
- Resend, Inc. · transactional email delivery for audit and briefing follow-ups (US). DPA in place.
Tamazia does not sell or share personal data for advertising or any third-party purpose. We do not disclose data to law enforcement except where compelled by a valid legal order.
5. International transfers
Tamazia operates internationally. Personal data may be transferred to the United States (Cloudflare, Resend) and processed there. Transfers are protected by the EU-US Data Privacy Framework, UK International Data Transfer Agreement, and equivalent UAE PDPL safeguards. Standard Contractual Clauses apply where required.
6. Retention
Audit and briefing submissions are retained for 24 months from last contact, or longer where required by law or where you remain an active client. Server logs are retained for 30 days. The consent state stored in your browser persists until you clear it.
7. Your rights
Under UK GDPR, EU GDPR, and UAE PDPL you have the right to:
- Access the personal data we hold about you.
- Have inaccurate data corrected.
- Have your data erased (subject to legal-retention exceptions).
- Restrict or object to processing.
- Receive your data in a portable format.
- Withdraw consent at any time without affecting prior lawful processing.
- Lodge a complaint with the UK ICO (ico.org.uk) or the UAE TDRA / equivalent supervisory authority in your jurisdiction.
To exercise any of the above, email [email protected] with the subject line "Privacy request". We respond within 30 days.
8. Security
tamazia.co.uk is served over HTTPS with HSTS, strict CSP, and modern security headers. Backend functions run on Cloudflare's isolated workers runtime. Submission payloads are sanitised before dispatch. Personal data at rest is held only inside Resend (transactional email log) and Cloudflare logs (request metadata).
9. Cookies
See the cookie policy for the complete list of storage we use.
10. Changes
Material changes to this notice are versioned by the "Last updated" date at the top. If a change materially affects how your data is processed, we will notify you by email where you have given us a contact address.