Skip to main content

Legal · Privacy

Privacy Notice

Last updated: 11 June 2026. This notice explains what personal data Tamazia collects when you engage with the firm, what we do with it, who has access to it, and what rights you have under UK GDPR, EU GDPR, UAE PDPL, and equivalent regimes.

1. Who we are

Tamazia is an international SEO and regulatory-compliance content firm operated by Aman Pareek. For data-protection purposes Tamazia acts as the data controller for personal data collected through tamazia.co.uk. Contact for privacy matters: dpo@tamazia.co.uk.

2. The personal data we collect

SourceDataPurpose
Quick Audit form (homepage) Domain or keyword, work email, sector To deliver the requested compliance and SEO audit and follow-up
Briefing request form (Contact section) Name, work email, company, role, sector, primary outcome To respond to the briefing request and assess fit
Footer briefings signup Email To send the regulatory briefings (opt-in marketing under PECR / CAN-SPAM)
Server logs (Cloudflare Pages) IP address, user agent, request URL, timestamp Security and abuse prevention; aggregated for performance review

3. Lawful basis

  • Consent (Article 6(1)(a) UK/EU GDPR; Article 5 UAE PDPL): briefing signup, audit form, contact form.
  • Legitimate interests (Article 6(1)(f) UK/EU GDPR): server logs for security; consent banner storage.
  • Legal obligation (Article 6(1)(c) UK/EU GDPR): retention of records where required by accounting, AML, or sectoral regulation.

4. Who we share data with

Personal data is shared only with the processors required to deliver the service:

  • Cloudflare, Inc. · hosting, CDN, DDoS protection, Email Routing, Workers KV (US/EU). Data Processing Addendum in place. Privacy policy at cloudflare.com/privacypolicy.
  • Resend, Inc. · transactional email delivery for audit, briefing, contact and booking follow-ups (US). DPA in place. Privacy policy at resend.com/legal/privacy-policy.
  • Cal.com, Inc. · meeting booking infrastructure for the strategy-call page (US). DPA in place. Privacy policy at cal.com/privacy. Personal data shared: name, email, optional notes you provide on booking.
  • Google LLC · Google Analytics 4 measurement (US/EU). Data anonymised, IP truncation enabled. Loaded only after analytics consent. Privacy policy at policies.google.com/privacy.
  • PostHog, Inc. · product analytics (EU region hosting). Records page views and interaction events. Loaded only after analytics consent. Privacy policy at posthog.com/privacy.
  • Microsoft Corporation · Microsoft Clarity session analytics and heatmaps (US). Records interactions to diagnose usability issues. Loaded only after analytics consent. Privacy policy at privacy.microsoft.com/privacystatement.
  • Functional Software, Inc. (Sentry) · front-end error diagnostics and Session Replay (US). Error monitoring runs as a strictly necessary reliability function; Session Replay (text masked, media blocked) records only after analytics consent. Privacy policy at sentry.io/privacy.
  • Microsoft Corporation · Bing Webmaster Tools (US). Used for search-console verification only, no personal data shared.
  • Google LLC · Search Console + Postmaster Tools (US). Used for search-console verification and email-deliverability monitoring, no personal data shared.

Tamazia does not sell or share personal data for advertising or any third-party purpose. We do not disclose data to law enforcement except where compelled by a valid legal order.

5. International transfers

Tamazia operates internationally. Personal data may be transferred to the United States (Cloudflare, Resend, Microsoft Clarity, Sentry) and processed there; PostHog analytics is processed in the EU. Transfers are protected by the EU-US Data Privacy Framework, UK International Data Transfer Agreement, and equivalent UAE PDPL safeguards. Standard Contractual Clauses apply where required.

6. Retention

Audit and briefing submissions are retained for 24 months from last contact, or longer where required by law or where you remain an active client. Server logs are retained for 30 days. The consent state stored in your browser persists until you clear it.

7. Your rights

Under UK GDPR, EU GDPR, and UAE PDPL you have the right to:

  • Access the personal data we hold about you.
  • Have inaccurate data corrected.
  • Have your data erased (subject to legal-retention exceptions).
  • Restrict or object to processing.
  • Receive your data in a portable format.
  • Withdraw consent at any time without affecting prior lawful processing.
  • Lodge a complaint with the UK ICO (ico.org.uk) or the UAE TDRA / equivalent supervisory authority in your jurisdiction.

To exercise any of the above, email dpo@tamazia.co.uk with the subject line "Privacy request". We respond within 30 days.

8. Security

tamazia.co.uk is served over HTTPS with HSTS, strict CSP, and modern security headers. Backend functions run on Cloudflare's isolated workers runtime. Submission payloads are sanitised before dispatch. Personal data at rest is held only inside Resend (transactional email log) and Cloudflare logs (request metadata).

9. Cookies

See the cookie policy for the complete list of storage we use.

10. Changes

Material changes to this notice are versioned by the "Last updated" date at the top. If a change materially affects how your data is processed, we will notify you by email where you have given us a contact address.

Read alongside the cookie policy and terms of service. For binding legal questions, contact the firm directly.

Compliance posture

Tamazia maintains a written DPO assessment, an Article 14 notice template for indirect-data-collection scenarios, and a Data Processing Agreement template aligned with UK GDPR Schedule 21. These documents are reviewed annually and shared with clients and regulators on request. The cadence of review and the responsible officer (Aman Pareek as Data Controller) are recorded in our governance log. For supervisory authority complaints see our complaints page.