Privacy Policy
Last updated: 14 July 2026
Withnell Sensors Limited ("Withnell Sensors", "we", "us", or "our") provides the WSL Customer Portal (the "Portal"), a secure online service that lets our customers view and download calibration certificates, service reports, rental certificates, and related asset information. This Privacy Policy explains what personal data we collect through the Portal, how we use it, and the rights you have over it.
We are the data controller for the personal data described below. If you have any questions about this policy or how we handle your data, contact us using the details at the end of this page.
1. Information We Collect
We collect the following categories of personal data:
- Account information: your name, work email address, job role, and the company (or companies) you are linked to. Accounts are created for you by your administrator or by our staff. The Portal does not offer self-service sign-up.
- Authentication data: sign-in timestamps, magic-link and multi-factor authentication records, and session identifiers used to keep you securely signed in.
- Usage data: pages visited, searches performed (e.g. by certificate or serial number), and actions taken within the Portal (such as downloading a certificate), which we log for security and audit purposes.
- Asset and certificate data: information about the equipment your company has had calibrated or serviced, including serial numbers, calibration due dates, and the certificates and reports themselves.
- Support and feedback: anything you submit to us via the feedback form or by emailing our support team, including your name and email address.
- Cookies: small pieces of data stored in your browser. See Section 6 below for details.
2. How We Use Your Information
- To provide, maintain, and secure the Portal and your account within it.
- To authenticate you, keep you signed in, and protect your account (including via multi-factor authentication for staff and administrators).
- To deliver the certificates, reports, and asset information relevant to your company.
- To respond to support requests, quote requests, and feedback you submit through the Portal.
- To keep an audit trail of significant actions (such as file access and account changes) for security and compliance purposes.
- To understand how the Portal is used and to improve it, but only where you have accepted analytics cookies (see Section 6).
- To meet our legal, regulatory, and accreditation obligations, including those relating to our UKAS-accredited calibration activities.
3. Legal Basis for Processing
Where UK data protection law (UK GDPR and the Data Protection Act 2018) applies, we rely on the following legal bases:
- Contract: processing necessary to provide the Portal and the calibration and asset services your company has engaged us for.
- Legitimate interests: securing the Portal, preventing fraud and misuse, and improving our services, balanced against your rights.
- Legal obligation: retaining certain records for accreditation, accounting, or regulatory purposes.
- Consent: for non-essential cookies, such as analytics, which you can accept or decline at any time (see Section 6).
4. Who We Share Your Information With
We do not sell your personal data. We share it only with trusted service providers ("processors") who help us run the Portal, under contracts that require them to protect your data:
- Supabase: authentication, database, and secure file storage underlying the Portal.
- Vercel: hosting and, only if you accept analytics cookies, anonymous usage analytics.
- Twilio SendGrid: delivery of transactional emails, such as sign-in links, password resets, and invitations.
- Asset Controller: synchronises company, contact, and asset records that already exist in our business systems with the Portal.
We may also disclose personal data where required by law, to protect our rights, or in connection with a business transfer, always keeping disclosures to the minimum necessary.
5. International Transfers
Our service providers may process data on servers located outside the UK, including in the European Economic Area and the United States. Where this happens, we ensure appropriate safeguards are in place, such as the UK's International Data Transfer Addendum or an adequacy decision, so your data remains protected to UK standards.
6. Cookies
We use two categories of cookies in the Portal:
- Essential cookies: required for the Portal to function, such as keeping you signed in, remembering your theme and sidebar preferences, and recording your cookie choice. These cannot be switched off, as the Portal cannot work without them.
- Analytics cookies: help us understand how the Portal is used so we can improve it. These are only set if you click "Accept" on the cookie banner, and you can change your mind at any time by clearing your browser's cookies for this site and reloading the page.
You can also control cookies through your browser settings, although blocking essential cookies will prevent you from signing in to the Portal.
7. Data Retention
We retain account and certificate data for as long as your company has an active relationship with us, and afterwards for as long as necessary to meet our legal, accounting, and UKAS accreditation record-keeping obligations. Audit log entries are retained to support security investigations and compliance reviews. When data is no longer needed, we securely delete or anonymise it.
8. How We Protect Your Data
- Encryption of data in transit (HTTPS) and at rest.
- Row-level security so each company can only ever see its own data.
- Multi-factor authentication for staff and administrator accounts.
- Time-limited, signed links for downloading files rather than public URLs.
- Rate limiting and audit logging of sensitive actions.
- Independently audited security controls under Cyber Essentials Plus.
No system can be guaranteed 100% secure, but we work continuously to protect your information against unauthorised access, loss, or misuse.
9. Your Rights
Under UK data protection law, you have the right to:
- Ask us to confirm what personal data we hold about you and access a copy of it.
- Ask us to correct inaccurate or incomplete data.
- Ask us to delete your data, or restrict or object to our processing of it, in certain circumstances.
- Ask us to provide your data in a portable format, where technically feasible.
- Withdraw consent for analytics cookies at any time.
- Complain to the UK Information Commissioner's Office (ICO) at ico.org.uk if you believe we have not handled your data properly.
To exercise any of these rights, contact us using the details in Section 11. Most account changes (such as updating your name) are also managed directly by your company administrator or our support team.
10. Changes to This Policy
We may update this Privacy Policy from time to time, for example to reflect changes in the Portal or in data protection law. We will update the "Last updated" date above when we do, and, where changes are significant, we will take reasonable steps to notify you.
11. Contact Us
Withnell Sensors Ltd
Unit 4, Arkwright Court, Commercial Road, Darwen, BB3 0FG, United Kingdom
Email: support@wsl-cal.uk
Phone: +44 (0) 1254 831 375
