ESAexpert.co.uk Main site →

Privacy Policy

How we collect, process, store and protect your data - including special category health information under UK GDPR.

Last updated: 15 June 2026

Data Controller

ESAexpert is operated by Karol Slusarczyk trading as Benefits Expert, a self-employed sole trader registered with HMRC in the United Kingdom. As a sole trader, Karol Slusarczyk is the data controller for the purposes of UK GDPR.

Business address: Redditch, United Kingdom. Contact: support@esaexpert.co.uk.

We are registered with the UK Information Commissioner's Office (ICO) under the Data Protection (Charges and Information) Regulations 2018. Our ICO registration number is ICO:00014179042. You can verify our registration on the ICO public register.

What Data We Collect

When you use our report generator, you enter your name, health conditions and a description of how they affect your ability to work and carry out daily activities. If you purchase a paid plan, we also collect your email address (via Stripe) to deliver your report.

If you choose to provide your email address in our free preview tool or our Mandatory Reconsideration letter generator, we collect that email so we can send you the requested guidance and occasional follow-up ESA and Work Capability Assessment tips. This is entirely optional - the free preview works without an email.

Our website also automatically captures limited technical context when you submit a form: the page you were on, the website that referred you to ESAexpert, and any tracking parameters in the URL (such as UTM tags or ad-click identifiers). This helps us understand which content and channels are useful to claimants. No browser fingerprinting, no cross-site tracking.

Special Category Data

The health information you provide is special category personal data under Article 9 of the UK GDPR. We process this data under Article 9(2)(a) - explicit consent, which you give by ticking the consent box before generating your report.

You can withdraw consent at any time by emailing support@esaexpert.co.uk. Withdrawal does not affect processing already carried out.

How We Process Your Data

Your data is sent over HTTPS to our generation system and used solely to produce your personalised guidance for the ESA50/UC50 Work Capability Assessment form. Your inputs are not retained or used for any further purpose, and we do not share them with anyone except the processors listed below.

Marketing Communications (Opt-In Only)

If you provided your email address in our free preview tool or our Mandatory Reconsideration letter tool, we may send you occasional emails containing ESA50/WCA form tips, WCA descriptor explanations, evidence checklists and updates about our paid products. We process your email under Article 6(1)(a) of the UK GDPR - consent, which you give by entering your email address into the form (alongside the on-page notice that explains what you will receive).

We never share, sell or rent your email to anyone else. You can unsubscribe at any time by:

If you have not interacted with any of our emails for 24 months, we will automatically remove your address from our list to avoid emailing inactive contacts.

Third-Party Processors

What We Don't Do

We do not sell your data. We do not share it with third parties for marketing. We do not use the health information you enter into the generator for any purpose other than producing your guidance and supporting you afterwards. Email addresses you opt in to give us are used only by ESAexpert to send you ESA-related guidance and product updates - never passed to anyone else.

Cookies

Essential cookies keep the site working. If you choose "Accept all" on the cookie banner, Google Analytics, Google Ads and Microsoft Advertising load. Analytics tags never load without your explicit consent. Change your preference by clearing this site's local storage.

Data Retention

Your input (conditions, description) is not retained on our application servers after the report is generated.

Generated reports are sent only to your email address - we do not BCC, archive or otherwise keep a copy on our side.

Stripe retains payment records for 7 years for UK financial regulations. Vercel request logs are typically kept for 30 days and contain no report content. Support emails you send us remain in our Zoho mailbox until you ask us to delete them.

Email addresses you opt in to give us (via free preview or MR letter tool) are kept in our Zoho mail folders until you unsubscribe, or for a maximum of 24 months from your last interaction with our emails - whichever comes first.

Your Rights Under UK GDPR

You have the right to:

To exercise any of these rights, email support@esaexpert.co.uk. We will respond within one month.

Complaints

If you believe we have mishandled your data, you can complain to the Information Commissioner's Office (ICO):

Information Commissioner's Office
Online: ico.org.uk/make-a-complaint
Phone: 0303 123 1113

Changes to This Policy

We may update this policy as the service evolves or as regulations change. Significant changes will be communicated by email to active users and announced on the homepage.