GDPR & Data Protection

When you contact us or request a quote

• Identity & contact data: name, email address, phone number (if provided)
• Enquiry content: message text, project description, and any information you choose to include

When you use our client portal

• Account data: email address and login/access code
• Portal usage data: timestamps and actions in the portal
• Project data: files, comments, and deliverables you upload or enter

When you browse our website

• Technical data: IP address, device and browser information, pages visited, approximate location (country/city level), and security/performance logs
• Cookie & consent preferences: your choices in our cookie consent banner

Purpose	Lawful Basis
Respond to enquiries & provide quotes	Contract (pre-contract steps) / Legitimate Interests
Deliver services to clients	Contract
Client portal administration	Contract / Legitimate Interests
Security & fraud prevention	Legitimate Interests
Accounting, tax, and legal compliance	Legal Obligation
Marketing emails to prospects	Consent (opt-in required)
Marketing emails to existing customers	Legitimate Interests (soft opt-in where applicable)

You will always have a clear opt-out in every marketing message we send.

We use cookies in the following categories, depending on your settings:

• Strictly necessary: required for core website functions and security. These cannot be disabled.
• Preferences: remember settings you choose (where used).
• Analytics: help us understand website usage and improve pages (only with your consent).
• Marketing: used to measure and improve advertising (only with your consent).

You can change your cookie preferences at any time using the Cookie Settings link or by visiting our Cookie Policy page.

If you reject non-essential cookies, the website will still work normally.

We share personal data only when necessary to operate our business and deliver services. This usually means our service providers ("processors").

Category	Purpose	Location
Website hosting	Hosting, logs, uptime	UK
Email provider	Receiving and sending emails	UK/EEA
Backups & storage	Disaster recovery	UK
Payments & invoicing	Billing	UK/EEA

If any of our suppliers process personal data outside the UK or outside the European Economic Area, we will only transfer personal data where the law permits and where appropriate safeguards are in place (for example the UK International Data Transfer Agreement or the UK Addendum to the EU Standard Contractual Clauses, plus any required transfer risk assessment).

We keep personal data only as long as needed for the purpose it was collected for, then we delete, anonymise, or securely archive it.

Data Type	Period	Reason
Enquiry & quote emails	12–24 months	Follow-ups and audit trail
Client project records	6 years after project end	Legal claims and business records
Invoices & tax records	6 years (or as required)	Legal and tax obligations
Security logs	30–180 days	Security and troubleshooting
Cookie consent logs	12–24 months	Demonstrate consent

We may keep some information longer if needed for legal claims, disputes, or to comply with the law.

Under data protection law, you have the following rights:

• Access: ask for a copy of your personal data.
• Rectification: ask us to correct inaccurate or incomplete data.
• Erasure: ask us to delete your data where we do not have a lawful reason to keep it.
• Restriction: ask us to limit how we use your data in certain cases.
• Portability: ask for data you provided to us in a portable format (where applicable).
• Objection: object to processing based on legitimate interests. You can always object to direct marketing, and we will stop.
• Withdraw consent: where we rely on consent, you can withdraw it at any time.

Email: [email protected]
Subject line: "Data protection request"

To protect your data, we may ask for reasonable identity verification before we act on a request.

We aim to respond within one month. If a request is complex, we may extend this by up to two additional months, but we will tell you within the first month if that happens.

We do not make decisions about you that are based solely on automated processing that produces legal effects or similarly significant effects. If this changes, we will update this page and explain what we do and why.

We use appropriate technical and organisational measures to protect personal data, including:

• TLS/HTTPS encryption in transit
• Access controls and least-privilege permissions
• Multi-factor authentication where available
• Backups and restore testing
• Logging and monitoring for security events
• Secure development and patching processes

No system is 100% secure, but we work to reduce risk and respond quickly if issues arise.

If you have concerns, please contact us first so we can try to resolve it:

• Email: [email protected]

UK Supervisory Authority

If you are not satisfied with our response, you have the right to complain to the UK Information Commissioner's Office (ICO).

• Website: ico.org.uk
• Helpline: 0303 123 1113

EEA Supervisory Authority

If EU GDPR applies to your situation, you can also complain to your local EEA supervisory authority.

We may update this page from time to time. Changes will be posted here with an updated effective date. We encourage you to review this page periodically.