Privacy Policy
Last updated:
1. Data Controller
SandyBrowne Web Design is the data controller responsible for your personal data.
- Business Name: SandyBrowne
- Email: admin@sandybrowne.co.uk
- Phone: 07809 126057
- Address: Highmore St, Hereford, Herefordshire, HR4 9PQ, United Kingdom
2. Information We Collect
We collect and process the following types of personal data:
2.1 Information You Provide
- Contact Form: Name, email address, phone number, subject, and message content
- Service Inquiry: Information about the service you are interested in
- Communication: Any additional information you provide when contacting us
2.2 Automatically Collected Information
- Technical Data: IP address, browser type, device information, operating system
- Usage Data: Pages visited, time spent on pages, referring website (if analytics cookies are accepted)
- Cookies: Cookie preferences and consent status (see our Cookie Policy)
3. How We Use Your Information
We use your personal data for the following purposes:
| Purpose | Lawful Basis | Data Used |
|---|---|---|
| Responding to contact form inquiries | Legitimate interest / Consent | Name, email, phone, message |
| Providing web design and SEO services | Contract performance | Contact details, project information |
| Website analytics and improvement | Consent (if analytics cookies accepted) | Usage data, technical data |
| Security and fraud prevention | Legitimate interest | IP address, technical data |
| Legal compliance | Legal obligation | As required by law |
4. Lawful Basis for Processing
Under GDPR, we process your personal data based on the following lawful bases:
Consent
You have given clear consent for us to process your personal data for specific purposes (e.g., analytics cookies, marketing communications).
Contract
Processing is necessary for the performance of a contract with you or to take steps at your request before entering into a contract.
Legitimate Interest
Processing is necessary for our legitimate interests (e.g., responding to inquiries, website security, improving our services).
Legal Obligation
Processing is necessary for compliance with a legal obligation (e.g., tax records, data retention requirements).
5. Your Rights Under GDPR
You have the following rights regarding your personal data:
Right of Access
You have the right to request copies of your personal data that we hold.
Right to Rectification
You have the right to request that we correct any inaccurate or incomplete personal data.
Right to Erasure ("Right to be Forgotten")
You have the right to request that we delete your personal data in certain circumstances.
Right to Restrict Processing
You have the right to request that we restrict the processing of your personal data in certain circumstances.
Right to Data Portability
You have the right to request that we transfer your personal data to another service provider in a structured, commonly used format.
Right to Object
You have the right to object to our processing of your personal data for direct marketing or legitimate interest purposes.
Right to Withdraw Consent
Where we rely on consent, you have the right to withdraw your consent at any time. This does not affect the lawfulness of processing before withdrawal.
6. Data Sharing and Third Parties
We do not sell, trade, or rent your personal data to third parties. We may share your data with:
- Service Providers: Third-party service providers who assist us in operating our website and conducting our business (e.g., web hosting, email services)
- Analytics Providers: Google Analytics (if you have consented to analytics cookies) - see Cookie Policy
- Legal Requirements: When required by law, court order, or government regulation
International Transfers: Some third-party services (e.g., Google Analytics) may transfer data outside the EEA. We ensure appropriate safeguards are in place where required.
7. Data Retention
We retain your personal data only for as long as necessary to fulfill the purposes outlined in this policy:
- Contact Form Inquiries: Retained for up to 2 years or until you request deletion
- Service Contracts: Retained for the duration of the contract and 7 years thereafter for legal/tax purposes
- Analytics Data: Retained according to Google Analytics retention settings (typically 26 months)
- Cookie Preferences: Retained for 365 days or until you change your preferences
8. Data Security
We implement appropriate technical and organisational measures to protect your personal data:
- SSL/TLS encryption for data transmission
- Secure server hosting with regular security updates
- Access controls and authentication measures
- Regular backups and disaster recovery procedures
- reCAPTCHA protection for contact forms
Note: While we strive to protect your data, no method of transmission over the internet is 100% secure.
9. Children's Privacy
Our website is not intended for children under 16 years of age. We do not knowingly collect personal data from children. If you believe we have collected data from a child, please contact us immediately.
10. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of any material changes by:
- Posting the new Privacy Policy on this page
- Updating the "Last updated" date
- Notifying you via email if the changes are significant
11. Complaints
If you have concerns about how we handle your personal data, you have the right to lodge a complaint with the Information Commissioner's Office (ICO):
- Website: ico.org.uk
- Phone: 0303 123 1113
We encourage you to contact us first at admin@sandybrowne.co.uk so we can address your concerns.
12. Contact Us
If you have any questions about this Privacy Policy or wish to exercise your rights, please contact us:
- Email: admin@sandybrowne.co.uk
- Phone: 07809 126057
- Address: Highmore St, Hereford, Herefordshire, HR4 9PQ, United Kingdom