Privacy Policy

Name: WebDev Wales
Address: Wales, United Kingdom
Telephone: +44 07916 214843
Price range: ££

Your privacy and data protection are our top priorities. This comprehensive policy outlines how we collect, use, protect, and manage your personal information in full compliance with UK GDPR and data protection laws.

🔒

Secure Storage

Encrypted data protection

⚡

GDPR Compliant

Full UK/EU compliance

👤

Your Rights

Complete data control

🌍

Transparent

Clear data practices

Last updated: 1st January 2025

Data Collection & Information We Gather

We collect information to provide better services, improve user experience, and fulfill our contractual obligations. All data collection is lawful, fair, and transparent under UK GDPR regulations.

Personal Information We Collect

Contact & Identity Information

Full Name
Communication and project identification
Legal basis: Contract performance
Email Address
Project communication and updates
Legal basis: Contract performance & legitimate interest
Phone Number
Direct communication and support
Legal basis: Contract performance
Business Name & Role
Professional context and project planning
Legal basis: Contract performance
Postal Address
Invoicing and legal documentation
Legal basis: Contract performance & legal obligation

Technical & Usage Data

Automatically Collected Information

IP Address & Location
Security, analytics, and geo-targeting
Legal basis: Legitimate interest
Browser & Device Info
Website optimization and compatibility
Legal basis: Legitimate interest
Page Views & Navigation
User experience improvement
Legal basis: Legitimate interest
Referral Sources
Marketing effectiveness analysis
Legal basis: Legitimate interest
Session Duration
Website performance optimization
Legal basis: Legitimate interest

Project & Business Information Collection

During our business relationship, we collect project-specific information necessary for service delivery, invoicing, and ongoing client support.

Project Requirements

Website goals and objectives
Target audience information
Branding guidelines and preferences
Content and media files
Functional requirements specification
Timeline and budget constraints
Third-party service requirements
Domain and hosting preferences

Legal Basis:

Contract Performance

Financial Information

Billing address and details
VAT number (if applicable)
Payment method preferences
Invoice delivery preferences
Purchase order numbers
Credit application details
Payment history records
Refund and dispute information

Legal Basis:

Legal Obligation

Communication Records

Email conversations and attachments
Meeting notes and call recordings
Project feedback and revisions
Support ticket history
Video conference recordings
File sharing activity logs
Change request documentation
Project completion sign-offs

Legal Basis:

Legitimate Interest

How We Collect Your Information

We collect information through various touchpoints and methods, always with transparency and appropriate legal basis under GDPR regulations.

Direct Collection Methods

Contact Forms

Website contact forms, quote requests, and consultation bookings

Data collected: Name, email, phone, project details

Email Communication

Direct email exchanges during project discussions and support

Data collected: Email content, attachments, contact preferences

Phone & Video Calls

Consultation calls, project meetings, and support conversations

Data collected: Contact details, meeting notes, recordings (with consent)

Contract Signing

Project agreements and legal documentation

Data collected: Signature, business details, project specifications

Automatic Collection Methods

Website Analytics

Google Analytics tracking for website performance and user behavior

Data collected: Page views, session duration, bounce rate, referral sources

Cookies & Tracking

Essential and analytical cookies for website functionality

Data collected: User preferences, session data, performance metrics

Server Logs

Technical logs for security, performance, and error monitoring

Data collected: IP addresses, browser info, timestamps, error reports

Third-Party Tools

CRM systems, email marketing platforms, and project management tools

Data collected: Interaction history, engagement metrics, project progress

Data Minimization Principle

We follow the GDPR principle of data minimization, collecting only the information necessary for specific, legitimate purposes. We regularly review and purge unnecessary data.

Purpose Limitation

Data used only for stated purposes

Accuracy Maintenance

Regular data updates and corrections

Storage Limitation

Data kept only as long as necessary

Your Privacy Rights Under UK GDPR

Under the UK General Data Protection Regulation (GDPR), you have comprehensive rights regarding your personal data. We are committed to facilitating the exercise of these rights promptly and transparently.

👁️

Right of Access

Request copies of your personal data

You can ask us to confirm if we process your data and request a copy of all personal information we hold about you.

Response time:

1 month

✏️

Right to Rectification

Correct inaccurate personal data

You can ask us to correct any personal information you think is inaccurate or incomplete.

Response time:

1 month

🗑️

Right to Erasure

Request deletion of your data

You can ask us to delete your personal data in certain circumstances, such as when it's no longer necessary.

Response time:

1 month

⏸️

Right to Restrict Processing

Limit how we use your data

You can ask us to suspend processing of your personal data in specific circumstances.

Response time:

1 month

📦

Right to Data Portability

Receive your data in a usable format

You can ask us to transfer your data to another service provider in a structured, commonly used format.

Response time:

1 month

🛑

Right to Object

Object to processing of your data

You can object to processing based on legitimate interests or for direct marketing purposes.

Response time:

Immediate

🤖

Rights for Automated Decision-Making

Protection from automated decisions

You have rights regarding automated decision-making, including profiling that affects you legally.

Response time:

1 month

↩️

Right to Withdraw Consent

Withdraw consent at any time

Where we process data based on consent, you can withdraw that consent at any time.

Response time:

Immediate

How to Exercise Your Privacy Rights

We've made it simple to exercise your privacy rights. Follow these steps to submit requests and receive prompt, professional responses.

Request Process

Submit Your Request

Email us at info@webdevwales.com with your data request

Include: Full name, email, and specific request type

Identity Verification

We verify your identity for security

Provide: Photo ID or answer security questions

Request Processing

We review and process your request

Timeline: Maximum 30 days for most requests

Response Delivery

We deliver the requested information or action

Format: Secure email or encrypted file transfer

Required Information for Requests

For All Requests

• Your full name and email address
• Clear description of your request
• Preferred communication method
• Any relevant dates or time periods

For Data Access Requests

• Specific data categories you want to access
• Time period for the data request
• Preferred format for data delivery

For Deletion Requests

• Specific data to be deleted
• Reason for deletion request
• Confirmation of account closure (if applicable)

Important: We may ask for additional information to verify your identity and ensure we're responding to legitimate requests.

Data Protection & Security Measures

We implement comprehensive security measures to protect your personal data from unauthorized access, alteration, disclosure, or destruction.

🔐

Encryption

SSL/TLS encryption for data transmission and storage

🏢

Secure Hosting

ISO 27001 certified data centers in the UK

👥

Access Control

Role-based access and regular security audits

Our Security Commitments

Technical Safeguards

• 256-bit SSL encryption for all data transfers
• Regular security vulnerability assessments
• Automated backup systems with encryption
• Multi-factor authentication for admin access
• Real-time monitoring and intrusion detection

Organizational Measures

• Staff training on data protection principles
• Regular review of data processing activities
• Incident response and breach notification procedures
• Data minimization and retention policies
• Third-party security assessments

Data protection enquiries:info@webdevwales.com

How We Use Your Personal Data

We process your personal data for specific, lawful purposes that are necessary for our business operations and service delivery. All processing activities comply with UK GDPR requirements.

Service Delivery

Legal Basis:

Contract Performance

Project planning and consultation
Website development and design
Technical support and maintenance
Training and handover sessions
Quality assurance and testing
Performance monitoring and optimization

Business Operations

Legal Basis:

Legitimate Interest

Customer relationship management
Marketing and communication
Website analytics and improvement
Security monitoring and fraud prevention
Business development and growth
Staff training and development

Legal Compliance

Legal Basis:

Legal Obligation

Financial record keeping
VAT and tax reporting
Regulatory compliance monitoring
Data breach notification
Court order compliance
Professional indemnity requirements

Data Retention & Deletion Policies

We retain personal data only for as long as necessary to fulfill the purposes for which it was collected, comply with legal obligations, and protect our legitimate interests.

Retention Periods by Data Type

Project Files & Communications

Period: 7 years after project completion

Reason: Legal obligation & potential disputes

Financial Records & Invoices

Period: 7 years from end of financial year

Reason: HMRC requirements & audit purposes

Marketing & Analytics Data

Period: 3 years from last interaction

Reason: Business development & compliance

Website Activity Logs

Period: 12 months from collection

Reason: Security monitoring & performance

Support & Maintenance Records

Period: 3 years after service ends

Reason: Quality assurance & warranty

Personal Identifiers

Period: Until erasure request or 7 years

Reason: Ongoing relationship management

Automatic Deletion Process

Regular Review Cycle

• Quarterly data audit and review
• Automated deletion of expired data
• Manual review of edge cases
• Documentation of deletion activities

Secure Deletion Methods

• Multi-pass data overwriting
• Cryptographic key destruction
• Physical media destruction when needed
• Verification of complete removal

Exceptions to Deletion

• Legal hold for ongoing disputes
• Regulatory investigation requirements
• Active contract performance needs
• Anonymized data for analytics

Third-Party Sharing & Data Protection Officer

We never sell your personal data. Limited sharing occurs only with trusted service providers under strict contractual obligations for data protection.

When We Share Data

Hosting Providers: Secure data storage and website hosting services
Payment Processors: Secure transaction processing and invoicing
Analytics Services: Website performance and user experience insights
Professional Services: Legal, accounting, and business consultancy
Legal Authorities: When required by law or to protect rights

Data Protection Safeguards

Data Processing Agreements: All third parties sign comprehensive DPAs
UK/EU Based Providers: Priority given to UK and EU service providers
Security Audits: Regular assessment of third-party security measures
Minimal Data Sharing: Only necessary data shared for specific purposes
Transfer Safeguards: Adequate protection for any international transfers

Contact Information

Data Protection Officer

Name: Jack Warner (WebDev Wales)

Email: info@webdevwales.com

Phone: +44 07916 214843

Response Time: Within 48 hours for urgent matters

Supervisory Authority

Authority: Information Commissioner's Office (ICO)

Website: ico.org.uk

Phone: 0303 123 1113

Right: Lodge complaints about data processing

Privacy questions & data requests:info@webdevwales.com