01 Services 02 Process 03 Work 04 About 05 Pricing 06 Contact 07 FAQ Get a free quote
Legal

Privacy Policy

Last updated Draft

This policy explains what personal data Grimsdale Web Design collects when you use this website, why it's collected, how it's stored and shared, how long it's kept, and the rights you have over it. It's written in plain English; where the law has a specific name for something, I've used it so you can look it up.

This site is run by a UK sole trader, so it's just me handling your information — there's no large team or marketing machine behind it.

Who is responsible for your data

The data controller for this website is Joshua, trading as Grimsdale Web Design, a sole trader based in the United Kingdom.

  • Contact for data questions: joshua@grimsdaleweb.design
  • Business / correspondence address: TODO — to be confirmed.
  • Data protection registration: TODO — confirm whether ICO registration is required and add the registration number if so.

What personal data I collect

The main way the site collects personal data is through the contact / enquiry form. When you fill it in, I collect:

  • Your name — so I know who I'm replying to.
  • Your email address — so I can reply.
  • Your phone number — optional; only if you choose to give it.
  • Your message — whatever you tell me about your business and what you need.
  • The plan you're interested in (Launch, Growth or Commerce) — if you select one.

I only collect what you actively type into the form. Please don't include sensitive personal information (for example health, financial account details or anything similar) in your message — it isn't needed to give you a quote.

When any website is visited, some basic technical information (such as your IP address, browser type and the pages requested) is processed automatically by the hosting provider to serve the site and keep it secure. This is standard for any website and is covered by the hosting provider's own privacy terms (see "Who I share data with" below).

Why I collect it, and the lawful basis

Under the UK GDPR I have to have a "lawful basis" for using your data. For enquiries, the basis is:

  • Consent — by filling in and submitting the contact form, you're choosing to send me your details so I can respond. You can withdraw this at any time (see "Your rights").
  • Legitimate interests — responding to enquiries, providing a quote, and keeping a record of our correspondence are a normal and expected part of running a small business. I've considered your privacy and don't believe this overrides your rights, since the data is only what you chose to send and is used only to help you.

In short: I use your details only to reply to you and discuss the work you've asked about. If we go on to work together, I'll use them to deliver and administer that project.

How your data is stored

Form submissions are handled and stored by Netlify Forms, the service that hosts this website. When you submit the form, your details are sent to Netlify and made available to me, and I'm also notified by email so I can reply. I may keep a copy of our correspondence in my own email account.

How long I keep it

I keep enquiry data only for as long as there's a good reason to.

TODO — retention period to be confirmed. As a guide: enquiries that don't lead to a project will be deleted after a set period following our last contact, and records relating to actual clients will be kept for as long as needed to deliver the work and to meet legal, tax and accounting obligations (HMRC generally expects business records to be kept for at least six years).

I never sell your data

I do not sell, rent or trade your personal data to anyone, and I don't use it to send you marketing unless you've specifically asked me to. Your details are used to respond to you and to carry out any work you engage me for — nothing else.

Who I share data with

I don't share your data except with the trusted service providers ("processors") I rely on to run the business. Each only processes your data on my instructions and under their own data protection terms:

  • Netlify — website hosting and the contact form (Netlify Forms). Netlify processes form submissions and server logs on my behalf. See Netlify's privacy policy at netlify.com/privacy.
  • Google Fonts — the site loads its typefaces from Google's font servers, which means your browser contacts Google to fetch them; this exposes your IP address to Google for that request. See Google's privacy policy.
  • Fathom Analytics — privacy-friendly, cookieless website analytics. Fathom collects anonymous, aggregated visitor statistics on my behalf; it sets no cookies and doesn't track you across other websites. See Fathom's privacy policy.
  • Email / newsletter toolTODO — if an email or newsletter tool is introduced (Phase 8), it will be named here with a link to its privacy policy. None is in use yet.

I may also disclose information if I'm required to by law (for example in response to a valid legal request).

Where your data is processed (international transfers)

Some of the providers above are based outside the UK (for example in the United States). Where personal data is transferred outside the UK, it's protected by appropriate safeguards — such as the UK's adequacy regulations or Standard Contractual Clauses / the UK International Data Transfer Addendum — as set out in each provider's own terms.

Cookies

Details of any cookies this site uses are in the separate Cookie Policy. The current plan is to use privacy-friendly, cookieless analytics, so the site sets no non-essential cookies — but please check the Cookie Policy for the up-to-date position.

Your rights under UK GDPR

You have the following rights over your personal data. You can exercise any of them by emailing me at joshua@grimsdaleweb.design, free of charge, and I'll respond within one month.

  • Access — ask for a copy of the personal data I hold about you.
  • Rectification — ask me to correct anything that's inaccurate or incomplete.
  • Erasure — ask me to delete your data ("the right to be forgotten"), where there's no overriding reason to keep it.
  • Restriction — ask me to pause using your data while a concern is resolved.
  • Object — object to my processing of your data based on legitimate interests.
  • Portability — ask to receive your data in a portable format.
  • Withdraw consent — where I rely on consent, you can withdraw it at any time; this won't affect anything done before you withdrew it.

Complaints

I'd always rather you came to me first so I can put things right — but you have the right to complain to the UK's data protection regulator, the Information Commissioner's Office (ICO). You can reach the ICO at ico.org.uk/make-a-complaint or by calling their helpline on 0303 123 1113.

Changes to this policy

I may update this policy from time to time — for example when a new tool is added (such as analytics or email). The "last updated" date at the top shows when it last changed. Significant changes will be reflected here before the new processing begins.

Contact

Any questions about this policy or your data? Email me at joshua@grimsdaleweb.design and I'll be glad to help.

Get a free quote