Privacy Policy

Privacy Policy & Cookies

We are committed to protecting and respecting your privacy.

This privacy policy sets out the basis on which any personal information we collect from you, or that you provide to us through this website, email or phone, will be processed by us. Please, therefore, read it carefully to understand our views and practices regarding your personal information and how we will treat it. By providing your personal information to request our services, you are accepting and consenting to the practices described below. 

Contents

  1. Information About Us
  2. What information we collect about you
    Contact Form, Email or Telephone Enquiries
    Website comments
    Embedded content
    Analytics
  3. Who we share your data with
  4. How long we retain your data
  5. What rights you have over your data
  6. Where we send your data
  7. How we protect your data
  8. Data Breaches
  9. Customer Website Data
  10. Cookie Policy

Information About Us

We respect your privacy, and aim to comply with the latest data protection regulations. This policy explains how we collect and handle data relating to website visitors. Please note that this policy may be altered in the future. It was last updated in January 2022. Our website address is: www.greystokewebdesign.co.uk

Greystoke Web Design Ltd. Registered in England, Company Number 13652856
Registered Office 1 Hay Meadow Garth, Greystoke, Penrith, Cumbria, CA11 0UR
Registered with the ICO under ZB285081

What information we collect, and why we collect it

Contact Form, Email or Telephone Enquiries

As Greystoke Web Design, we (the Data Controller) will collect your name, address, email address and telephone number. We may do this via email or telephone, or the contact form on our website. We will also hold details of the services we provide to you, including the date we provided them. If you submit a request via a contact form, we will also collect your IP address.

Why we need to collect it
We need to collect minimal personal information so we can provide the products and services you have requested from us, enter into contracts with you, and send you invoices and receipts. When you contact us via a contact form, we also need to collect your IP address to help prevent spam.

We will never contact you with details of any other products or services that we may provide in the future.

We need to keep track of when we provided services to you so our records are up to date and accurate, and so that we can delete non-essential data (See below).

Comments

When visitors leave comments on the site we collect the data shown in the comments form, and also the visitor’s IP address and browser user agent string to help spam detection.

An anonymized string created from your email address (also called a hash) may be provided to the Gravatar service to see if you are using it. The Gravatar service privacy policy is available here: https://automattic.com/privacy/. After approval of your comment, your profile picture is visible to the public in the context of your comment.

Comments – Media

If you upload images to the website, you should avoid uploading images with embedded location data (EXIF GPS) included. This is because visitors to the website can download and extract any location data from images on the website.

Comments – Cookies

If you leave a comment on our site you may opt-in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.

Embedded content from other websites

Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.

These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracking your interaction with the embedded content if you have an account and are logged in to that website.

Analytics

We use google analytics to gather anonymised information about visitors to the site and how they interact with the site in order that we can improve the website. You can read more about those cookies, and how to opt out in our Cookie Policy.


Who we share your data with

We will never share the data you provide with any 3rd party unless absolutely necessary for the core operations of our business. We will never share your data with a 3rd party for marketing purposes.

When a contact form or a comment is submitted via this website, that data is shared with Kualo Limited (“Kualo“) who host the website. All the servers Kualo use are based in the UK (London). Kualo is committed to upholding General Data Protection Laws and you can read their Privacy Policy here.


How long we retain your data

If you leave a comment, the comment and its metadata are retained indefinitely. This is so we can recognize and approve any follow-up comments automatically instead of holding them in a moderation queue.

If you submit a contact form, the contact form data is retained only until we have the chance to respond to your query. We will then delete the contact form data from Kualo’s servers. But we will retain key contact information on our own, secure storage because we will need to contact you.

Customers: HMRC requires us to keep business records for 6 years following the end of the last company financial year: https://www.gov.uk/running-a-limited-company/company-and-accounting-records. These records include invoices and receipts with relevant customer details. We will conduct an annual audit in October of each year to ensure that all relevant customer details that can be deleted are securely destroyed. We will only hold data for confirmed customers. Any inquiries which do not result in business will be deleted.


What rights you have over your data

​Right to ask us what personal data we hold

You have the right to access any personal data we hold for you.  Please be aware that if you do so, for your own security, we may need to ask you additional questions to verify your identity, before we release that information.

If you have left comments on this site, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes.

Right to be forgotten

You have the right to ask us to delete any personal data we hold for you. This request should be made in writing so we both have a record. Again you can request this by contacting us at Please be aware that if you do so, for your own security, we may need to ask you additional questions to verify your identity, before we release that information. We may need to retain some personal information for tax purposes.

Right to complain

If you believe the information we hold on you is incorrect you can request to see it and have it corrected or deleted. To raise a complaint about how we have handled your personal data, you can contact us at

If you are not satisfied with our response or do not believe we are processing your personal data in accordance with the law, you can complain to the Information Commissioner’s Office (ICO).


Where we send your data

Visitor comments may be checked through an automated spam detection service, because we need to protect our website from spam.


How we protect your data

All traffic between your browser and our website is encrypted and protected via SSL (Secure Socket Layers).

Data submitted via a contact form or comments will be stored under our account on Kualo’s server. You can read more about Kualo server security here.

All personal data retained by us is held on a secure network storage drive, encrypted, and protected by a strong, unique password.


Data Breaches

Finally, we will report any unlawful data breach of this website’s database or the databases of any of our third party data processors to any and all relevant persons and authorities within 72 hours of the breach if it is apparent that personal data stored in an identifiable manner has been stolen.


Customer Website Data

We use ManageWP to provide effective multi-site management. You can read their privacy policy here. We will never share your personal data with them. If you elect to take the free monthly site backups, we will backup your site using ManageWP to an Amazon Web Service server based in the EU. You can read about the security precautions ManageWP take here. Any personal data, such as emails associated with comments on your website will also, therefore, be backed up. You may need to update your privacy policy to reflect this on your website.


Cookies

Thank you for reading!

Update history:
Updated on 14/01/2022 to add ICO registration details
Updated on 17/10/2021 to reflect the new limited company status

Update on 22/08/2020 to add in use of ManageWP.

Scroll to Top