1. INTRODUCTION
JDWebDesigns™ ("I", "me", "my") is committed to protecting your privacy and personal data. This Privacy Policy explains how I collect, use, store, and protect your information when you:
- Visit my website (jdwebdesigns.com)
- Use my contact forms
- Enquire about or purchase my web design services
- Communicate with me via email, phone, or social media
This policy complies with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
2. WHAT INFORMATION I COLLECT
2.1 Information You Provide to Me:
When you contact me or use my services, I may collect:
- Full name
- Email address
- Phone number (if provided)
- Business name and details
- Address (for invoicing purposes)
- Website content and materials you provide for your project
- Payment information (processed securely through third-party payment providers)
- Any other information you choose to share with me
2.2 Information I Collect Automatically:
When you visit my website, I may automatically collect:
- IP address
- Browser type and version
- Operating system
- Pages visited and time spent on pages
- Referring website
- Date and time of visit
- Device information
2.3 Cookies:
I use cookies and similar tracking technologies on my website. For detailed information, see my Cookie Policy.
3. HOW I USE YOUR INFORMATION
3.1 Legal Basis for Processing:
I process your personal data under the following lawful bases:
- Contract Performance: To provide web design services you've requested
- Legitimate Interests: To improve my services, respond to enquiries, and run my business
- Legal Obligation: To comply with tax, accounting, and legal requirements
- Consent: For marketing communications (where consent is required)
3.2 Purposes of Processing:
I use your information to:
- Respond to your enquiries and provide customer support
- Create quotes and proposals for web design services
- Deliver web design services and manage projects
- Process payments and maintain financial records
- Send project updates and communicate about your website
- Send service-related notifications (e.g., invoice reminders, support period expiry)
- Improve my website and services
- Comply with legal and regulatory obligations
- Prevent fraud and ensure website security
3.3 Marketing Communications:
With your consent, I may send you:
- Information about my services
- Special offers and promotions
- Tips and resources for small business websites
You can opt out of marketing emails at any time by:
- Clicking the "unsubscribe" link in any email
- Contacting me at jason@jdwebdesigns.com
- Replying "STOP" to marketing messages
4. HOW I SHARE YOUR INFORMATION
4.1 I DO NOT sell, rent, or trade your personal data to third parties.
4.2 I may share your information with:
Third-Party Service Providers:
- Payment Processors: Stripe Payment Gateway and GoCardless Direct Debit integrated through Zoho Books (to process secure debit/credit card payments and Direct Debit recurring payments)
- Hosting Providers: If I host your website, I share necessary technical information
- Email Services: To send emails and manage communications
- Cloud Storage: To securely store project files during development
Legal Requirements:
- When required by law, court order, or government authority
- To protect my rights, property, or safety
- To prevent fraud or illegal activity
Business Transfers:
- In the event of a merger, acquisition, or sale of business assets
All third-party service providers are contractually required to protect your data and use it only for the purposes I specify.
5. INTERNATIONAL TRANSFERS
Your personal data is primarily stored and processed within the United Kingdom. If I transfer data outside the UK, I will ensure:
- The country has adequate data protection laws (adequacy decision), OR
- Appropriate safeguards are in place (e.g., Standard Contractual Clauses)
- You will be informed of any international transfers where relevant
6. HOW LONG I KEEP YOUR INFORMATION
6.1 Retention Periods:
- Project Files & Client Data: 6 years after project completion (for legal/tax purposes under UK law)
- Enquiry Information: 2 years if no contract is entered into
- Financial Records (Invoices, Payments): 6 years (HMRC requirement)
- Marketing Consent Records: Until consent is withdrawn, plus 3 years
- Website Analytics Data: 26 months
- Email Correspondence: Duration of business relationship plus 3 years
6.2 Deletion:
After retention periods expire, I will:
- Securely delete or anonymize your personal data
- Remove identifiable information from backups within a reasonable timeframe
7. YOUR RIGHTS UNDER UK GDPR
You have the following rights regarding your personal data:
7.1 Right to Access
Request a copy of the personal data I hold about you (Subject Access Request)
7.2 Right to Rectification
Correct inaccurate or incomplete personal data
7.3 Right to Erasure ("Right to be Forgotten")
Request deletion of your personal data (subject to legal obligations)
7.4 Right to Restrict Processing
Request limitation on how I use your data
7.5 Right to Data Portability
Receive your data in a structured, commonly used format
7.6 Right to Object
Object to processing based on legitimate interests or for direct marketing
7.7 Rights Related to Automated Decision Making
I do not use automated decision-making or profiling
7.8 Right to Withdraw Consent
Withdraw consent for marketing or other consent-based processing at any time
8. DATA SECURITY
8.1 Security Measures:
I implement appropriate technical and organizational measures to protect your data:
- Encryption: Data transmitted via HTTPS/SSL encryption
- Access Controls: Limited access to personal data on a need-to-know basis
- Password Protection: Strong passwords and secure authentication
- Regular Backups: Secure backup systems with encryption
- Software Updates: Regular security updates and patches
- Secure Storage: Cloud storage with industry-standard security (e.g., password-protected files, encrypted storage)
8.2 Data Breach Notification:
In the unlikely event of a data breach affecting your personal data, I will:
- Notify the ICO within 72 hours (where required by law)
- Inform you without undue delay if the breach poses a high risk to your rights
- Take immediate steps to contain and remedy the breach
9. COOKIES AND TRACKING TECHNOLOGIES
I use cookies and similar tracking technologies to improve your browsing experience and analyze website traffic.
For full details about how I use cookies, including:
- What cookies are and why I use them
- Types of cookies (essential, analytics, functional)
- Third-party cookies (Google Analytics)
- How to manage and disable cookies
- Your rights regarding cookie data
Please visit my dedicated Cookie Policy page.
Quick Summary:
Strictly Necessary Cookies:
- Essential for website functionality
- Cannot be disabled
- Examples: Session management, security
Performance/Analytics Cookies:
- Help me understand how visitors use my site
- Examples: Google Analytics (anonymized)
- Used with your consent
Functional Cookies:
- Remember your preferences (e.g., theme selection)
- Used with your consent
Marketing/Tracking Cookies:
- Track your browsing for advertising purposes (if applicable)
- Used with your consent
9.3 Managing Cookies:
You can control cookies through:
Note: Disabling certain cookies may affect website functionality.
10. THIRD-PARTY WEBSITES
My website may contain links to third-party websites (e.g., social media, hosting providers). I am not responsible for the privacy practices of these websites. Please review their privacy policies separately.
11. CHILDREN'S PRIVACY
My services are not directed at children under 16. I do not knowingly collect personal data from children. If you believe I have collected data from a child, please contact me immediately, and I will delete it.
12. CHANGES TO THIS PRIVACY POLICY
I may update this Privacy Policy from time to time to reflect:
- Changes in law or regulation
- Changes to my business practices
- New services or features
When I make significant changes:
- I will update the "Last Updated" date at the top
- I will notify you via email (if you're an existing client)
- Continued use of my services constitutes acceptance of the updated policy
13. CONTACT ME & COMPLAINTS
13.1 Data Protection Enquiries:
13.2 Complaints:
If you're unhappy with how I've handled your personal data, you have the right to complain to the UK data protection authority:
You also have the right to lodge a complaint with a supervisory authority in the EU member state where you live, work, or where an alleged infringement occurred (if applicable).
14. SPECIFIC PROCESSING ACTIVITIES
14.1 Contact Form Submissions
- Data Collected: Name, email, subject, message
- Purpose: Respond to enquiries
- Legal Basis: Legitimate interest / Contract performance
- Retention: 2 years (no contract) or 6 years (if contract entered)
14.2 Client Projects
- Data Collected: Name, business details, contact info, project materials, payment info
- Purpose: Deliver web design services
- Legal Basis: Contract performance
- Retention: 6 years after project completion
14.3 Email Communications
- Data Collected: Email address, correspondence content
- Purpose: Business communications, support
- Legal Basis: Contract performance / Legitimate interest
- Retention: Duration of relationship + 3 years
14.4 Newsletter/Marketing (If Applicable)
- Data Collected: Name, email, consent records
- Purpose: Send marketing communications
- Legal Basis: Consent
- Retention: Until consent withdrawn + 3 years
14.5 Website Analytics
- Data Collected: IP address (anonymized), browsing behavior
- Purpose: Improve website, understand visitor behavior
- Legal Basis: Consent
- Retention: 26 months
By using my website or services, you acknowledge that you have read and understood this Privacy Policy.
If you have any questions or concerns, please don't hesitate to contact me at jason@jdwebdesigns.com.
Thank you for trusting JDWebDesigns™ with your personal information.