Privacy policy

We take your privacy seriously

K4 UX Privacy Policy

Company Name: K4 UX Web Design Ltd
Company Number: 14841957
Effective Date: 10th October 2025

1. Introduction and Scope

1.1 This Privacy Policy explains how K4 UX Web Design Ltd (“we”, “us”, or “our”) collects, uses, stores, and protects personal data in connection with your use of https://k4uxwebdesign.com (“Website”) and the delivery of our professional web-design services.

1.2 We are committed to safeguarding the privacy of our clients, suppliers, and website visitors, and to complying with all applicable data-protection laws, including the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and the Privacy and Electronic Communications Regulations (PECR).

1.3 This Policy applies to: (a) visitors who browse our Website; (b) individuals who contact us to request information or proposals; and (c) clients and representatives of organisations to whom we provide Services.

1.4 Separate written contracts may also include data-protection clauses governing specific project work. Where those differ from this Policy, the contract takes precedence for that relationship.

2. Who We Are

2.1 K4 UX Web Design Ltd is a private limited company registered in England and Wales under Company Number 14841957.

2.2 We act as the Data Controller in respect of the personal data we collect directly through our Website or during the ordinary course of business.

2.3 Our contact details for all data-protection matters are:

Email: info@k4uxwebdesign.com

2.4 If you are dissatisfied with how we process your data, you also have the right to contact the Information Commissioner’s Office (ICO), the UK’s supervisory authority for data protection.

3. Data We Collect

We may collect and process the following categories of personal data:

3.1 Identity and Contact Data – Your full name, job title or role, company name, business address, telephone number, and email address.

3.2 Business Information – Details about your organisation, services, and objectives provided in project enquiries, proposals, or briefs.

3.3 Technical and Usage Data – Your IP address, browser type, device information, time zone settings, operating system, referral URLs, and browsing interactions collected via cookies or analytics tools.

3.4 Credentials and Access Data – Login details or hosting information shared by clients to enable us to perform maintenance or development tasks.

3.5 Communications Data – Emails, messages, call records, and notes from meetings or support requests.

3.6 Marketing Preferences – Your consent choices and subscription status for newsletters or updates.

We do not collect special-category (sensitive) data unless you voluntarily provide it and we have a lawful reason to hold it.

4. How We Collect Information

4.1 Directly from you: when you fill out contact forms, request proposals, correspond by email or phone, or sign contracts.

4.2 Automatically: through cookies, analytics, and server logs when you visit our Website.

4.3 From third-party or public sources: for example, from business directories, referrals, or partner platforms when legitimate interest permits.

5. Lawful Bases for Processing

We process personal data only where permitted by law. Depending on the activity, our lawful bases include:

5.1 Contractual necessity – to prepare, enter into, or perform a contract with you or your business.

5.2 Legitimate interests – to operate our business efficiently, maintain client relationships, ensure network security, and analyse Website performance (balanced against your rights).

5.3 Consent – for optional activities such as marketing communications or non-essential cookies; consent may be withdrawn at any time.

5.4 Legal obligation – to comply with record-keeping, accounting, or regulatory duties.

5.5 We rely on legitimate interests for general Website analytics and enquiry follow-ups, but always offer an opt-out where feasible.

6. Purposes for Processing

We use personal data for the following purposes:

6.1 To respond to enquiries, schedule consultations, and provide proposals.

6.2 To deliver, manage, and support web-design and maintenance projects.

6.3 To handle billing, invoicing, and payment administration.

6.4 To maintain internal records and client relationship management.

6.5 To monitor Website usage, troubleshoot issues, and improve usability.

6.6 To send service updates or marketing materials where consent or soft opt-in applies.

6.7 To comply with legal, tax, and contractual obligations.

6.8 To protect our rights, prevent fraud, and ensure cyber-security.

7. Marketing Communications

7.1 We may send marketing or informational communications to existing or former clients under the soft opt-in rule (where we obtained your details in the context of a sale or negotiation for our Services).

7.2 For all other recipients, we will only send marketing messages if you have given explicit consent.

7.3 You may opt out of receiving such communications at any time by clicking the unsubscribe link in our emails or contacting us at the address above.

7.4 We will never sell, rent, or share your personal data with third parties for their own marketing purposes.

7.5 If you withdraw consent or opt out, we will retain a minimal suppression record to ensure you are not contacted again in error.

8. Cookies and Tracking Technologies

8.1 Our Website uses cookies and similar tracking technologies to enhance performance, analyse traffic, and improve user experience.

8.2 Cookies are small text files stored on your device. They help us recognise repeat visitors, remember preferences, and measure Website performance.

8.3 Cookies may be set by us or by third-party providers such as Google, YouTube, and (in future) Hotjar.

8.4 We categorise cookies as Necessary, Functional, Analytics, and Advertising. Non-essential cookies operate only with your consent, which you can manage through our cookie-consent banner or your browser settings.

8.5 For full details—including each cookie’s name, purpose, and expiry—please refer to our separate Cookie Policy at https://k4uxwebdesign.com/cookie-policy/, which forms part of this Privacy Policy.

8.6 The use of cookies complies with the Privacy and Electronic Communications Regulations (PECR).

9. Payment Processing and Financial Data

9.1 Payments for our Services are handled through trusted third-party providers, including Stripe and Monzo Business.

9.2 We do not store or have access to your full payment-card details. Such data is collected and processed securely by these providers in accordance with their own privacy policies and PCI DSS standards.

9.3 We receive limited transaction information—such as payment confirmation, client name, and invoice reference—for our internal accounting records.

10. Data Sharing and Disclosure

10.1 We only share personal data where necessary for legitimate business purposes or legal compliance.

10.2 Typical third-party recipients include:

IT and hosting providers who support our systems and backups;
Payment processors (Stripe, Monzo Business);
Analytics and tracking services (Google Analytics, Google Search Console, YouTube, Hotjar);
Professional advisers such as accountants and legal counsel; and
Regulatory authorities, including HMRC or the ICO, where disclosure is legally required.

10.3 All third parties are subject to confidentiality obligations and are required to process data only on our instructions.

10.4 We never sell, rent, or trade personal information for marketing or profit.

11. International Data Transfers

11.1 Some of our service providers (for example, Google LLC and Hotjar Ltd) may process data outside the UK.

11.2 Where this occurs, we ensure that appropriate safeguards are in place under Chapter V UK GDPR, such as the UK International Data Transfer Addendum (IDTA) or an adequacy decision by the UK Government.

11.3 Copies of relevant safeguards can be requested using the contact details in Section 19.

12. Data Retention Periods

12.1 We retain personal data only for as long as necessary to fulfil the purposes outlined in this Policy or to satisfy legal, tax, or accounting requirements.

12.2 Typical retention periods:

Enquiry data: 12–24 months after last contact.
Client project data: for the duration of the contract + 6 years to meet legal obligations.
Access credentials: retained only for as long as required to deliver services and securely deleted once no longer necessary.
Analytics data: in line with each provider’s default retention policy.

12.3 When data is no longer needed, it is securely deleted or anonymised.

13. Data Security Measures

13.1 We apply appropriate technical and organisational measures to protect personal data, including:

Secure servers and encrypted storage;
Multi-factor authentication for internal systems;
Role-based access controls;
Regular software updates and patching;
Encrypted backups; and
Staff confidentiality and data-handling training.

13.2 Despite our efforts, transmission of data over the Internet is not completely secure. You acknowledge that we cannot guarantee absolute security of information sent electronically.

14. Your Data Protection Rights

14.1 Under UK GDPR you have the following rights:

(a) Access – to obtain a copy of your personal data.
(b) Rectification – to correct inaccuracies.
(c) Erasure – to request deletion where no lawful basis for retention exists.
(d) Restriction – to limit processing in certain circumstances.
(e) Portability – to receive your data in a machine-readable format.
(f) Objection – to processing based on legitimate interests or direct marketing.
(g) Withdraw consent – for activities relying on consent.

14.2 To exercise any of these rights, please contact us using the details in Section 19.

14.3 We may require proof of identity before fulfilling a request and will respond within one month of verification.

15. Automated Decision-Making and Profiling

15.1 We do not use automated decision-making or profiling that produces legal or similarly significant effects.

15.2 If we ever introduce such technology, we will provide notice and an explanation of your rights before doing so.

16. Children’s Privacy

16.1 Our Website and Services are directed at adults and business entities.

16.2 We do not knowingly collect personal information from anyone under the age of 16. If you believe a minor has provided information to us, please contact us immediately so that we can delete it.

17. Links to Other Websites

17.1 Our Website may contain links or embedded content (for example, YouTube videos) from third-party sites.

17.2 We are not responsible for the privacy practices or content of those sites. You should review their own privacy policies before providing any information.

18. Changes to This Policy

18.1 We may update this Privacy Policy from time to time to reflect changes in our operations, legal requirements, or best practice.

18.2 The latest version will always appear on this page with a revised “Effective Date.”

18.3 Continued use of our Website or Services after an update constitutes acceptance of the revised Policy.

19. How to Contact Us

19.1 For questions, concerns, or to exercise your data-protection rights, please contact:

Email: info@k4uxwebdesign.com

19.2 We will respond to legitimate requests within one month, or within three months for complex cases (we will inform you if an extension is required).

20. Complaints and Supervisory Authority

20.1 We prefer to resolve concerns directly. If you are unhappy with how we have handled your data, please contact us first using the details above.

20.2 You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection:

ICO website: https://ico.org.uk
Helpline: 0303 123 1113
Postal address: Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF.