PRIVACY POLICY
Last updated: 1st September 2025
Bridge Digital UK (“we”, “us”, “our”) provides web design, development and support services. We care about privacy and only collect and use personal data when we need to, and always with care.
Our address: Sithean Y Mor, Lon Refail, Llanfairpwll, LL61 5YN, United Kingdom. If you have any questions, contact adam@bridgedigital.uk.
1) Who we are & how we handle roles
Depending on the context, we may act as:
-
Data Controller – for our own business data (e.g., enquiries you send us, quotes, contracts and invoices, our website operations).
-
Data Processor – when we access or handle personal data on behalf of our clients (for example, club members’ details inside a client’s website). In that case, we only process data on the client’s documented instructions. See “Working with client data (Data Processor)” below.
2) What personal data we collect (Controller context)
When you interact with us directly (email, form submission, phone, or through our site), we may collect:
-
Contact details – name, email, phone number, organisation.
-
Enquiry and project information – what you tell us about your needs, content and files you provide.
-
Business records – quotes, contracts, invoices, payment references.
-
Technical basics – standard server logs and security data necessary to operate and protect our website.
-
Cookies/analytics – see Cookies below.
We do not collect more than we need, and we do not sell your data.
3) Why we use personal data & lawful bases
We only use personal data where UK GDPR allows:
-
Responding to enquiries and providing quotes – contract / legitimate interests (to respond efficiently).
-
Delivering projects and support – contract.
-
Billing, tax and compliance – legal obligation (e.g., HMRC record keeping).
-
Improving our services and site – legitimate interests.
-
Marketing (if used) – consent where required. You can withdraw consent at any time.
4) Sharing & service providers (sub-processors)
To run our business we use reputable service providers (for example: web hosting platforms such as Wix/WordPress hosts, email and productivity tools, secure backups). We only share what’s necessary, ensure appropriate data protection commitments, and never allow providers to use your data for their own marketing.
5) International transfers
Some providers may process data outside the UK. Where this happens, we use approved safeguards (such as the UK International Data Transfer Agreement/Addendum, or adequacy decisions).
6) Security measures
We use appropriate technical and organisational measures, including:
-
Multi-factor authentication (MFA) on admin accounts where available.
-
Least-privilege access and unique accounts.
-
Encrypted devices and a reputable password manager.
-
HTTPS for data in transit; secure vendor platforms for hosting.
-
Restricted exports and secure deletion of any temporary working copies.
-
Vendor and plugin updates applied on a regular basis.
7) How long we keep data (retention)
We keep personal data only as long as necessary:
-
Enquiry emails/forms: up to 12 months after last contact (unless they become part of an active project).
-
Project files and correspondence: typically up to 24 months after project completion (unless we agree otherwise, or you request earlier deletion where feasible).
-
Contracts, invoices, and financial records: 6 years (legal obligation).
-
Temporary working copies/exports: deleted once the task is complete or the project ends, unless legally required to retain.
8) Your rights (Controller context)
You have rights under UK GDPR, including:
-
Access (a copy of your data)
-
Rectification (correct inaccuracies)
-
Erasure (delete, in certain circumstances)
-
Restriction (limit processing)
-
Portability (move your data)
-
Objection (to certain processing based on legitimate interests)
-
Withdraw consent (where consent is the basis)
To exercise any of these, email adam@bridgedigital.uk. We may need to verify your identity. We aim to respond within one month. You also have the right to complain to the Information Commissioner’s Office (ICO). We encourage you to contact us first so we can try to resolve any concerns.
9) Cookies
-
We use essential cookies required to make the site work and keep it secure.
-
If we introduce analytics or other non-essential cookies, we will display a consent banner that lets you accept or decline before they run.
-
You can change your cookie preferences at any time via your browser settings or (where shown) our cookie banner link.
10) Children
Our services are intended for business use. We do not knowingly collect personal data from children.
11) Working with client data (Data Processor)
For many projects, our clients are the Data Controller, and Bridge Digital UK acts as their Data Processor. In those cases:
-
Instructions only. We process personal data strictly on the client’s documented instructions to deliver the agreed services (e.g., configuring sign-ups, investigating support issues, maintaining the site).
-
Access minimised. We limit access to what is necessary, apply least-privilege permissions, and prefer in-platform work rather than exports.
-
Security. We use MFA on admin accounts where available, encrypted devices, a password manager, and secure deletion of any temporary working copies.
-
End of engagement. At the client’s choice, we will delete or return personal data and delete existing copies unless UK law requires storage.
-
Agreements. We can provide a short Data Processing Agreement (DPA) and/or confidentiality undertaking on request and can sign electronically.
12) Changes to this policy
We may update this policy from time to time to reflect changes in law or how we operate. We’ll post any updates here and adjust the “Last updated” date above.
13) Contact
If you have any questions or requests about this policy or your personal data, contact:
Bridge Digital UK, Sithean Y Mor, Lon Refail, Llanfairpwll, LL61 5YN, United Kingdom. Email: adam@bridgedigital.uk