Privacy Policy

1. Introduction

No Sweat Websites ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website at https://nosweatwebsites.co.uk (the "Site").

We respect your privacy and are committed to protecting your personal data. This Privacy Policy will inform you about how we handle your personal data, your privacy rights, and how the law protects you.

2. Information We Collect

We may collect and process the following categories of personal data about you:

2.1 Personal Data You Provide

When you contact us through our website contact form, we collect:

• Identity Data: First name and last name
• Contact Data: Email address and phone number
• Project Data: Information about your project needs and requirements

2.2 Data We Collect Automatically

When you visit our Site, we automatically collect:

• Technical Data: IP address, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform
• Usage Data: Information about how you use our Site, products, and services, including pages visited, time spent on pages, and navigation paths
• Marketing and Communications Data: Your preferences in receiving marketing from us and your communication preferences

2.3 Cookies and Tracking Technologies

We use cookies and similar tracking technologies to track activity on our Site and store certain information. Our Site uses:

• Essential Cookies: Required for the Site to function properly
• Analytics Cookies: We use Google Analytics and Ahrefs to understand how visitors use our Site, which helps us improve our services

You can control cookies through your browser settings. However, disabling cookies may affect the functionality of our Site.

2.4 Third-Party Services

We use the following third-party services that may collect and process your data:

• Netlify: Website hosting provider (USA-based)
• Resend: Email delivery service for contact form submissions (USA-based)
• Google Analytics: Website analytics service (USA-based)
• Ahrefs: Website analytics and SEO monitoring (Singapore-based)

Each third-party service has its own privacy policy. We encourage you to review their policies:

• Netlify Privacy Policy: https://www.netlify.com/privacy/
• Resend Privacy Policy: https://resend.com/legal/privacy-policy
• Google Privacy Policy: https://policies.google.com/privacy
• Ahrefs Privacy Policy: https://ahrefs.com/privacy

3. How We Use Your Information

We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:

3.1 Purposes for Processing

• To respond to your inquiries: When you contact us through our contact form, we use your information to respond to your questions and discuss potential projects
• To provide our services: If you become a client, we use your information to deliver our website design, branding, and marketing services
• To improve our Site: We analyze usage data to understand how visitors interact with our Site and make improvements
• To send marketing communications: With your consent, we may send you updates, offers, and news about our services
• To comply with legal obligations: We may process your data to comply with legal requirements, such as tax and accounting obligations

3.2 Legal Basis for Processing (UK GDPR)

We process your personal data based on the following legal grounds:

• Consent: When you voluntarily provide information via our contact form and consent to us contacting you
• Legitimate Interests: To respond to inquiries, improve our services, and analyze Site usage (where your interests and fundamental rights do not override those interests)
• Contract: To fulfill our contractual obligations if you become a client and we provide services to you
• Legal Obligation: To comply with legal and regulatory requirements

3.3 Marketing Communications

We may use your contact information to send you marketing communications about our services, offers, and updates. We will only do this if:

• You have given us explicit consent to receive marketing communications, or
• You are an existing customer and we are marketing similar services to those you have previously purchased

You can opt out at any time by:

• Clicking the "unsubscribe" link in any marketing email
• Emailing us at [email protected]
• Contacting us through our website contact form

4. Information Sharing and Disclosure

We do not sell, trade, or rent your personal information to third parties. We may share your information only in the following limited circumstances:

4.1 Service Providers

We may share your data with third-party service providers who assist us in operating our Site and conducting our business, including:

• Website hosting (Netlify)
• Email delivery services (Resend)
• Analytics providers (Google Analytics, Ahrefs)
• Future marketing email services (when implemented)

These service providers are contractually obligated to use your personal data only for the purposes we specify and to protect your data.

4.2 Legal Requirements

We may disclose your information when required by law or to:

• Comply with legal obligations, court orders, or government requests
• Protect our rights, property, or safety, or that of our users or the public
• Prevent fraud, security issues, or technical problems

4.3 Business Transfers

If we are involved in a merger, acquisition, or sale of assets, your personal data may be transferred. We will provide notice before your personal data is transferred and becomes subject to a different privacy policy.

5. International Data Transfers

Some of our service providers are located outside the United Kingdom and European Economic Area (EEA), particularly in the United States. When we transfer your personal data internationally, we ensure appropriate safeguards are in place, such as:

• Standard Contractual Clauses (SCCs): Approved by the UK Information Commissioner's Office (ICO) and European Commission
• Adequacy Decisions: Transfers to countries deemed to provide adequate data protection
• Data Processing Agreements: Contracts with service providers ensuring GDPR-compliant data handling

Our service providers (Netlify, Resend, Google Analytics) all have appropriate data transfer mechanisms in place and comply with GDPR requirements.

6. Data Retention

We will only retain your personal data for as long as necessary to fulfill the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.

6.1 Retention Periods

• Contact form inquiries: Until your inquiry is resolved, then up to 12 months (unless you request earlier deletion)
• Client project data: Duration of the project plus 7 years for legal, tax, and accounting purposes
• Marketing communications data: Until you unsubscribe or request deletion
• Website analytics data: Up to 26 months (Google Analytics default retention period)
• Cookies: As specified in our cookie settings (typically 12-24 months)

When we no longer need your personal data, we will securely delete or anonymize it. You may request deletion at any time by contacting us.

7. Data Security

We have implemented appropriate technical and organizational security measures to protect your personal information from:

• Unauthorized access, use, or disclosure
• Accidental loss, destruction, or damage
• Unlawful processing

7.1 Security Measures

Our security measures include:

• Secure HTTPS encryption for all data transmitted to and from our Site
• Secure hosting infrastructure with Netlify
• Encrypted email delivery via Resend
• Limited access to personal data on a need-to-know basis
• Regular security reviews and updates

Please note: No method of transmission over the Internet or electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your personal data, we cannot guarantee absolute security.

8. Your Rights (UK GDPR & Data Protection)

Under UK GDPR and data protection laws, you have the following rights regarding your personal data:

8.1 Right to Access

You have the right to request a copy of the personal data we hold about you. This is known as a "data subject access request."

8.2 Right to Rectification

You have the right to request correction of any inaccurate or incomplete personal data we hold about you.

8.3 Right to Erasure ("Right to be Forgotten")

You have the right to request deletion of your personal data in certain circumstances, such as:

• The data is no longer necessary for the purpose it was collected
• You withdraw consent (where processing was based on consent)
• You object to processing and there are no overriding legitimate grounds
• The data has been unlawfully processed

8.4 Right to Restrict Processing

You have the right to request that we limit how we use your personal data in certain circumstances.

8.5 Right to Data Portability

You have the right to receive your personal data in a structured, commonly used, and machine-readable format and to transmit that data to another controller.

8.6 Right to Object

You have the right to object to processing of your personal data where we are relying on legitimate interests. You also have the absolute right to object to processing for direct marketing purposes.

8.7 Right to Withdraw Consent

Where we are relying on consent to process your personal data, you have the right to withdraw that consent at any time. This will not affect the lawfulness of any processing carried out before you withdraw your consent.

8.8 Right to Lodge a Complaint

You have the right to lodge a complaint with the UK Information Commissioner's Office (ICO) if you believe your data protection rights have been violated.

8.9 How to Exercise Your Rights

To exercise any of these rights, please contact us at:

• Email: [email protected]
• Contact form: https://nosweatwebsites.co.uk

We will respond to your request within 30 days. If we cannot fulfill your request, we will explain why.

9. Children's Privacy

Our Site and services are not intended for children under the age of 13 (or 16 in some European countries). We do not knowingly collect personal information from children.

If you are a parent or guardian and you believe your child has provided us with personal data, please contact us immediately. If we become aware that we have collected personal data from children without verification of parental consent, we will take steps to delete that information.

10. Cookies Policy

Our Site uses cookies to enhance your browsing experience and analyze Site usage.

10.1 What Are Cookies?

Cookies are small text files that are placed on your device when you visit a website. They are widely used to make websites work more efficiently and provide information to website owners.

10.2 Types of Cookies We Use

• Essential Cookies: Required for the Site to function properly (e.g., security, accessibility features)
• Analytics Cookies: Help us understand how visitors interact with our Site (Google Analytics, Ahrefs)

10.3 How to Control Cookies

You can control and/or delete cookies as you wish. You can:

• Delete all cookies that are already on your device
• Set your browser to prevent cookies from being placed
• Accept cookies from specific websites only

Please note that disabling cookies may affect the functionality of our Site.

Browser settings for cookie control:

• Chrome: Settings > Privacy and security > Cookies
• Firefox: Settings > Privacy & Security > Cookies
• Safari: Preferences > Privacy > Cookies
• Edge: Settings > Cookies and site permissions

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors.

When we make material changes to this Privacy Policy, we will:

• Update the "Last Updated" date at the top of this page
• Notify you by email (if you have provided your email address)
• Post a notice on our Site homepage for at least 30 days

We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting your information.

12. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Response Time: We aim to respond to all privacy-related inquiries and requests within 30 days, as required by UK GDPR.