SR7 WEB DESIGN

📞 01917221890

GDPR & Data Protection Statement

SR7 Web Design

Effective Date: 25 January 2026

1. Introduction

SR7 Web Design (“we”, “us”, “our”) is committed to protecting the privacy and security of personal data. This GDPR Statement explains how we collect, use, store, and protect personal information in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

We are a web design and development company based in North East England, serving local businesses primarily in the SR7 postcode area and surrounding regions.

This GDPR Statement should be read alongside our Privacy Policy and Cookie Policy

2. Data Processing Roles (Controller and Processor)

When we are the Controller: For our own business operations (for example, responding to enquiries, managing projects and invoices, and sending marketing where permitted), SR7 Web Design decides what personal data we collect and how we use it.

When we are the Processor: When we build, host, maintain, or support a website for a client and handle personal data on their behalf (for example, site users, contact form submissions, customer lists), we act as a Processor. In these cases, the client is the Controller and is responsible for choosing a lawful basis and providing privacy information to their users. We follow the client’s written instructions, keep data secure, and help them meet their GDPR obligations.

Contact: If you have any questions about how we handle personal data, please contact us through our website: sr7webdesign.co.uk

3. What Personal Data We Collect

In the course of providing our web design and consulting services, we may collect and process the following categories of personal data:

3.1 Client Information

  • Full name
  • Business name and address
  • Email address
  • Telephone number
  • Payment and billing information
  • Website login credentials (where applicable)

3.2 Website Visitor Information

  • IP address
  • Browser type and version
  • Device information
  • Pages visited and time spent on our website
  • Referral source
  • Cookie data (see our separate Cookie Policy)

3.3 Communication Data

  • Records of correspondence via email, phone, or contact forms
  • Enquiry details and project requirements
  • Feedback and testimonials

4. Legal Basis for Processing

We process personal data under one or more of the following lawful bases, as permitted by UK GDPR:

  • Contract – where processing is necessary to perform a contract with you or to take steps at your request before entering into a contract.
  • Legal obligation – where processing is necessary to comply with a legal or regulatory obligation.
  • Legitimate interests – where processing is necessary for our legitimate business interests, provided those interests do not override your rights and freedoms.
  • Consent – where you have given clear consent for us to process your personal data for a specific purpose (for example, marketing communications).

5. How We Use Your Personal Data

We use the personal data we collect for the following purposes:

  • To provide web design, development, and consulting services
  • To communicate with you about your project or enquiry
  • To issue invoices and process payments
  • To provide ongoing website maintenance and support (where applicable)
  • To improve our services and website functionality
  • To send marketing communications (only where consent has been given)
  • To comply with legal and regulatory obligations
  • To protect our legal rights and interests

6. Data Sharing

We do not sell, rent, or trade your personal data to third parties.

We may share your data with the following categories of recipients where necessary:

  • Hosting providers – to host your website
  • Domain registrars – to register your domain name
  • Payment processors – to process payments securely
  • Accountants and legal advisors – for professional advice and compliance
  • Regulatory authorities – where required by law

All third parties we work with are required to respect the security of your personal data and treat it in accordance with data protection law.

7. International Data Transfers

We primarily store and process data within the United Kingdom. Where data is transferred outside the UK, we ensure appropriate safeguards are in place, such as:

  • Standard Contractual Clauses (SCCs) approved by the Information Commissioner’s Office (ICO)
  • Transfers to countries with adequate data protection laws

8. Data Retention

We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, or as required by law.

After the retention period expires, data will be securely deleted or anonymised.

9. Data Security

We use appropriate technical and organisational measures to keep personal data secure and reduce the risk of unauthorised access, loss, or misuse. Measures include:

  • Strong, unique passwords and a secure password manager
  • Multi-factor authentication on key systems
  • Encryption in transit (HTTPS/TLS) and, where appropriate, at rest
  • Least-privilege access and role-based permissions
  • Regular updates/patching and periodic security reviews
  • Vetting and contracts with trusted suppliers (e.g., hosts, payment processors)
  • Backups and tested recovery procedures

10. Your Rights Under UK GDPR

Under UK data protection law, you have the right to:

  • Access your personal data
  • Rectification of inaccurate or incomplete data
  • Erasure (“the right to be forgotten”)
  • Restrict processing
  • Data portability
  • Object to processing
  • Withdraw consent at any time (where consent is the legal basis)
  • Lodge a complaint with the Information Commissioner’s Office (ICO)

How to Exercise Your Rights

Send your request via our website contact form and tell us which right you want to use and what it relates to.

We may ask you for information to confirm your identity before we act on your request.

We aim to respond within one month. If your request is complex or you have made a number of requests, we may extend this by up to two further months and will let you know.

There is no fee for typical requests. We may charge a reasonable fee or refuse requests that are manifestly unfounded or excessive, as permitted by law.

11. Marketing Communications

We may send you information about our services if you have given your consent or if you are an existing client and the information is relevant to similar services.

You can opt out of marketing communications at any time by:

  • Clicking the “unsubscribe” link in any marketing email
  • Contacting us directly through our website

12. Complaints

If you are unhappy with how we have handled your personal data, you have the right to lodge a complaint with the Information Commissioner’s Office (ICO):

Information Commissioner’s Office

We would appreciate the opportunity to address your concerns before you contact the ICO, so please reach out to us first.

13. Changes to This Statement

We may update this GDPR Statement from time to time to reflect changes in our practices or legal requirements. Any updates will be posted on our website with an updated effective date.

We encourage you to review this statement periodically.

14. Contact Us

  1. Contact Us

If you have any questions about this GDPR Statement or our data protection practices, please contact us through our website:

Data Protection Contact:
SR7 Web Design
Seaham, County Durham, UK
Website: https://sr7webdesign.co.uk
Email: info@sr7webdesign.co.uk

This GDPR Statement was last updated on 25 January 2026.