Privacy Policy
Last updated: 1 April 2026
This privacy policy explains how Brandor collects, uses, stores, and protects your personal data when you use our website or engage our web design services. We are committed to protecting your privacy and handling your data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
1. Who We Are
Brandor is the data controller responsible for your personal data.
Brandor
A sole trader operating in England and Wales
Location: Bournemouth, Dorset, UK
Email: dominic@brandor.co.uk
Phone: 07488 376 993
Website: brandor.co.uk
2. What Data We Collect
We collect personal data only when necessary to provide our services or respond to your enquiries.
| Data type | When we collect it |
|---|---|
| Name | When you contact us, request a quote, or begin a project |
| Email address | When you submit our contact form, request a quote, or correspond with us |
| Phone number | When you provide it during an enquiry or project discussion |
| Address / location | When you discuss your service area or business location for a project |
| IP address and browser data | Automatically when you visit our website (via analytics and hosting logs) |
| Messages and enquiry details | When you request a quote or discuss a project via our contact form, email, or phone |
We do not collect sensitive personal data (such as health information, religious beliefs, or biometric data).
3. Why We Collect Your Data (Lawful Basis)
Under UK GDPR, we must have a lawful basis for processing your personal data. The bases we rely on are:
| Purpose | Lawful basis |
|---|---|
| Responding to enquiries and providing quotes | Legitimate interest (pre-contractual communication) |
| Delivering web design, SEO, and branding services | Contract (necessary to fulfil our agreement with you) |
| Sending invoices and processing payments | Contract / Legal obligation |
| Improving our website and user experience | Legitimate interest (analytics) |
| Complying with legal or tax obligations | Legal obligation |
We will never sell your personal data to third parties or use it for purposes unrelated to our services.
4. How Long We Keep Your Data
We retain personal data only for as long as necessary for the purpose it was collected.
| Data type | Retention period |
|---|---|
| Enquiry and contact form data | 12 months from last contact (deleted if no project proceeds) |
| Project files and correspondence | 6 years from project completion (in line with HMRC requirements) |
| Invoices and financial records | 6 years (legal obligation under tax law) |
| Website analytics data | 26 months (Google Analytics default retention) |
After the retention period, data is securely deleted or anonymised.
5. Who We Share Your Data With
We do not sell or rent your personal data. We may share it with the following trusted third-party services, solely to deliver our services:
| Provider | Purpose | Data shared |
|---|---|---|
| Formspree | Processing contact form submissions | Name, email, phone, message content |
| Netlify | Website hosting and deployment | IP address, browser data (server logs) |
| Google Analytics | Website usage analytics | IP address (anonymised), browser data, pages visited |
Each provider has their own privacy policy and data processing agreements. We only use providers who comply with UK GDPR or offer adequate safeguards for international data transfers.
6. Where Your Data Is Stored
Your data is primarily stored within the UK and European Economic Area (EEA). Our website is hosted on Netlify servers, which may process data in the US under Standard Contractual Clauses (SCCs) approved by the UK Information Commissioner's Office.
Where data is transferred outside the UK/EEA, we ensure appropriate safeguards are in place in accordance with UK GDPR requirements.
7. Your Rights
Under UK GDPR, you have the following rights regarding your personal data:
- Right of access — request a copy of the personal data we hold about you.
- Right to rectification — request correction of inaccurate or incomplete data.
- Right to erasure — request deletion of your data where there is no compelling reason for us to continue processing it.
- Right to restrict processing — request that we limit how we use your data.
- Right to data portability — request your data in a structured, commonly used, machine-readable format.
- Right to object — object to processing based on legitimate interest.
- Right to withdraw consent — where processing is based on consent, withdraw it at any time.
To exercise any of these rights, contact us at dominic@brandor.co.uk or call 07488 376 993. We will respond within 30 days.
8. Complaints
If you believe we have not handled your data correctly, we encourage you to contact us first so we can resolve the issue.
You also have the right to lodge a complaint with the Information Commissioner's Office (ICO):
- Website: ico.org.uk
- Phone: 0303 123 1113
- Address: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
9. Changes to This Policy
We may update this privacy policy from time to time. The "last updated" date at the top of this page reflects the most recent version. We encourage you to review this page periodically. Continued use of our website or services after changes constitutes acceptance of the updated policy.