Privacy Policy

How we collect, use and protect your personal data. Compliant with UK GDPR and the Data Protection Act 2018.

Last updated: 22 April 2026

1. Data controller and contact

The data controller responsible for your personal data is Shaun Allen, operating the website https://www.shaunallen.co.uk. We are based in Kingswood, Hull, United Kingdom and provide web design, hosting, email management and IT support services.

For any matter relating to data protection or this policy, you can contact us via the details on our contact page (email and telephone). We do not appoint a Data Protection Officer as we are not required to do so under the Data Protection Act 2018; for data protection enquiries please contact us directly as above.

2. Legal framework

We process personal data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018 (DPA 2018). This policy explains what data we collect, why we use it, how long we keep it, and your rights. We are committed to protecting your privacy and handling your data lawfully and transparently.

3. Personal data we collect and sources

We collect personal data that you provide and data that is generated when you use our website.

3.1 Data you provide

  • Name – when you submit the contact form
  • Email address – when you submit the contact form
  • Message content – the content of your enquiry

We also temporarily hold this information in session storage so that if a form submission fails (e.g. validation error), your input can be shown back to you. Session data is cleared after a successful submission or when you close your browser.

3.2 Data we collect automatically

  • Technical data – such as IP address, browser type, device type and operating system. We use this for security (e.g. abuse prevention, rate limiting), and to improve the operation of the site. We may also infer approximate location (e.g. country) from your IP for security and to ensure the site is used in line with our terms.

We do not collect personal data from any other source than you and your use of this website.

4. Purposes and legal basis for processing

We process your data only for the following purposes and on the following legal bases under UK GDPR:

  • Responding to your enquiry – we use your name, email and message to reply to you. Legal basis: consent (you submit the form voluntarily) and/or legitimate interests (running our business and communicating with enquirers).
  • Security and abuse prevention – we use technical data (e.g. IP) and apply rate limiting, CAPTCHA and similar measures. Legal basis: legitimate interests (protecting the website and our systems from abuse, fraud and misuse).
  • Compliance with law – where we are required to retain or disclose data by UK law. Legal basis: legal obligation.

We do not use your data for automated decision-making or profiling that produces legal or similarly significant effects.

5. Recipients of your data

We do not sell or rent your personal data. We may share your data only:

  • With service providers who help us run the website (e.g. hosting). Such providers act on our instructions and are bound by confidentiality and data protection obligations.
  • Where required by law (e.g. court order, or to a regulator or law enforcement body).

Contact form submissions are sent by email to us; email may be processed by our email and hosting providers. We do not transfer your personal data outside the United Kingdom except where our providers process it (e.g. on UK or adequacy-approved servers). If we ever transfer data to a country without an adequacy decision, we will ensure appropriate safeguards (e.g. standard contractual clauses) and inform you where the law requires.

6. Retention

We keep your data only as long as necessary for the purposes above:

  • Contact form data – we do not store submissions in a database. Emails we receive are kept only for as long as needed to deal with your enquiry and any follow-up (typically no longer than necessary for our business relationship or any legal obligation).
  • Session data – cleared when you close your browser or after a successful form submission.
  • Technical/security data (e.g. logs) – may be retained for a short period (e.g. up to a few months) where necessary for security, after which it is deleted or anonymised.

7. Your rights under UK law

Under the UK GDPR and the Data Protection Act 2018 you have the right to:

  • Access – to obtain a copy of the personal data we hold about you (subject to certain exceptions).
  • Rectification – to have inaccurate personal data corrected.
  • Erasure – to have your personal data deleted in certain circumstances (“right to be forgotten”).
  • Restrict processing – to limit how we use your data in certain circumstances.
  • Data portability – to receive your data in a structured, machine-readable format where the processing is by automated means and based on consent or contract.
  • Object – to object to processing based on legitimate interests (including profiling). We must stop unless we have compelling legitimate grounds that override your interests.
  • Withdraw consent – where we rely on consent, you may withdraw it at any time. Withdrawal does not affect the lawfulness of processing before withdrawal.
  • Lodge a complaint – with the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection (ico.org.uk/global/contact-us).

To exercise any of these rights, contact us using the details on our contact page. We will respond within one month (we may extend by a further two months where necessary, and we will tell you). We may need to verify your identity. You will not usually have to pay a fee; we may charge a reasonable fee or refuse requests that are clearly unfounded or excessive.

8. Is providing your data obligatory?

Provision of your name, email and message is not required by law, but it is necessary for us to respond to your enquiry via the contact form. If you do not provide this information, we will not be able to process your request through the form. Technical data (e.g. IP) is collected automatically when you use the site; you cannot use the site without this being processed to the extent required for security and operation.

9. Changes to this policy

We may update this policy from time to time to reflect changes in our practices or in the law. The “Last updated” date at the top will be revised when we do. We encourage you to review this page periodically. Where changes are significant we may notify you where appropriate (e.g. by a notice on the site or by email if we hold it for that purpose).

Return to home