Privacy Policy

Last Updated: 27th October, 2025

Introduction

Welcome to Paige&Pixel ("we", "us", or "our") website. Your privacy is important to us and this Privacy Policy explains how we collect, use, and protect your personal data when you visit and interact with our website. By using this website, you agree to the terms outlined in this policy.

Personal data we collect (what & how)

We collect personal data when you interact with our website, contact us, book appointments, report errors, or enter into contracts. The categories of personal data we collect and how we collect them are:

  • Identity & contact: first name, last name, email address, phone number, home address — provided directly by you via contact forms, booking forms, contracts, or email.
  • Technical & diagnostics: IP address and basic device/browser information — collected automatically via Google Analytics and server logs for site functionality, analytics and error troubleshooting.
  • Transactional: information necessary to complete bookings, appointments or contracts — provided when you complete contract or booking workflows.
  • Error and support reports: any personal data you include in error reports, support requests or correspondence.

Where relevant, data is collected directly from you (forms, emails, contracts) and automatically (Google Analytics and server logs). We use Google Analytics to track visitor behaviour; this may involve processing of IP addresses and usage data by Google under Google's terms.

Storage and retention

Storage locations:

  • Google Drive — used to store client documents, contracts and records.
  • Local personal computer — used to manage client records and project files.

Access to stored data is limited to authorised personnel only. We take reasonable technical and organisational measures to protect personal data held in these locations.

Retention period: We retain personal data for as long as you remain a paying client. If you stop being a client, we will delete your personal data within a maximum of 30 days unless we are required to retain certain information for legal, tax or regulatory reasons.

Legal bases for processing (UK GDPR)

Under the UK GDPR we rely on one or more of the following lawful bases when processing your personal data:

  • Performance of a contract: processing necessary to perform our contract with you (for example, booking and delivering services, managing invoices and fulfilment).
  • Consent: where you have given clear consent for a specific purpose (for example, marketing communications or non-essential cookies). You can withdraw consent at any time.
  • Legitimate interests: where processing is necessary for our legitimate interests (for example, fraud prevention, security, improving our website and services), provided those interests are not overridden by your rights and freedoms.
  • Legal obligation: where we are required to process data to comply with a legal or regulatory obligation (for example, tax or accounting records).

Note: for analytics that rely on cookies (Google Analytics) we rely on your consent. If you decline analytics cookies via the cookie preferences link in the footer, analytics cookies will not be set for your browser.

How we use your data

We use personal data for the following purposes:

  • To provide and manage services: processing bookings, delivering services and fulfilling contractual obligations.
  • To communicate with you: responding to enquiries, sending appointment confirmations, invoices, and service-related messages.
  • To maintain records: storing contracts, project files and documents necessary for the business relationship and for legal/tax compliance.
  • To improve our website and services: analysing usage with Google Analytics, diagnosing technical issues and improving site functionality and content.
  • Security and fraud prevention: protecting our systems, detecting abuse and ensuring the integrity of our services.
  • Marketing: if you opt in, sending promotional messages; we will only send marketing where you have provided consent or where permitted by law.
  • Legal compliance: where required by law, regulation or to exercise or defend legal claims.

Sharing / third parties (analytics, hosting, payment providers)

We may share personal data with trusted third parties where necessary to provide our services, comply with the law, or where you have given consent. Third parties are used only as data processors and are contractually bound to protect your data.

  • Hosting Heroes (UK): websites (this site and client sites) are hosted on UK-based servers by Hosting Heroes. Hosting Heroes acts as a processor for hosting services; a Data Processing Agreement (DPA) is in place and is available on request.
  • Google (Analytics & Drive): we use Google Analytics to collect usage and behavioural data (subject to your consent) and Google Drive to store client documents and records. These services process data under Google's terms and privacy policies. Google may process and store data inside or outside the UK; we rely on Google's contractual safeguards and transfer mechanisms when processing occurs outside the UK.
  • Service providers and contractors: third parties who process data on our behalf to support business activities (for example, professional advisers, IT support or backup services). They are only given the minimum data necessary and act under contract to us.
  • Legal or regulatory recipients: we may disclose personal data when required by law, to exercise or defend legal claims, or to respond to lawful requests from public authorities.

We do not sell your personal data. Any third party that processes personal data on our behalf must implement appropriate technical and organisational measures and may only act on our instructions. DPAs for Hosting Heroes and other processors are available on request.

Cookies

We use cookies and similar technologies to operate the site, remember preferences, and provide analytics. For a full, itemised list of cookies we set (including third‑party cookies), how long each cookie persists, and the vendor privacy links, see our Cookie Policy at /Cookie.

Types of cookies we use
  • Necessary cookies: required for core site functions (for example session management and security). These cookies do not require consent as they are essential to run the website.
  • Analytical / Statistical cookies: used to understand how visitors use the site so we can improve it. We use Google Analytics; common cookies set by Google Analytics include _ga, _gid, and _gat (or _ga_<id>). Analytics cookies are only set if you consent via the cookie preferences (footer link). IP anonymisation is not currently enabled in our Google Analytics configuration.
  • Marketing cookies: used by third parties (where applicable) to deliver relevant advertising and measure ad performance. See the Cookie Policy for exact vendor names and cookie identifiers.
  • Functional / Personalisation cookies: remember choices you make on the site (for example form preferences) to provide a smoother experience.
How to opt out or control cookies
  • Cookie preferences (footer): use the cookie preferences link in the website footer to accept or reject non-essential cookies, including analytics cookies.
  • Cookie settings banner: use the cookie banner or preference centre (where available) to accept or reject non-essential cookies.
  • Browser controls: most browsers let you block or delete cookies via their settings. Blocking some cookies may affect site functionality.
  • Google Analytics opt-out: to prevent your data from being used by Google Analytics across sites, you can install the Google Analytics Opt-out Browser Add-on: https://tools.google.com/dlpage/gaoptout/
  • Contact us: if you want assistance removing cookies we have set or to check which cookies relate to your account, contact us at hello@paigeandpixel.uk.

Disabling or blocking cookies may reduce the functionality of the site and prevent access to certain features. For the complete, itemised cookie list and vendor details, see our Cookie Policy at /Cookie.

Data retention

We keep personal data only for as long as necessary for the purposes set out in this policy.

  • Client records: retained for the duration of the commercial relationship. After a client relationship ends we delete client personal data within a maximum of 30 days, except where we are legally required to retain certain information (for example accounting records).
  • Google Drive & local storage: client documents and records stored on Google Drive or on a local personal computer are treated according to the retention rules above. Backups may remain for a short period after deletion; we will remove personal data from backups at the earliest practical time.
  • Analytics data: aggregated or anonymised analytics data is retained to help improve services. Where analytics data contains personal identifiers (for example raw IP logs) we limit retention and, where possible, enable anonymisation. Exact analytics retention settings are governed by the Google account configuration and can be provided on request.

If you wish to request earlier deletion of your account data, contact us and we will process your request in line with applicable law and this policy.

Your rights

Under UK data protection law you have a number of rights in relation to your personal data. These include:

  • Right of access: you can request a copy of the personal data we hold about you.
  • Right of rectification: you can ask us to correct inaccurate or incomplete data.
  • Right to erasure (right to be forgotten): you can ask us to delete your personal data where there is no lawful reason for us to retain it.
  • Right to restrict processing: you can request that we limit how we use your personal data.
  • Right to object: you can object to processing based on legitimate interests or direct marketing.
  • Right to data portability: where applicable, you can request a machine‑readable copy of personal data you provided to us.
  • Right to withdraw consent: where processing is based on consent, you may withdraw your consent at any time (this will not affect processing already lawfully carried out).

To exercise any of these rights, please contact us at hello@paigeandpixel.uk. We may request information to confirm your identity before fulfilling requests. We will respond to your request within one month, or longer if the request is complex (we will notify you if an extension is necessary).

If you are unhappy with our response you have the right to lodge a complaint with the Information Commissioner's Office (ICO): https://ico.org.uk/concerns/.

Security measures

We implement appropriate technical and organisational measures to protect personal data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure or access. Measures include:

  • Access controls and role-based permissions to limit who can view personal data.
  • Use of secure accounts and strong passwords; where available, multi‑factor authentication for accounts holding personal data.
  • Encryption of data in transit (HTTPS) and encryption of stored data where supported by the storage provider.
  • Regular software updates, anti-malware tools and firewall protections on devices used to access data.
  • Regular backups and procedures for secure deletion of data when no longer needed.
  • Contractual protections with third-party processors to ensure they implement appropriate security measures.
  • An incident response process is in place; where required by law we will notify the ICO of a personal data breach within 72 hours and inform affected individuals if there is a high risk to their rights and freedoms.
  • We apply data minimisation principles and will carry out a Data Protection Impact Assessment (DPIA) for any new processing likely to result in a high risk to individuals' privacy.

International transfers

We do not transfer personal data to destinations other than the places described below. Most personal data we process is kept on UK-based infrastructure (local UK servers and local storage hosted by Hosting Heroes). We also use Google services (Google Drive and Google Analytics) to store and process some data. Google may process and store data in data centres located inside or outside the UK. Where personal data is processed or stored outside the UK we rely on Google's contractual and legal safeguards (for example controller/processor terms and appropriate transfer mechanisms such as Standard Contractual Clauses or equivalent). If you would like details about the specific safeguards Google applies or the likely locations for a particular category of data, please contact us and we will provide the available information.

Changes to this policy & contact / DPO information

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. When we make material changes we will update the "Last Updated" date at the top of this page and, where appropriate, notify existing clients by email.

Data protection contact:

Email: hello@paigeandpixel.uk
Phone: [+44 75417 05900]
Location: Brichington-on-sea, Kent, UK

Data Protection Officer (DPO) / Privacy lead: If you would like to contact a named Data Protection Officer or privacy lead, or require specific contractual documentation (for example Data Processing Agreements or details of international transfer safeguards), please contact us at hello@paigeandpixel.uk and we will provide the requested information. Hosting Heroes (our UK hosting provider) and Google DPAs/transfer documentation are available on request. Please note this website does not process payments.

If you are unsatisfied with our handling of your personal data you also have the right to complain to the Information Commissioner's Office (ICO): https://ico.org.uk/concerns/.