Privacy Policy

Last updated: 18th of May 2025

This privacy notice tells you what to expect us to do with your personal information.

  • Contact details
  • What information we collect, use, and why
  • Lawful bases and data protection rights
  • Where we get personal information from
  • How long we keep information
  • Who we share information with
  • Sharing information outside the UK
  • How to complain

Contact details

Email: info@clickwittedweb.com

What information we collect, use, and why

We collect or use the following information to provide services and goods, including delivery:

  • Names and contact details
  • Addresses
  • Payment details (including card or bank information for transfers and direct debits)
  • Account information
  • Website user information (including user journeys and cookie tracking)
  • Call recordings
  • Records of meetings and decisions
  • Information relating to compliments or complaints

We collect or use the following information for the operation of customer accounts and guarantees:

  • Names and contact details
  • Addresses
  • Payment details (including card or bank information for transfers and direct debits)
  • Account information, including registration details
  • Information used for security purposes
  • Marketing preferences

We collect or use the following information for service updates or marketing purposes:

  • Names and contact details
  • Marketing preferences
  • Location data
  • Website and app user journey information

We collect or use the following personal information for dealing with queries, complaints or claims:

  • Names and contact details
  • Account information
  • Purchase or service history

Lawful bases and data protection rights

Under UK data protection law, we must have a “lawful basis” for collecting and using your personal information. There is a list of possible lawful bases in the UK GDPR. You can find out more about lawful bases on the ICO’s website.

Which lawful basis we rely on may affect your data protection rights which are set out in brief below. You can find out more about your data protection rights and the exemptions which may apply on the ICO’s website:

  • Your right of access - You have the right to ask us for copies of your personal information. You can request other information such as details about where we get personal information from and who we share personal information with. There are some exemptions which means you may not receive all the information you ask for. You can read more about this right here.
  • Your right to rectification - You have the right to ask us to correct or delete personal information you think is inaccurate or incomplete. You can read more about this right here.
  • Your right to erasure - You have the right to ask us to delete your personal information. You can read more about this right here.
  • Your right to restriction of processing - You have the right to ask us to limit how we can use your personal information. You can read more about this right here.
  • Your right to object to processing - You have the right to object to the processing of your personal data. You can read more about this right here.
  • Your right to data portability - You have the right to ask that we transfer the personal information you gave us to another organisation, or to you. You can read more about this right here.
  • Your right to withdraw consent – When we use consent as our lawful basis you have the right to withdraw your consent at any time. You can read more about this right here.

If you make a request, we must respond to you without undue delay and in any event within one month.

To make a data protection rights request, please contact us using the contact details at the top of this privacy notice.

Our lawful bases for the collection and use of your data

Our lawful bases for collecting or using personal information to provide services and goods are:

  • Consent - we have permission from you after we gave you all the relevant information. All of your data protection rights may apply, except the right to object. To be clear, you do have the right to withdraw your consent at any time.
  • Contract – we have to collect or use the information so we can enter into or carry out a contract with you. All of your data protection rights may apply except the right to object.
  • Legitimate interests – we’re collecting or using your information because it benefits you, our organisation or someone else, without causing an undue risk of harm to anyone. All of your data protection rights may apply, except the right to portability. Our legitimate interests are:
    • We collect and use personal information to provide, improve, and support our website services. This includes contacting clients about their website projects, managing ongoing service plans, providing technical support, and sending service-related updates (such as maintenance notices or billing information). Our legitimate interest lies in efficiently delivering the services our clients have signed up for, ensuring smooth communication, and maintaining the performance and security of their websites. We believe this use of personal information is reasonably expected by our clients and poses minimal risk to their privacy. We only collect information that is necessary, use it responsibly, and never use it in a way that would override an individual’s rights or freedoms.

For more information on our use of legitimate interests as a lawful basis you can contact us using the contact details set out above.

Our lawful bases for collecting or using personal information for the operation of customer accounts and guarantees are:

  • Consent - we have permission from you after we gave you all the relevant information. All of your data protection rights may apply, except the right to object. To be clear, you do have the right to withdraw your consent at any time.
  • Contract – we have to collect or use the information so we can enter into or carry out a contract with you. All of your data protection rights may apply except the right to object.
  • Legitimate interests – we’re collecting or using your information because it benefits you, our organisation or someone else, without causing an undue risk of harm to anyone. All of your data protection rights may apply, except the right to portability. Our legitimate interests are:
    • We collect and use personal information to set up, operate, and manage customer accounts and service guarantees. This includes billing, tracking service usage, fulfilling contractual obligations (like support response times), and providing account-specific updates. Our legitimate interest is to maintain accurate records, ensure clients receive the services they’re paying for, and uphold any service-level commitments. These actions are essential for the smooth running of our business and expected by clients as part of a professional service relationship. We handle this information in a way that is secure, proportionate, and limited to what is necessary. The benefit of maintaining reliable client records and fulfilling service guarantees outweighs the minimal risk to individuals’ privacy, which we mitigate through responsible data practices and clear communication.

For more information on our use of legitimate interests as a lawful basis you can contact us using the contact details set out above.

Our lawful bases for collecting or using personal information for service updates or marketing purposes are:

  • Consent - we have permission from you after we gave you all the relevant information. All of your data protection rights may apply, except the right to object. To be clear, you do have the right to withdraw your consent at any time.
  • Legitimate interests – we’re collecting or using your information because it benefits you, our organisation or someone else, without causing an undue risk of harm to anyone. All of your data protection rights may apply, except the right to portability. Our legitimate interests are:
    • We collect and use personal information to send occasional service updates, helpful resources, or relevant marketing communications about our offerings.This may include information about new features, service improvements, limited-time offers, or educational content designed to help clients get more value from our services. Our legitimate interest is to keep our clients informed and engaged, provide useful insights, and grow our business in a way that aligns with their needs. We believe this is a reasonable expectation for anyone who has an existing relationship with us or has shown interest in our services. We carefully balance this interest against individuals’ privacy rights by keeping communications relevant, infrequent, and easy to opt out of at any time. We never sell or share data with third parties for their own marketing use, and we always give people control over how we contact them.

For more information on our use of legitimate interests as a lawful basis you can contact us using the contact details set out above.

Our lawful bases for collecting or using personal information for dealing with queries, complaints or claims are:

  • Consent - we have permission from you after we gave you all the relevant information. All of your data protection rights may apply, except the right to object. To be clear, you do have the right to withdraw your consent at any time.
  • Legitimate interests – we’re collecting or using your information because it benefits you, our organisation or someone else, without causing an undue risk of harm to anyone. All of your data protection rights may apply, except the right to portability. Our legitimate interests are:
    • We collect and use personal information to respond to queries, resolve complaints, and handle any legal or service-related claims. This ensures we can provide effective support, address concerns promptly, and maintain accountability in how we deliver our services. Our legitimate interest is to protect our business, maintain good customer relationships, and improve service quality by learning from feedback or issues. This also benefits individuals by ensuring their concerns are taken seriously and resolved appropriately. We only use the information necessary to investigate and respond fairly, and we handle it securely and confidentially. The benefits of providing responsive and responsible service outweigh the minimal risk to privacy, which we mitigate by respecting individuals’ rights and handling data with care.

For more information on our use of legitimate interests as a lawful basis you can contact us using the contact details set out above.

Where we get personal information from

  • Directly from you
  • Publicly available sources
  • Market research organisations
  • Providers of marketing lists and other personal information
  • Third parties:
    • We may also receive personal information from third parties, including: Webflow, Formspark – used to collect enquiries and form submissions Plutio – used for client onboarding, project management, and communication Xero – used for billing, invoicing, and payment records Microsoft 365 – used for email and document management Analytics providers – such as Google Analytics, to help us understand website usage (only aggregated data) Payment processors – e.g.Stripe or PayPal, to process transactions Referral partners – when someone is referred to us with their consent Newsletter and marketing tools – used to send email updates or promotional content (e.g. Mailchimp or similar) We ensure all third-party providers we work with handle data securely and are compliant with GDPR or equivalent data protection standards.

How long we keep information

We only keep personal information for as long as it is needed to deliver our services, meet our legal obligations, or resolve disputes.

The length of time we keep data depends on the type of information and the purpose it was collected for:

  • Client information (e.g. contact details, project history, contracts) is kept for up to 6 years after the end of our working relationship to comply with tax, accounting, and legal obligations.
  • Enquiry data submitted via our website is typically retained for up to 2 years, unless you ask us to delete it sooner.
  • Newsletter subscription data is stored until you unsubscribe, after which it is securely deleted or anonymised.
  • Website analytics data is anonymised and used only for statistical purposes, retained in accordance with the settings of the analytics provider.

We regularly review the information we hold and securely delete or anonymise anything no longer needed.

Who we share information with

Data processors

Webflow, Inc

This data processor does the following activities for us: Hosts our website and processes form submissions collected through our website (e.g. contact or enquiry forms). Also hosts our customer's websites

Client management platform \ UK

This data processor does the following activities for us: Manages client projects, proposals, contracts, invoices, onboarding forms, and service communication.

Accounting and billing platform \ UK

This data processor does the following activities for us: Processes invoices, stores payment records, and helps us manage our financial reporting.

Email Marketing Platform \ USA

This data processor does the following activities for us: Sends newsletters and marketing emails to individuals who have opted in to receive them.

Referral partners\ UK

This data processor does the following activities for us: Occasionally refer individuals to us (with their consent), providing contact details to follow up on service enquiries.

Payment processors \ USA

This data processor does the following activities for us: Processes customer payments securely and provides transaction records.

Analytics and website usage tracking \ USA

This data processor does the following activities for us: Collects anonymised and aggregated data to help us understand how visitors use our website.

 

Others we share personal information with

·   Professional or legal advisors

·   Relevant regulatory authorities

·   Warranty and guarantee providers

·   Professional consultants

·   Publicly on our website, social media or other marketing and information media

·   Suppliers and service providers

Sharing information outside the UK

Where necessary, we will transfer personal information outside of the UK. When doing so, we comply with the UK GDPR, making sure appropriate safeguards are in place.

For further information or to obtain a copy of the appropriate safeguard for any of the transfers below, please contact us using the contact information provided above.

Organisation name: Webflow, Inc

Category of recipient: Website hosting platform

Country the personal information is sent to: USA (with data centres in the US and EU)

How the transfer complies with UK data protection law: The country or sector has a UK data bridge (also known as Adequacy Regulations)

Webflow is certified under the EU-U.S. Data Privacy Framework, which the UK has recognised via the UK Extension as providing adequate protection for UK personal data.

 

Where necessary, our data processors may share personal information outside of the UK. When doing so, they comply with the UK GDPR, making sure appropriate safeguards are in place.

For further information or to obtain a copy of the appropriate safeguard for any of the transfers below, please contact us using the contact information provided above.

Organisation name: Webflow, Inc

Category of recipient: Website hosting platform

Country the personal information is sent to: USA (with data centres in the US and EU)

How the transfer complies with UK data protection law: The country or sector has a UK data bridge (also known as Adequacy Regulations)

Webflow is certified under the EU-U.S. Data Privacy Framework, which the UK has recognised via the UK Extension as providing adequate protection for UK personal data.

Organisation name: Intuit Mailchimp

Category of recipient: Email marketing platform

Country the personal information is sent to: USA

How the transfer complies with UK data protection law: The country or sector has a UK data bridge (also known as Adequacy Regulations)

Intuit Mailchimp is self-certified under the EU-U.S. Data Privacy Framework and covered under the UK Extension, which allows personal data to flow lawfully from the UK to the USA.

Organisation name: Formspark

Category of recipient: Form submission and delivery platform

Country the personal information is sent to: Belgium, with data transferred to and stored inIreland

How the transfer complies with UK data protection law: The country or sector has a UK data bridge (also known as Adequacy Regulations)

Formspark is certified under the EU–U.S. Data Privacy Framework and is listed under the UK Extension to the Framework, meaning it is considered to provide adequate protection for transfers of personal data from the UK.

Organisation name: Intuit Mailchimp

Category of recipient: Email marketing platform

Country the personal information is sent to: USA

How the transfer complies with UK data protection law: The country or sector has a UK data bridge (also known as Adequacy Regulations)

Intuit Mailchimp is self-certified under the EU-U.S. Data Privacy Framework and covered under the UK Extension, which allows personal data to flow lawfully from the UK to the USA.

 

How to complain

If you have any concerns about our use of your personal data, you can make a complaint to us using the contact details at the top of this privacy notice.

If you remain unhappy with how we’ve used your data after raising a complaint with us, you can also complain to the ICO.

The ICO’s address: 

Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF

Helpline number: 0303 123 1113

Website: https://www.ico.org.uk/make-a-complaint