Privacy Policy
How we collect, use, and protect your personal information
Last updated: 21 June 2025 | Version: 1.1
1. Introduction
This Privacy Policy explains how DesignsDecoded ("we", "us", "our"), operated by Codey James West, collects, uses, and protects your personal information when you use our web design, development, and hosting services.
We are committed to protecting your privacy and complying with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
Data Controller Contact:
Codey James West
Email: [email protected]
Website: designsdecoded.co.uk
2. Information We Collect
2.1 Information You Provide
- Account Information: Business name, contact name, email address, phone number (if provided)
- Payment Information: Billing address, payment method (processed by Stripe)
- Project Information: Website content, requirements, and specifications
- Communications: Emails, support requests, and other correspondence
2.2 Information Automatically Collected
- Log Data: IP address, browser type, pages visited, time and date of visit
- Device Information: Operating system, device type, screen resolution
- Performance Data: Page load times, error logs, uptime statistics
2.3 Cookies and Similar Technologies
We use cookies and similar technologies as detailed in our Cookie Policy. These include:
- Essential cookies for website functionality
- Analytics cookies (if applicable)
- Performance monitoring cookies
3. How We Use Your Information
3.1 Legal Basis for Processing
We process your personal data based on:
Performance of Contract:
- Providing web development and hosting services
- Processing payments and maintaining accounts
- Customer support and service delivery
- Account management and communications
Legal Obligations:
- Maintaining financial records for tax purposes
- Complying with court orders or legal requirements
- Fraud prevention and security measures
Legitimate Interests:
- Improving our services and customer experience
- Ensuring network and information security
- Protecting against misuse of services
- Internal record keeping and administration
3.2 Specific Uses
- Service Delivery: Host websites, manage domains, provide support
- Billing: Process payments, send invoices, manage subscriptions
- Communication: Service updates, maintenance notifications, support responses
- Security: Monitor for threats, prevent abuse, maintain service integrity
- Improvement: Analyze usage patterns, optimize performance, fix issues
4. Data Sharing and Disclosure
4.1 Service Providers
We share data with trusted third parties who assist in providing our services:
- Stripe: Payment processing (they have their own privacy policy)
- Hetzner: Server infrastructure provider in Germany
- GitHub: Code repository storage (for website code only)
- Domain Registrars: For domain registration services
- Cloudflare: DNS management and CDN services
- Resend: Transactional email delivery
- Ahrefs: Website analytics and SEO monitoring (our site only)
- Google Analytics: Website analytics (when implemented)
- Veeam: Backup services (when implemented)
4.2 Legal Requirements
We may disclose information when required by law, including:
- Court orders or legal proceedings
- Government or regulatory requests
- Protection of legal rights
- Prevention of fraud or security threats
4.3 Business Transfers
If our business is sold or merged, your information may be transferred as part of that transaction. We will notify you of any such change.
4.4 No Sale of Data
We do not sell, rent, or trade your personal information to third parties for marketing purposes.
5. International Data Transfers
Your data may be transferred and processed in countries outside the UK:
- Germany (EU): Primary hosting location (Hetzner)
- United States: GitHub code repositories (standard contractual clauses apply)
These transfers are protected by:
- EU-UK adequacy decision for EU transfers
- Standard contractual clauses for other transfers
- Appropriate technical and organizational measures
6. Data Security
We implement appropriate security measures including:
- Encryption of data in transit (SSL/TLS)
- Secure password requirements
- Regular security updates and patches
- Access controls and authentication
- Regular backups and disaster recovery procedures
- Security monitoring and incident response
However, no method of transmission over the internet is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.
7. Data Retention
We retain personal data for different periods based on the purpose:
- Customer Account Data: Duration of service plus 6 years (tax requirements)
- Payment Records: 6 years after last transaction (legal requirement)
- Server Logs: 90 days rolling retention
- Support Communications: 2 years after resolution
- Website Backups: 30 days rolling retention
- Cancelled Account Data: 30 days after cancellation for recovery purposes
8. Your Rights
Under UK GDPR, you have the following rights:
8.1 Right to Access
Request a copy of the personal data we hold about you.
8.2 Right to Rectification
Request correction of inaccurate or incomplete data.
8.3 Right to Erasure ('Right to be Forgotten')
Request deletion of your data, subject to legal obligations.
8.4 Right to Restrict Processing
Request limitation of processing in certain circumstances.
8.5 Right to Data Portability
Receive your data in a structured, commonly used format.
8.6 Right to Object
Object to processing based on legitimate interests.
8.7 Rights Related to Automated Decision Making
We do not use automated decision-making or profiling.
8.8 Right to Withdraw Consent
Where processing is based on consent, you may withdraw it at any time.
8.9 How to Exercise Your Rights
Email: [email protected]
Response time: Within 30 days
9. Children's Privacy
Our services are not directed to individuals under 18. We do not knowingly collect personal information from children. If we become aware of such collection, we will delete the information.
10. Third-Party Links
Our service may contain links to third-party websites. We are not responsible for their privacy practices. Please review their privacy policies before providing any information.
11. Changes to This Policy
We may update this policy periodically. Changes will be posted on this page with an updated revision date. Material changes will be notified via email.
12. Complaints
If you have concerns about how we handle your data:
1. Contact us first: [email protected]
2. UK Supervisory Authority:
Information Commissioner's Office (ICO)
Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
Phone: 0303 123 1113
Website: ico.org.uk
13. California Privacy Rights
If you are a California resident, you may have additional rights under the California Consumer Privacy Act (CCPA). Contact us for more information.
14. Contact Information
For any questions about this Privacy Policy or our data practices:
General Privacy Queries: [email protected]
Data Protection Officer: [email protected]
Security Concerns: [email protected]
Website: codeydecoded.com
Acknowledgment
By using our services, you acknowledge that you have read and understood this Privacy Policy.