Web Design
Web
Wordpress Hosting
Host
Photography
Photo
Aerial Photography
Aerial

Privacy

We are fully committed to information security in accordance with the General Data Protection Regulation (GDPR). This document outlines our position, responsibilities and procedures in relation to privacy and security.

Ctrl-X Digital Ltd
Date: 4 April 2025
Version: 2.0

1. Our Commitment to Data Protection

Ctrl-X Digital Ltd is fully committed to safeguarding personal data in compliance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. This privacy policy outlines our data protection principles, responsibilities, and how we handle client and customer information.

2. Definitions

  • Client – Any individual or organisation commissioning or receiving services from Ctrl-X Digital Ltd.
  • Client Data – Any information provided by the client, including but not limited to customer data.
  • Customer Data – Personally identifiable data such as names, email addresses, postal addresses, phone numbers, etc.

3. Roles and Responsibilities

  • Data Controller – The client is typically the data controller, determining the purposes and means of processing personal data.
  • Data Processor – Ctrl-X Digital Ltd acts as the data processor, providing services on behalf of the client.

We operate under the understanding that our clients have obtained lawful consent or have a valid lawful basis (e.g., legitimate interest) to process their customers’ personal data. As the data processor, we accept no liability for data collected or used without a valid lawful basis.

4. Data Collection and Use

We only process data necessary to deliver and support services requested by the client. Clients should not provide data beyond what is essential for the task. If excessive or sensitive data is provided, we reserve the right to raise this with the client and request its removal before proceeding.

5. Data Sharing

We do not share personal data with any third parties unless:

  • Explicitly authorised by the client,
  • Required by law, or
  • Necessary for the execution of services (e.g., via approved sub-processors like mailing platforms).

6. Data Retention

We retain personal data only for as long as necessary to fulfil the agreed services.

Where data is hosted on platforms such as Mailchimp, Campaign Monitor, or similar, it is the client’s responsibility (as Data Controller) to manage retention and compliance in line with applicable laws.

7. Lawful Basis for Processing

Ctrl-X Digital Ltd processes data under the lawful basis of legitimate interest, strictly for the purpose of delivering services to our clients. This includes communications, technical support, and implementation tasks.

8. Data Subject Rights

Customers (data subjects) have the following rights under UK GDPR, subject to lawful limitations:

  • Right to access their personal data
  • Right to rectification
  • Right to erasure (“right to be forgotten”)
  • Right to restrict processing
  • Right to data portability
  • Right to object to processing
  • Right to withdraw consent (where applicable)
  • Right to lodge a complaint with the Information Commissioner’s Office (ICO)

We assist clients in responding to such requests in a timely and compliant manner.

9. Security Measures

We take appropriate technical and organisational measures to protect personal data, including secure storage, encrypted communications, and access control. Any data breach will be reported to the affected parties in accordance with the UK GDPR breach notification requirements.

10. Purpose of Data Sharing

Personal data may be processed for the following lawful purposes:

  • Delivering and supporting client services
  • Monitoring, planning, or improving service delivery
  • Meeting legal or statutory obligations

If new purposes for data use arise, these will be evaluated for legal compliance and, where necessary, the client will be consulted before processing.

11. Agreement and Undertaking

All parties agree to handle personal data in a lawful, fair, and transparent manner. Clients must ensure that any data shared with Ctrl-X Digital Ltd has been obtained lawfully. We agree to uphold the terms outlined in this policy and to report any data protection concerns promptly.

Contact

Ctrl-X Digital Ltd
Enquiries via the Contact Form