01283 214758 [email protected]

Legal · Privacy

Privacy Policy

Last updated: 15/6/2026

This policy explains how CADS Web ("CADS", "we", "us" or "our"), trading as CADS Web, collects, uses and protects your personal information when you visit cadsweb.co.uk, contact us, or use our services. It also sets out your rights under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

We are the "data controller" for the personal information described in this policy.

On this page

  1. Who we are
  2. Information we collect
  3. How we use it & our lawful bases
  4. Cookies & analytics
  5. Who we share it with
  6. International transfers
  7. Data we process for clients
  8. How long we keep it
  9. How we protect it
  10. Your rights
  11. Children's privacy
  12. Other websites
  13. Changes to this policy
  14. Contact & complaints

1. Who we are

CADS Web is a family-run web design studio based in Swadlincote, Derbyshire. For any questions about this policy or your personal data, you can reach us at:

CADS Web (trading as CADS Web)

127 Swadlincote Road, Woodville, Swadlincote, DE11 8DA

Phone: 01283 214758

Email: [email protected]

2. Information we collect

We only collect information we genuinely need. Depending on how you interact with us, this may include:

Information you give us

  • Enquiries: when you complete our contact form or email or call us, we collect your name, email address, phone number and the details of your message.
  • Clients: if you become a client, we collect the information needed to provide and bill for our services — for example business contact details, billing information and project materials.

Information we collect automatically

  • Usage & device data: when you visit the site, our servers and security/performance services automatically record technical information such as your IP address, browser type, pages viewed and the date and time of your visit.
  • Cookies & similar technologies: see the Cookies & analytics section below.

3. How we use it & our lawful bases

Under UK GDPR we must have a "lawful basis" for using your personal data. We use your information to:

  • Respond to your enquiry and provide the information or quote you've asked for — lawful basis: our legitimate interests in answering enquiries, and/or taking steps at your request before entering a contract.
  • Provide our services and manage our relationship with you as a client — lawful basis: performance of a contract.
  • Meet our legal and accounting obligations — lawful basis: legal obligation.
  • Keep the website secure and working well, and understand how it's used — lawful basis: our legitimate interests, and your consent where analytics cookies are involved.
  • [Send you marketing about our services, where you have asked us to or are an existing client — lawful basis: consent or legitimate interests. You can opt out at any time. Delete this bullet if you never send marketing.]

4. Cookies & analytics

Cookies are small files stored on your device. We use them to make the site work, keep it secure and — with your consent — understand how visitors use it. You can control or delete cookies through your browser settings, and through our cookie banner where shown.

[Confirm this table against a real cookie audit of your site, and adjust. PECR requires your consent before non-essential cookies are set.]

TypePurposeSet by
Strictly necessaryCore site function, security and load balancing.Our website & Cloudflare
Performance / cachingServing pages quickly.WP Rocket
AnalyticsUnderstanding how the site is used so we can improve it.[Google Analytics — confirm]

Where we use analytics, it is only set after you consent. We do not use analytics data to identify you personally.

5. Who we share it with

We do not sell your personal data. We share it only with trusted service providers ("processors") who help us run our business, and only as far as needed. These may include:

  • Hosting & infrastructure — [your hosting provider name] and Cloudflare, which deliver and protect the website.
  • Email & productivity — [Microsoft 365 / your email provider], which we use to receive and reply to your messages.
  • Forms — WPForms, which processes contact-form submissions on our site.
  • Analytics — [Google], where analytics is enabled.
  • Professional advisers — such as our accountant, and authorities where we're legally required to share information.

6. International transfers

Some of our providers (for example Cloudflare and Google) may process data outside the UK, including in the United States. Where that happens, we rely on appropriate safeguards recognised under UK data protection law — such as UK adequacy regulations or the International Data Transfer Agreement / Addendum — to keep your data protected.

7. Data we process for clients

When we build, host or maintain a website for a business client, we may handle personal data that belongs to their customers on their behalf. In those cases the client is the data controller and we act as their "processor", handling that data only on their instructions and under the terms of our agreement with them. [Keep, edit or remove this section to match how you actually work — and make sure your client contracts include data-processing terms if it applies.]

8. How long we keep it

We keep personal data only as long as we need it:

  • Enquiries that don't become projects: up to [24 months], then deleted or anonymised.
  • Client records and correspondence: for the life of our relationship and then for [6 years] to meet tax and legal requirements.
  • Analytics data: for the retention period set in our analytics tool.

9. How we protect it

We take reasonable technical and organisational measures to keep your information secure — including encryption in transit (HTTPS), access controls, security monitoring and regular updates. No method of transmission over the internet is completely secure, but we work to protect your data and to respond appropriately if anything goes wrong.

10. Your rights

Under UK GDPR you have the right to:

  • be informed about how we use your data (this policy);
  • request access to the personal data we hold about you;
  • ask us to correct inaccurate data;
  • ask us to delete your data ("right to erasure");
  • restrict or object to our processing;
  • request a copy of your data in a portable format; and
  • withdraw consent at any time, where we rely on consent.

To exercise any of these, just email us. We'll respond within one month. There's normally no charge.

11. Children's privacy

Our website and services are intended for businesses and are not directed at children. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us and we will delete it.

Our site and portfolio link to other websites, including those we've built for clients. We're not responsible for the privacy practices of other sites, so we'd encourage you to read their own privacy policies.

13. Changes to this policy

We may update this policy from time to time. When we do, we'll change the "last updated" date at the top of the page, and significant changes will be made clear on the site.

14. Contact & complaints

If you have any questions about this policy or how we handle your data, please get in touch:

Phone: 01283 214758

Email: [email protected]

Post: 127 Swadlincote Road, Woodville, Swadlincote, DE11 8DA

If you're not happy with how we've handled your data, you have the right to complain to the Information Commissioner's Office (ICO), the UK's data protection regulator, at ico.org.uk/make-a-complaint or on 0303 123 1113. We'd appreciate the chance to put things right first, so please do contact us before you do.

Contact Us