OUR POLICIES

Data Policy

If you have any questions or suggestions around our policies, then please feel free to reach out to us and let us know. Our team will come back to you as soon as we can.

REACH OUT TO OUR TEAMDownload Policy (PDF)

Data Policy

Version: 1.0
Last Updated: 25/04/2025
ICO Registration Number: ZB691070
ICO Public Register Entry

1. Overview

CreativeWP Ltd is committed to protecting the privacy and data rights of all clients and stakeholders. This Data Policy outlines how we collect, store, process, and protect personal and project-related data in line with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. We also adhere to best practices outlined by the Information Commissioner’s Office (ICO).

2. Data Collection

We only collect data essential to delivering the services outlined in our Scope of Work documents. This includes:

  • Contact details (name, phone number, email address)
  • Company information (company name, address, website)
  • Billing and payment details (stored securely via third-party providers like GoCardless, Stripe)
  • Hosting and domain credentials (only when relevant and necessary)
  • Project-specific content and design files

We do not collect or store sensitive personal data such as national insurance numbers, banking passwords, or biometric data.

3. Data Storage

All client-related data is securely stored in the following locations:

  • OneDrive (project files, documents, communications, timesheets)
  • Internal CRM (client contact information and project timelines)
  • Third-party services (GoCardless, Stripe, Google, Microsoft, etc.) where applicable

All data is stored on UK-based servers or fully GDPR-compliant platforms.

4. Data Access

Client data is only accessible by:

  • Internal CreativeWP Ltd team members working on your project
  • Subcontractors or partners under NDA, if applicable
  • The Client (via shared OneDrive or client portal)

Access is restricted and monitored. Clients have the right to request access or deletion of any personal data we hold, in accordance with GDPR.

5. Data Sharing

We never sell or rent client data. We only share data:

  • With GDPR-compliant third-party platforms essential to delivering your service
  • When required to comply with legal obligations

6. Data Retention

We retain project and account data for up to 6 years post-completion or termination of service, unless otherwise required for legal or contractual reasons.

7. Data Breaches

In the event of a data breach, CreativeWP Ltd will:

  • Notify affected clients within 72 hours of being made aware of the situation
  • Report the breach to the Information Commissioner’s Office (ICO) where necessary
  • Take remedial action to secure any compromised data

8. Client Responsibilities

Clients must:

  • Provide accurate and up-to-date information
  • Keep passwords and login credentials secure
  • Inform CreativeWP Ltd of any data access concerns

9. Data Protection Officer (DPO)

CreativeWP Ltd’s appointed Data Protection Officer (DPO) is Carl Hodges. As DPO, Carl is responsible for overseeing data protection strategy and ensuring compliance with UK data protection laws.

10. Contact & Concerns

To exercise your rights under GDPR or raise concerns about your data, contact us at:

Email: hello@creativewp.co.uk
Phone: +447815721375
Data Controller / DPO: Carl Hodges, Director

This policy is available in your welcome email and shared OneDrive folder.