Privacy Policy

PaisleyFinn is a sole trader web design and social media management business operated by Josh Watterson, United Kingdom.

We are the data controller for personal data collected through our website and in connection with our services. If you have any questions about how we handle your data, please contact us using the details at the bottom of this page.

We may collect and process the following types of personal data:

• Identity data: your name, business name
• Contact data: email address, phone number (including WhatsApp)
• Business data: information about your business, its services, and your goals — provided by you during onboarding or consultations
• Financial data: invoicing details such as your business name and address (we do not store card or bank account details)
• Content data: photos, copy, logos, and other assets you provide for us to use in your website or social media content
• Technical data: IP address, browser type, and pages visited — collected automatically via our website
• Communications data: records of emails, WhatsApp messages, or enquiries you send us

We do not knowingly collect data from anyone under the age of 18.

We collect personal data through the following means:

• Contact form on our website (paisleyfinn.co.uk)
• WhatsApp or phone — when you reach out directly
• Email — when you send us an enquiry or respond to our outreach
• Onboarding calls or briefings — information you share during discovery calls or monthly briefings
• Automatically — technical data collected via cookies and analytics tools when you visit our website

We use your personal data only for the following purposes:

• To respond to your enquiries and provide a quote or proposal
• To deliver the services you have contracted us for (website design, development, social media management)
• To send invoices and manage payments
• To communicate with you about your project, including progress updates and revision requests
• To comply with legal obligations
• To improve our website and understand how visitors use it (via anonymised analytics data)

We do not use your data for automated decision-making or profiling. We do not sell your data to any third party.

Under UK GDPR, we rely on the following legal bases to process your personal data:

• Contract: Processing is necessary to perform the services you have engaged us for, or to take steps prior to entering into a contract with you.
• Legitimate interests: We process certain data (such as analytics and enquiry records) based on our legitimate interests in running and improving our business — provided this does not override your rights.
• Consent: Where you have actively submitted a contact form or opted in to receive communications from us.
• Legal obligation: Where we are required to retain records for tax, accounting, or legal compliance purposes.

We do not sell or rent your personal data. We may share limited data with trusted third-party service providers who assist us in delivering our services, including:

• EmailJS — for processing contact form submissions
• Google Analytics — for anonymised website analytics
• Brevo (Sendinblue) — for email marketing communications (where you have consented)
• Namecheap — our hosting and domain provider
• Canva — for creating social media graphics on your behalf
• WhatsApp (Meta) — for client communication

All third-party providers are required to handle your data securely and in accordance with applicable data protection law. We only share what is necessary for them to perform their function.

We may also disclose your data if required by law, court order, or regulatory authority.

Our website uses cookies to improve your experience and to understand how visitors use the site. Cookies are small text files stored on your device.

We use the following types of cookies:

• Essential cookies: Required for the website to function properly. These cannot be disabled.
• Analytics cookies: Used via Google Analytics to understand how visitors interact with our site. All data is anonymised and aggregated. You can opt out at any time via your browser settings or using the Google Analytics Opt-out Browser Add-on.

You can control and delete cookies through your browser settings. Disabling certain cookies may affect the functionality of the site.

We retain your personal data only for as long as necessary for the purposes set out in this policy:

• Client data (project files, correspondence, invoices) — retained for 6 years after the end of our working relationship, in line with HMRC requirements
• Enquiry data (where no contract was formed) — retained for up to 12 months
• Analytics data — anonymised and retained in accordance with Google Analytics' standard retention settings

After the applicable retention period, your data will be securely deleted or anonymised.

Under UK GDPR, you have the following rights in relation to your personal data:

• Right of access — to request a copy of the data we hold about you
• Right to rectification — to ask us to correct inaccurate or incomplete data
• Right to erasure — to request deletion of your data in certain circumstances
• Right to restrict processing — to ask us to limit how we use your data
• Right to data portability — to receive your data in a structured, machine-readable format
• Right to object — to object to processing based on legitimate interests
• Right to withdraw consent — where processing is based on consent, you may withdraw it at any time

To exercise any of these rights, please contact us at hello@paisleyfinn.co.uk. We will respond within 30 days. We may need to verify your identity before processing your request.

We take reasonable technical and organisational measures to protect your personal data against unauthorised access, loss, or misuse. These include:

• SSL encryption on all pages of our website
• Password-protected access to client files and communications
• Use of reputable, security-conscious third-party platforms

While we take data security seriously, no transmission over the internet is completely secure. You share data with us at your own risk, and we cannot guarantee the absolute security of information transmitted to our website.

Our website may contain links to third-party websites (such as social media platforms or client sites we have built). We are not responsible for the privacy practices or content of those websites. We encourage you to read their privacy policies before submitting any personal data to them.

We may update this Privacy Policy from time to time. When we do, we will update the "Last updated" date at the top of this page. Where changes are significant, we will notify active clients by email.

The current version of this policy is always available at paisleyfinn.co.uk/privacy-policy.

If you have any questions about this Privacy Policy or wish to exercise your rights, please contact us:

• Email: hello@paisleyfinn.co.uk
• Phone / WhatsApp: 07506 536418
• Website: paisleyfinn.co.uk

If you are unhappy with how we have handled your data, you have the right to lodge a complaint with the UK's supervisory authority:

• Information Commissioner's Office (ICO)
  ico.org.uk/make-a-complaint · 0303 123 1113