Privacy Policy

Henderson Web ("we", "us" or "our") is committed to protecting personal data. This Privacy Policy explains how we collect, use, disclose and protect your personal information in compliance with the UK GDPR and the Data Protection Act 2018.

1. Who we are

Henderson Web is a UK-based website design and hosting business. We are the data controller for personal data collected through our website, forms and services.

Business name: [your registered business name]
Trading name: Henderson Web
Business address: [your business address]
Email: harry.edward.henderson@gmail.com
Phone: [your phone number]

2. What data we collect

We may collect personal data that you provide or that we generate, including:

a. contact details (name, business name, email, phone, address);
b. business details (website, industry, social links);
c. login or access details for your domain or hosting, if needed;
d. payment information (GoCardless or Stripe mandate references; we do not store full card numbers);
e. content you give us (text, images, logos for your site);
f. enquiry or support communications (messages, notes);
g. records of payments and invoices; and
h. technical data (for example IP address, and analytics data if enabled).

We do not intentionally collect special categories of personal data (for example health or religion) unless you choose to provide it.

3. How we collect data

We collect data from: you (via contact forms, emails or sign-up forms); our services (for example hosting logs, analytics tools, payment processors); and third parties (for example GoCardless, Stripe or hosting providers, which may supply your name and email after payment).

4. Why we use your data

We use personal data to:

a. respond to enquiries and provide the mockup and website service;
b. perform our contract (designing, building and hosting your website);
c. communicate with you about the project, send invoices and process payments;
d. manage our accounts and meet legal and tax obligations;
e. improve our website and services; and
f. send you marketing, with your consent, such as service updates or offers.

5. Lawful bases

We rely on the following lawful bases under UK GDPR:

Contract: where necessary to perform our contract with you (for example building your website and billing).
Legitimate interests: to run our business (responding to enquiries, improving services, preventing fraud, and marketing to business contacts where appropriate), provided your rights do not override those interests.
Legal obligation: to comply with legal and tax requirements (for example keeping accounting records).
Consent: for direct marketing communications and non-essential cookies. We will obtain consent via opt-in, and you can withdraw it at any time.

6. Sharing data with third parties

We may share your data with: payment processors (GoCardless, Stripe or similar); hosting providers; domain and email providers, if we manage those for you; professional advisers (accountants, solicitors) where needed; marketing platforms, if you opt into our emails; and legal or regulatory authorities, if required by law. We only share what is necessary and in compliance with data protection law.

7. International transfers

Some service providers (for example payment processors, cloud services or analytics) may process data outside the UK or EEA. Where this happens, we will ensure appropriate safeguards are in place, such as UK-approved Standard Contractual Clauses, to protect your data.

8. Retention

We keep personal data only as long as needed. Typical retention periods:

a. enquiry records: up to 2 years after last contact;
b. active client data: for the duration of our services;
c. accounting and legal records: up to 6 years (per HMRC requirements);
d. support and service communications: up to 6 years or until no longer needed.

After these periods, data will be securely deleted or anonymised. We may keep information longer where required for legal, tax or dispute reasons.

9. Cookies and website analytics

Our website uses cookies for basic functionality (for example forms) and may use analytics cookies (for example Google Analytics) to understand traffic. Non-essential cookies are only set if you consent via our cookie notice. You can control cookies through your browser settings at any time.

10. Your rights

Under UK GDPR you have the right to: access your data; have inaccurate data corrected; request erasure (subject to legal limits such as keeping invoicing records); restrict processing in certain situations; data portability; object to processing based on legitimate interests; and withdraw consent where we rely on it. You also have the right to complain to the Information Commissioner's Office (ICO).

11. How to make a request

To exercise any right, email us at harry.edward.henderson@gmail.com with "Data Protection" in the subject. We will respond within one month (extendable where the request is complex, but no more than three months, as permitted by law). We may ask you to verify your identity.

12. Third-party links

Our site may link to other websites (for example social media or partners). We are not responsible for their privacy practices. Please read the privacy notice of any site you visit.

13. Security

We take appropriate security measures (for example HTTPS, access controls, password protection and vetted providers) to safeguard your data. However, no internet transmission is completely secure. If you suspect a breach or unauthorised use of your data, contact us immediately.

14. Updates to this policy

We may update this Privacy Policy, for example if laws change or we add features. The latest version will be published on our website with the updated date shown at the top. For material changes affecting your rights, we will notify clients by email or a prominent notice.

15. Contact and complaints

If you have questions about data protection or this policy, contact Henderson Web by email at harry.edward.henderson@gmail.com or by phone on [your phone number]. You also have the right to complain to the ICO at ico.org.uk if you are unhappy with how we handle your data.