Privacy policy

Data controller

The organisation responsible for this website (controller) is Webco Services Ltd, operating under the brand Webco Media. Weston-super-Mare, trading UK-wide.

For everyday privacy enquiries, use the contact form. Formal subject rights requests are handled via the same channel so we can verify identity securely.

What we collect and why

Contact form

When you submit the contact form we collect whatever you voluntarily provide — typically name, email address and free-text message — solely to evaluate and reply to your enquiry. We do not add submitters to marketing lists purely from one form submission unless you separately opt in later.

The lawful bases we rely upon are ordinarily legitimate interests for responding where you proactively contact us, alongside potential pre-contract steps if our teams discuss a scoped engagement next.

Hosting & security logs

Our hosting platform (currently Vercel and related infrastructure suppliers) inevitably processes technical data such as IP addresses, device headers and timestamps to deliver HTTPS pages and detect abuse (DDoS, spam). Purposes: securing the network, diagnosing faults, safeguarding staff accounts behind authentication.

Authentication (sign-in)

Team members authenticated through Clerk consume identity data needed to distinguish permitted staff — ordinarily email identifiers and session artefacts. Ordinary marketing visitors browsing public pages rarely trigger this processing.

Newsletter & marketing

We do not host a subscriber product on this rollout. If newsletter or downloadable content capture is launched, we will collect only what is necessary and record separate, explicit consent (or demonstrate another lawful route) compliant with UK GDPR & Privacy and Electronic Communications Regulations (PECR).

Automated decisions

We make no materially significant decisions about enquirers using solely automated means.

Sharing & processors

We share minimal personal information with subcontractors that help us run the infrastructure and email deliverability (currently including Vercel, Clerk authentication, transactional email tooling such as Resend / analogous providers subject to contractual data processing terms). Contracts include appropriate obligations for security and lawful processing unless we pivot suppliers.

International transfers

Some processors may operate from the United States or other territories outside the United Kingdom / European Economic Area. Where such transfers arise we rely upon UK International Data Transfer Agreement / adequacy regimes or supplementary measures as articulated by the ICO guidelines at the relevant time — check your vendor documents for SCC / IDTA updates.

Retention

Operational logs roll off routinely; substantive enquiry threads may be archived for lawful business-record keeping (commercial necessity, HMRC / accounting rules, unresolved disputes). We delete identifiable content when no legitimate purpose remains unless law compels retention.

Security

We apply organisational and technical safeguards proportionate to the risk — HTTPS transport, hardened access, MFA for privileged accounts behind authentication, patching discipline. Absolute security cannot be promised; please protect your own passwords and endpoints.

Your rights

Under UK GDPR (and equivalent applicable law where you reside) you may have rights including access, rectification, erasure (where applicable), restriction, objection where processing hinges on legitimate interests, data portability where technically feasible, plus the right not to suffer automated decision adverse effects outlined above — subject to exemptions. You may escalate complaints to the UK Information Commissioner’s Office (ICO).

Children

This service is oriented to businesses and adults. We do not knowingly collect data about children.

Cookies

Read our standalone Cookie policy for categories, choices and lawful bases around browser storage technologies.

Changes

We may revise this policy as services evolve. Meaningful alterations will surface an updated revision date — materially sensitive changes affecting previously collected items may garner additional prominence or separate notice per regulatory expectations.