Privacy Policy

Jorvik Web Dev

Last updated: [DATE]

1. Who we are

Jorvik Web Dev is the trading name of Hannah Feehan, a sole trader based in York, operating a web design and SEO studio.

We are the data controller for the personal data described in this policy.

Address: 42 Seebohm Mews, York, YO31 0SJ
Contact email: hello@jorvikweb.dev
ICO registration number: [ICO NUMBER]

2. What this policy covers

This policy explains what personal data we collect, why, what we do with it and what rights you have. It covers this website, our enquiry and onboarding process, and our work with clients.

It does not cover websites we have built for clients. Those sites are controlled by the client and governed by their own privacy policy.

3. Controller and processor

This matters for understanding who is responsible for what.

We are the controller for data about our own enquirers, clients and website visitors. We decide why and how it is used, and this policy explains that.

We are a processor when we handle personal data belonging to a client's website users during development, maintenance or SEO work. In that situation the client is the controller. We act on their instructions, under a written agreement, and their privacy policy applies to that data, not ours.

4. The personal data we collect

Enquiry data — name, email address, phone number, business name, and whatever you tell us about your project when you contact us or book a call.

Client data — contact details, billing details, business information, project requirements, and correspondence throughout a project.

Client portal data — account details, uploaded files and assets, task and approval activity, and invoice records.

Content and assets you provide — copy, images, logos and other material for your site. Where this contains personal data about your own staff or customers, section 3 applies and we handle it as a processor.

Access credentials — where you give us access to your hosting, domain registrar, CMS, analytics or advertising accounts to carry out work.

Financial data — invoicing and payment records. We do not store card details; payments are handled by our payment provider.

Technical data — IP address, browser type, device information, and how you use our website. See our [Cookie Policy].

Marketing data — your details and preferences if you subscribe to updates.

5. Why we use your data and our lawful basis

What we doWhyLawful basisRespond to your enquiryTo answer your question and quoteLegitimate interests, and steps at your request before a contractDeliver projects and servicesTo do the work you engaged us forContractOperate the client portalTo manage your project and give you access to itContractInvoice and take paymentTo get paidContract, and legal obligation for recordsChase overdue paymentTo recover money owedLegitimate interestsSend updates or newslettersTo keep you informed about our workConsentPublish case studiesTo show what we doLegitimate interests, with your agreement, or consent for identifiable individualsWebsite analyticsTo understand and improve our siteConsentKeep records after a project endsTo handle queries, disputes and legal claimsLegitimate interests, and legal obligationAccounting and taxTo meet our legal dutiesLegal obligation

Where we rely on legitimate interests, we have considered whether our interests are outweighed by your rights. You can ask us for details.

6. Case studies and portfolio

We may write about work we have done and show screenshots of it.

Where a case study identifies an individual rather than a business, we ask for agreement first. If you would rather we did not feature your project, tell us at hello@jorvikweb.dev and we will remove it from our own channels. Note that once something has been indexed by search engines or shared elsewhere, removal is not always entirely within our control.

7. Marketing

If you subscribe to updates, we will send you occasional emails about our work.

Where you are an existing client, we may send you information about services similar to those we have already provided, on the basis of our legitimate interests. You can opt out at any time.

You can unsubscribe using the link in any email or by contacting hello@jorvikweb.dev.

We do not sell your data or share it for third-party marketing.

8. Who we share your data with

We do not sell your personal data. We may share it with:

Service providers who help us operate, including our hosting, email, project management, storage, invoicing and payment providers. These act on our instructions under a written contract.

Platforms you have asked us to work with — for example your hosting provider, domain registrar or CMS, where we act on your behalf.

Professional advisers such as our accountant, where necessary.

Authorities, where required by law.

[DECISION NEEDED] Name your actual processors. Likely Vercel, Neon, Resend, Webflow, plus whatever handles invoicing and email.

9. Client credentials and access

Where you give us access to your accounts, we treat those credentials as confidential and use them only to carry out the work agreed.

We ask that access is granted through named accounts or delegated permissions rather than shared passwords wherever the platform allows it. We ask you to revoke our access when a project ends, and we will remind you at handover.

10. International transfers

Some of our service providers store or process data outside the UK.

Where that happens, we make sure appropriate safeguards are in place, such as UK adequacy regulations, or the International Data Transfer Agreement or the UK Addendum to the EU Standard Contractual Clauses.

[DECISION NEEDED] Check your Neon region setting — it affects what you can honestly say here.

11. How long we keep your data

DataRetentionEnquiries that don't become projects[1 year] from last contactClient project records and correspondence[6 years] after the project endsClient portal accounts and uploadsDuration of the engagement plus [12 months]Access credentialsDeleted at handover or when the engagement endsInvoices and financial records6 years plus the current tax yearNewsletter subscribersUntil you unsubscribe, then [1 year] to honour your requestWebsite analyticsAs set out in our Cookie Policy

The six-year figures reflect the limitation period for contract claims in England and Wales.

Data handled as a processor is retained and deleted according to the client's instructions and our agreement with them.

12. How we protect your data

We take appropriate technical and organisational measures, including access controls, encrypted storage where available, and limiting access to those who need it. No system is completely secure, but we take our responsibilities seriously and review our arrangements regularly.

13. Your rights

Under UK data protection law you have the right to:

To exercise any of these, contact hello@jorvikweb.dev. We will respond within one month, free of charge, though we may charge a reasonable fee or refuse a request that is manifestly unfounded or excessive. We may need to verify your identity first.

If your request relates to data we hold as a processor for a client, we will pass it to that client, who is responsible for responding.

14. Complaints

If you are unhappy with how we have handled your data, please tell us first at hello@jorvikweb.dev.

You also have the right to complain to the Information Commissioner's Office:

Information Commissioner's Office
Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF
Helpline: 0303 123 1113
ico.org.uk

15. Changes to this policy

We may update this policy from time to time. The date at the top shows when it was last revised.

16. Contact us

For anything relating to this policy, contact hello@jorvikweb.dev or write to us at 42 Seebohm Mews, York, YO31 0SJ.