Under UK GDPR, we rely on the following legal bases:
Consent
Where you sign up to receive our newsletter or consent to non-essential cookies.
Legitimate Interests
To respond to enquiries, communicate with prospective clients, improve our website, and protect our business and systems.
Legal Obligations
Where we are required to retain information for legal, tax or accounting purposes.Marketing Communications
We only send marketing emails to individuals who have actively opted in to receive them.
You can unsubscribe at any time by clicking the unsubscribe link in our emails or by contacting us at amy@thecopyhouse.uk.
Cookies and Website Analytics
Our website uses cookies and similar technologies.
These may include:
Essential cookies required for the website to function properly
Analytics cookies to help us understand how visitors use our website
We use:
Google Analytics
Google Search Console
Where required by law, we will ask for your consent before placing non-essential cookies on your device.
You can control cookies through your browser settings and any cookie preferences tools made available on our website.
Third-Party Services
We use trusted third-party providers to help run our business and website.
These may include:
Google Workspace and Google Drive
ActiveCampaign
Calendly
FreeAgent
Stripe
Figma
Trello
ChatGPT
Claude
Grammarly
These providers may process personal information on our behalf. We take reasonable steps to ensure that they handle information securely and in accordance with applicable data protection laws.
International Transfers
Some of our service providers may store or process personal information outside the United Kingdom.
Where personal information is transferred internationally, we take reasonable steps to ensure appropriate safeguards are in place and that information remains adequately protected.
Data Security
We take reasonable and proportionate measures to protect personal information from unauthorised access, loss, misuse or disclosure.
Our security measures include:
Strong passwords and password management practices
Two-factor authentication
VPN protection
Email spam and phishing filters
Antivirus software
Regular software updates
Secure cloud storage services
Although no online system can be guaranteed to be completely secure, we take data protection and cybersecurity seriously and regularly review our security practices.
Working with Third Parties
From time to time, we may use trusted subcontractors or external service providers to assist with delivering our services.
Where they have access to personal information, they are required to handle it confidentially and only use it for authorised business purposes.
How Long We Keep Information
We retain personal information only for as long as reasonably necessary.
Generally:
Client project files are retained for up to four years
Emails and enquiries are retained for up to four years
Financial and accounting records may be retained for as long as required by legal, tax and business record-keeping obligations
Information that is no longer required will be securely deleted or anonymised where appropriate.
