Privacy Policy

How we collect, use, and protect your personal information.

Last updated:

1. Data Controller

The data controller responsible for your personal data is:

Sievebacksweep
Rhydoldog House, Llansantffraed-Cwmdeuddwr, Rhayader LD6 5HB, United Kingdom
Email: inquiry@sievebacksweep.world
Phone: +44 1597 470125

2. Scope of This Policy

This Privacy Policy explains how we collect, use, store, and protect personal data when you visit sievebacksweep.world or contact us through our website. We comply with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and the Privacy and Electronic Communications Regulations 2003 (PECR) where applicable.

This website provides free, educational, and informational content about office activity plans. We do not sell products or services through this website, and we do not process payment card data.

3. Personal Data We Collect

3.1 Data You Provide Directly

When you use our contact form, we may collect:

  • Full name
  • Email address
  • Message content and subject of your inquiry
  • Consent confirmation for data processing
  • Date and time of submission

We do not require you to create an account to use this website.

3.2 Data Collected Automatically

When you visit our website, we may automatically collect:

  • IP address (truncated or anonymized where possible)
  • Browser type and version
  • Operating system and device type
  • Pages visited, time spent on pages, and navigation paths
  • Referring website address or campaign source
  • Cookie and consent status stored in localStorage
  • Date and time of access

Non-essential analytics and marketing technologies are used only if you provide consent through our cookie banner.

3.3 Data We Do Not Collect

We do not intentionally collect special category personal data as defined under UK GDPR, financial or payment information, government identification numbers, or precise geolocation data beyond what is inherent in standard server logs.

4. Purposes and Legal Bases for Processing

Under UK GDPR Article 6, we process personal data on the following bases:

  • Responding to contact inquiries — Purpose: to read, respond to, and maintain a record of your message. Legal basis: consent (Article 6(1)(a)) when you submit the contact form and tick the consent box; legitimate interests (Article 6(1)(f)) in operating our business communications.
  • Website functionality and security — Purpose: to deliver pages, prevent abuse, maintain logs, and protect the website. Legal basis: legitimate interests (Article 6(1)(f)) in operating a secure website.
  • Cookie consent management — Purpose: to store and honour your cookie choices. Legal basis: legitimate interests (Article 6(1)(f)) and, for non-essential cookies, consent (Article 6(1)(a)) under PECR.
  • Analytics (with consent only) — Purpose: to understand aggregated website usage and improve content. Legal basis: consent (Article 6(1)(a)).
  • Marketing and advertising measurement (with consent only) — Purpose: to measure advertising effectiveness and deliver relevant content, including where Google Ads or similar platforms are used. Legal basis: consent (Article 6(1)(a)) under PECR and UK GDPR.
  • Legal compliance — Purpose: to comply with applicable law, respond to lawful requests, and establish or defend legal claims. Legal basis: legal obligation (Article 6(1)(c)) and legitimate interests (Article 6(1)(f)).

Where we rely on legitimate interests, we have assessed that our interests are not overridden by your rights and freedoms. You may object to processing based on legitimate interests as described in Section 8.

5. Automated Decision-Making and Profiling

We do not use your personal data for automated decision-making or profiling that produces legal or similarly significant effects on you.

6. Data Retention

We retain personal data only for as long as necessary to fulfill the purposes for which it was collected:

  • Contact form submissions: up to 24 months from the date of submission, unless a longer period is required for legal or regulatory reasons
  • Analytics data: up to 26 months from collection, only where consent has been given
  • Cookie consent records: up to 12 months from the date consent was given or updated
  • Server log files: up to 90 days
  • Correspondence relating to data subject rights requests: up to 6 years where needed to demonstrate compliance

After the retention period expires, data is securely deleted or irreversibly anonymized. We review retention periods regularly and delete data that is no longer needed.

7. Data Processors and Recipients

We do not sell your personal data. We may share data with the following categories of recipients who process data on our behalf or as independent controllers:

  • Website hosting and infrastructure providers located in the United Kingdom or EEA
  • Email and communication service providers used to receive and respond to contact form messages
  • Analytics providers such as Google Analytics, only where you have given consent
  • Advertising and conversion measurement providers such as Google Ads, only where you have given consent
  • Content delivery networks used to deliver fonts and icons, which may process technical data such as IP addresses
  • Professional advisers, regulators, courts, or law enforcement where required by law

Where we use processors, we ensure appropriate contracts are in place requiring them to protect your data in accordance with UK GDPR. A list of specific processors is available on request by contacting us.

8. International Data Transfers

Some of our service providers may process personal data outside the United Kingdom. Where this occurs, we ensure a valid transfer mechanism is in place under UK GDPR Chapter V, such as:

  • An adequacy regulation issued by the UK Secretary of State
  • The UK International Data Transfer Agreement (IDTA) or UK Addendum to EU Standard Contractual Clauses
  • Binding corporate rules or other approved safeguards where applicable

You may request further information about transfer safeguards by contacting us using the details in Section 15.

9. Your Rights Under UK GDPR

Under the UK GDPR and Data Protection Act 2018, you have the following rights in relation to your personal data:

  • Right of access — Request a copy of the personal data we hold about you
  • Right to rectification — Request correction of inaccurate or incomplete data
  • Right to erasure — Request deletion of your data in certain circumstances ("right to be forgotten")
  • Right to restrict processing — Request that we limit how we use your data in certain circumstances
  • Right to data portability — Receive data you provided to us in a structured, commonly used, machine-readable format where processing is based on consent or contract and carried out by automated means
  • Right to object — Object to processing based on legitimate interests, including direct marketing
  • Right to withdraw consent — Withdraw consent at any time where processing is based on consent, without affecting the lawfulness of processing before withdrawal
  • Rights related to automated decision-making — Not to be subject to decisions based solely on automated processing that produce legal or similarly significant effects, where applicable

To exercise any of these rights, contact us at inquiry@sievebacksweep.world. We will respond within one calendar month, which may be extended by a further two months for complex requests as permitted by UK GDPR Article 12.

We may need to verify your identity before responding to certain requests. There is no fee for exercising your rights unless a request is manifestly unfounded or excessive.

10. Marketing Communications

We do not send unsolicited marketing emails. If you contact us through the contact form, we will use your details only to respond to your inquiry unless you separately opt in to receive further communications. You may opt out of any optional marketing at any time by contacting us or using any unsubscribe method provided in a communication.

11. Data Security Measures

We implement appropriate technical and organizational measures to protect your personal data, including:

  • HTTPS encryption for all data transmitted through our website
  • Access controls limiting data access to authorized personnel
  • Regular review of data processing activities and security practices
  • Secure storage with encryption at rest where applicable
  • Incident response procedures to assess and, where required, notify breaches to the ICO and affected individuals

12. Cookies and Similar Technologies

Our website uses cookies, localStorage, and similar technologies. For detailed information about the technologies we use, your choices, and the legal basis under PECR, please see our Cookie Policy.

13. Children's Privacy

Our website is not directed at individuals under the age of 16. We do not knowingly collect personal data from children. If you believe we have collected data from a child, please contact us immediately and we will take steps to delete it promptly.

14. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in law, technology, or our practices. Material changes will be posted on this page with an updated revision date. Where required by law, we will provide additional notice or seek consent.

15. Complaints and Supervisory Authority

If you are not satisfied with our response, you have the right to lodge a complaint with the Information Commissioner's Office (ICO), the UK supervisory authority for data protection:

Information Commissioner's Office
Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF, United Kingdom
Telephone: 0303 123 1113
Website: ico.org.uk

16. Contact

For any questions regarding this Privacy Policy or our data practices, contact us at:

Sievebacksweep
Rhydoldog House, Llansantffraed-Cwmdeuddwr, Rhayader LD6 5HB, United Kingdom
Email: inquiry@sievebacksweep.world
Phone: +44 1597 470125