1. Who We Are
Steven Gibbons Consulting Limited is a company registered in England and Wales. Our registered office is at Studio 4C, 4th Floor, Siemens House, Carliol Square, Newcastle upon Tyne, NE1 6UF.
For the purposes of the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018, we are the data controller of your personal data.
If you have any questions about this policy or how we handle your data, you can contact us at: steven@stevengibbons.dev
2. What Personal Data We Collect
We collect personal data only when you voluntarily provide it to us or when it is generated as part of your use of our website. This includes:
- Contact form submissions: your name, email address, and the details you share about your project or enquiry.
- Email correspondence: when you contact us directly by email, we receive the personal data contained in that communication.
- Website usage data: anonymous technical data such as IP addresses, browser type, pages visited, and time spent on the site, collected via analytics tools.
- Cookies: small files placed on your device to support website functionality and analytics. See section 9 for more detail.
We do not collect special category data (such as health information, political opinions, or biometric data) and we have no intention of doing so.
3. How We Use Your Personal Data
We use the personal data we collect for the following purposes:
- To respond to your enquiry or contact form submission.
- To discuss, scope, and deliver consulting and development services you have engaged us for.
- To send invoices, quotes, and project-related communications.
- To improve our website and understand how visitors use it.
- To comply with our legal obligations.
We do not use your personal data for automated decision-making or profiling.
4. Legal Basis for Processing
Under the UK GDPR, we rely on the following lawful bases for processing your personal data:
- Legitimate interests: responding to enquiries and communicating about potential or active projects, where this does not override your rights.
- Contract performance: processing necessary to deliver services you have engaged us to provide.
- Legal obligation: retaining records as required by UK tax and company law.
- Consent: where we rely on consent (for example, for non-essential cookies), you may withdraw it at any time without affecting the lawfulness of prior processing.
5. How Long We Keep Your Data
We retain personal data only for as long as is necessary for the purposes described in this policy:
- Enquiries that do not result in a project: up to 12 months from last contact.
- Project-related records including correspondence, contracts, and invoices: 7 years from the end of the financial year in which the project concluded, in line with HMRC requirements.
- Website analytics data: as determined by the analytics platform configuration, typically up to 26 months.
When data is no longer required, it is securely deleted or anonymised.
6. Who We Share Your Data With
We do not sell, rent, or trade your personal data. We may share it only in the following limited circumstances:
- Service providers: trusted third-party tools used to operate our business, such as email providers, accounting software, and hosting infrastructure. These providers are bound by data processing agreements and only process data on our instruction.
- Legal requirements: if required to do so by law, court order, or a regulatory authority.
- Professional advisors: our accountant or legal counsel, where necessary and subject to professional confidentiality obligations.
Where we use third-party processors, we ensure appropriate safeguards are in place and, where data is transferred outside the UK, that such transfers comply with UK GDPR requirements.
7. Data Security
We take the security of your personal data seriously. We implement appropriate technical and organisational measures to protect it against unauthorised access, alteration, disclosure, or destruction. These include encrypted communications, access controls, and regular security reviews of our systems and hosting infrastructure.
While we take all reasonable steps to protect your data, no method of transmission over the internet is completely secure. If you believe your data has been compromised, please contact us immediately.
8. Your Rights
Under UK GDPR, you have the following rights regarding your personal data:
- Right of access: to request a copy of the personal data we hold about you.
- Right to rectification: to ask us to correct inaccurate or incomplete data.
- Right to erasure: to request deletion of your data where there is no compelling reason for us to keep it.
- Right to restrict processing: to ask us to limit how we use your data in certain circumstances.
- Right to data portability: to receive your data in a structured, commonly used format where processing is based on consent or contract.
- Right to object: to object to processing based on legitimate interests.
- Rights related to automated decision-making: we do not carry out automated decision-making, but you have the right not to be subject to it.
To exercise any of these rights, please contact us at steven@stevengibbons.dev. We will respond within one calendar month. We may need to verify your identity before processing a request.
You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) if you believe we have not handled your data lawfully. You can contact the ICO at ico.org.uk or by telephone on 0303 123 1113.
9. Cookies
Our website uses cookies to support its operation and to understand how visitors interact with it. Cookies are small text files stored on your device.
- Strictly necessary cookies: required for the website to function. These cannot be disabled.
- Analytics cookies: used to collect anonymous information about how the site is used, helping us improve content and performance. These are only set with your consent.
You can control cookies through your browser settings or via our cookie consent banner on your first visit. Disabling certain cookies may affect website functionality.
For a full list of cookies in use and their purposes, please see our Cookie Policy.
10. Third-Party Links
Our website may contain links to third-party websites. We are not responsible for the privacy practices of those sites and recommend you review their privacy policies before providing any personal data.
11. Changes to This Policy
We may update this privacy policy from time to time to reflect changes in our practices or legal obligations. When we do, we will revise the "Last updated" date at the top of this page. Where changes are significant, we will take reasonable steps to notify you.
We encourage you to review this policy periodically.
12. Contact Us
If you have any questions, concerns, or requests regarding this privacy policy or your personal data, please contact us:
- Email: steven@stevengibbons.dev
- Post: Steven Gibbons Consulting Limited, Studio 4C, 4th Floor, Siemens House, Carliol Square, Newcastle upon Tyne, NE1 6UF