Privacy Policy

Digitally Baffled is a digital consultancy based in the United Kingdom. We provide digital transformation services to small businesses, including web design, digital marketing, IT support, and business setup services.

For the purposes of UK GDPR and the Data Protection Act 2018, Digitally Baffled is the data controller for personal data collected through this website.

If you have any questions about this policy or how we handle your data, you can contact us at [email protected] or by calling 07511 683542.

We collect personal data that you provide directly to us, including: your name, email address, phone number, company name, and any information you include in messages sent through our contact form.

We may also collect technical data automatically when you visit our website, such as your IP address, browser type, device type, pages visited, and time spent on the site. This is collected through cookies and analytics tools.

We do not collect sensitive personal data (such as health information, financial details, or data about protected characteristics) through this website.

We use the personal data you provide to respond to your enquiries and provide the services you have requested.

We may use your contact details to send you information about our services where you have indicated an interest. You can opt out of marketing communications at any time by contacting us.

We use technical and analytics data to understand how our website is used and to improve its performance and content.

We will never sell your personal data to third parties, and we will never use it for purposes incompatible with those described in this policy.

We process your personal data on the following legal bases under UK GDPR:

Legitimate interests — to respond to enquiries, improve our services, and communicate with prospective clients about services they have expressed interest in.

Contract performance — where we are providing services to you under a contract, we process your data as necessary to fulfil that contract.

Consent — where we rely on consent (for example, for certain marketing communications), you have the right to withdraw that consent at any time.

We retain personal data only for as long as necessary for the purposes for which it was collected, or as required by law.

Enquiry data is typically retained for up to 2 years from the date of last contact. Client data is retained for up to 6 years following the end of a contract, in line with standard business and tax record-keeping requirements.

You can request deletion of your data at any time (see Your Rights below), subject to any legal obligations we have to retain it.

We do not sell or rent your personal data to any third party.

We may share your data with trusted third-party service providers who assist us in operating our business, such as email and hosting providers. These providers are contractually required to handle your data securely and only for the purposes we specify.

We may disclose your data if required to do so by law, or in response to a valid request from a law enforcement or regulatory authority.

Our website uses cookies to improve your browsing experience and to help us understand how the site is used. Cookies are small text files stored on your device.

We use essential cookies (required for the site to function), analytics cookies (to understand usage patterns), and preference cookies (to remember your settings such as dark/light mode).

Analytics cookies are only set after you give explicit consent via the cookie banner. We use Google Analytics 4 (GA4) to understand how visitors use our site — this data is anonymised and processed by Google in accordance with their privacy policy (policies.google.com/privacy). You can opt out of Google Analytics at any time by declining cookies or using the Google Analytics Opt-out Browser Add-on.

You can control cookies through your browser settings. Disabling certain cookies may affect the functionality of the website.

Under UK GDPR, you have the following rights regarding your personal data:

Right of access — you can request a copy of the personal data we hold about you.

Right to rectification — you can ask us to correct inaccurate or incomplete data.

Right to erasure — you can ask us to delete your personal data in certain circumstances.

Right to restrict processing — you can ask us to limit how we use your data.

Right to data portability — you can ask us to provide your data in a structured, machine-readable format.

Right to object — you can object to our processing of your data where we rely on legitimate interests.

To exercise any of these rights, please contact us at [email protected]. We will respond within one month.

If you are unhappy with how we have handled your data, you have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.

We take the security of your personal data seriously and implement appropriate technical and organisational measures to protect it against unauthorised access, loss, or disclosure.

All data transmitted through our website is encrypted using SSL/TLS. Access to personal data is restricted to those who need it to carry out their responsibilities.

In the event of a data breach that is likely to result in a risk to your rights and freedoms, we will notify the ICO within 72 hours and inform affected individuals without undue delay.

We may update this privacy policy from time to time to reflect changes in our practices or legal requirements. The date at the top of this page will always show when it was last updated.

We encourage you to review this policy periodically. Continued use of our website following any changes constitutes your acceptance of the updated policy.