Compliant with the UK Data Protection Act 2018, UK GDPR and Privacy and Electronic Communications Regulations (PECR) 2003 

At Adam Hayles Creative we are committed to protecting your privacy and handling your personal data in accordance with the Data Protection Act 2018, UK General Data Protection Regulation (UK GDPR) and Privacy and Electronic Communications Regulations 2003. 

This policy explains how we use, store, and protect personal data relating to all our clients, suppliers and website users including website visitors.  

1. Data Controller 

For the purposes of the UK GDPR, Adam Hayles Creative is the Data Controller. The individual responsible for compliance and the primary contact for all data protection enquiries is Adam Hayles. 

They can be contacted by writing at: 

Adam Hayles Creative  

20 Union Street, 

Newport, 

Isle of Wight, 

PO30 1QB 

Or at the following: - 

Email: adam@adamhayles.com 

Telephone: 07530743947 

2. UK GDPR 

Under UK GDPR we commit to ensuring that all personal data is handled responsibly and in line with legal requirements. We are also committed to accountability, ensuring that our processes and systems comply with GDPR and can be demonstrated if needed.  This means you can expect your personal data will be: - 

• Processed lawfully, fairly and in a transparent manner.  

-We will explain what data we collect and why. 

• Collected for specified, explicit and legitimate purposes and not further processed in a manner that is not compatible with these purposes.  

-Your data will only be used to provide our services, communicate with you, manage contracts or meet legal obligations. 

• Adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed. 

-We will only collect what information is needed. 

• Accurate and where necessary kept up to date. 

-When inaccuracies are identified these are erased or corrected without delay. 

• Kept in a form which allows clear identification of data subjects and stored for no longer than is necessary for the purposes for which the personal data are processed. 
• Your data is only kept for as long as it is needed for the purposes it was collected. 
• Kept secure. 

- Personal data is protected from unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisation measures. 

• The right to erasure. 
• Request the erasure of your personal data where there is no lawful reason for us to continue processing it. 

3. Information We May Collect 

The types of information we may collect include: - 

• Names and contact details 

(Email, telephone number, postal address) 

• Business name and title 
• Job titles or professional roles 
• Payment and billing information eg banking and invoices  
• Project-related correspondence and files. 
• Website usage information  
• IP address and browser type (from analytics) 
• Any cookie identifiers 
• Collected using third-party tools such as Google Analytics.  
• Where possible, IP addresses are anonymised before processing. 

4. How We Collect Data 

We collect data in the following ways: - 

• When you contact Adam Hayles Creative by telephone, email or our website. 
• When you sign a service agreement or retainer agreement. 
• When you make payments or receive invoices.  
• Through cookies or analytics tools on our website. 
• When you complete forms or newsletter sign-ups, and social media contact forms. 

Please note that social media contact forms may be subject to that social media platform’s privacy policies. 

5. Legal Basis for Processing 

We process personal data under the following lawful bases: - 

• Contract: to perform our obligations under client agreements. 
• Legal obligation: to comply with HMRC or accounting requirements. 
• Legitimate interests: to manage our business operations, maintain client relationships, respond to enquiries, and improve our services, provided these interests do not override rights and freedoms. 
• Consent: where you have opted into receiving marketing communications. Consent can be withdrawn at any time. 

6. How We Use Personal Data 

We use the data we collect to: - 

• Communicate with clients and suppliers. 
• Provide and manage design services. 
• Prepare and send invoices, quotes and contracts. 
• Maintain accounting and tax records. 
• Improve our website and client experience. 
• Only for the purpose it was collected.  

7. Data Storage and Security 

We take data security of your personal information very seriously. All personal data we collect is stored and processed securely to prevent unauthorised access, loss or misuse. 

How we protect personal information depends on the type of data- electronic  or paper records. 

Electronic Data 

• Stored on reputable cloud storage services and password-protected devices. 
• All third-party services we use operate under GDPR-compliant Data Processing Agreements. 
• Access is restricted to authorised personnel only.  
• Data is regularly backed up and encrypted where possible.  

Paper records 

• Stored in locked cabinets when not in use. 
• Access is limited to authorised personnel only. 

Security Reviews 

• We regularly review our data security measures to ensure they remain appropriate and effective. 
• When personal data is no longer needed, it is securely deleted or destroyed in accordance with our retention policy. 

8. Data Retention 

We retain personal data only for as long as is necessary to fulfil the  purposes for which it was collected or as required by law. For all financial  and tax- related documents these will be kept for 6 years. All marketing consent data until withdrawal or inactivity. All website analytics data will be  kept for a period of 12 months. 

9. Sharing Data 

Here at Adam Hayles Creative we do not share or sell any personal  data to third parties. We may share information only when: - 

• Required by law i.e. HMRC, legal proceedings 
• Necessary to deliver services i.e. file transfer via secure platforms. 

All third-party tools used such as cloud storage and invoicing software comply with GDPR standards. Any sharing with service-providers is under GDPR-compliant Data Processing Agreements. 

10. Your Rights 

Under UK GDPR, you have the right to: 

• Access the personal data we hold about you. 
• The right to restrict processing of your data and to request data portability where applicable. 
• Request correction or deletion of inaccurate data. 
• Withdraw consent (where processing is based on consent). 
• Object to processing based on legitimate interests. 
• Lodge a complaint with the Information Commissioner’s Office (ICO): www.ico.org.uk 

All requests including data subject access requests can be made in writing to:- 

Adam Hayles Creative, 

20 Union Street, 

Newport, 

Isle of Wight, 

PO30 1QB 

Please note we aim to respond to all requests within 1 month of receipt. 

11. Cookies 

Our website uses essential cookies which are necessary for website functionality. Our website also uses non-essential cookies, such as analytics to improve your experience when using our website and to also understand website traffic. Our use of cookies is in line with the Privacy and Electronic  Communications Regulations (PECR 2003) we provide a banner and cookie  notice explaining what data is collected and for what purposes. Non-essential cookies are only set if you give your consent via the cookie banner. You can accept, reject or manage your preferences for non-essential cookies  at any time. Where possible, IP addresses are anonymised before processing. 

12. Email marketing list 

We will only send you marketing communications if you have given consent. Marketing emails are sent via Mailchimp and all data is stored  securely on their servers in compliance with GDPR. You must explicitly opt-in to receive marketing communications. All electronic marketing complies with the Privacy and Electronic Communications Regulations  (PECR). You can unsubscribe at any time using the link in every marketing  email. 

13. Social Media 

Our website may include links to social media content. These third-party platforms may collect data about your interaction with the content. We recommend reviewing their privacy policies for more information. Any links on our social media profiles are provided for the purposes of convenience. We do not collect any data through these links and we are not  responsible for how third-party platforms handle your data. Please review  the privacy policies of the social media platforms you visit. When contacting  Adam Hayles Creative through a social media platform please be aware that  your data may be processed for your enquiry to be responded to. Please note that we are not responsible for how social media platforms handle your data. 

14. Changes to this Policy 

We may update this policy as and when required including any legislation changes. The latest version will always be available on our website and can be requested in writing. We recommend reviewing this policy to stay informed of any updates. 

Further reading: 

A guide to the data protection principles | ICO 

www.ico.org.uk 

What are PECR? | ICO 

Meta Privacy Policy – How Meta collects and uses user data | Privacy Centre | Manage your privacy on Facebook, Instagram and Messenger | Facebook Privacy 

LinkedIn Privacy Policy 

How Mailchimp is GDPR Compliant in the EU | Mailchimp 

Collect Consent with GDPR Forms | Mailchimp 

General Data Protection Regulation FAQs | Mailchimp 

Mailchimp Data Processing Addendum Preview | Mailchimp