Who We Are
Toby Cates Web Design is a sole trader web design business based in Birmingham, UK. For the purposes of UK data protection law, Toby Cates is the data controller — the person responsible for deciding how and why your personal data is processed.
Business name: Toby Cates Web Design
Trading location: Birmingham, UK
Email: hello@tobycates.co.uk
Website: tobycates.co.uk
If you have any questions about this policy or how we handle your data, please contact us at the email address above.
Data We Collect
2.1 Contact Form
When you submit an enquiry through the contact form on our website, we collect the following information:
- Full name
- Email address
- Phone number Optional
- Location (town or city)
- Business name
This information is submitted voluntarily and is used solely to respond to your enquiry and to provide the services you have requested.
Our services are available to UK-based individuals and businesses only. By submitting an enquiry, you confirm that you are based in the United Kingdom and are aged 18 or over.
2.2 Google Analytics
We use Google Analytics 4 to understand how visitors use our website. This service automatically collects the following when you visit our site:
- Pages visited and time spent on each page
- Device type, browser, and operating system
- General geographic location (country and region — not precise)
- How you arrived at our site (referral source)
This data is anonymised and aggregated. We do not use Google Analytics to identify individual visitors.
2.3 Google Maps
Our website includes an embedded Google Maps component. When you view a page containing this embed, Google may collect your IP address and set cookies in your browser to deliver the map. This processing is carried out by Google LLC and is governed by Google's Privacy Policy.
2.4 Google Search Console
We use Google Search Console to monitor our website's visibility in Google Search results. This service processes aggregated, anonymised data about how our site appears in search. It does not involve the collection of personally identifiable information from visitors.
2.5 Business Email
When you contact us directly by email, we store your email address and the content of your message, used solely to communicate with you in connection with your enquiry or project.
How We Use Your Data
We process your personal data only where we have a lawful basis for doing so under UK GDPR. The table below sets out what we use your data for and the legal basis that applies.
| Purpose | Data used | Legal basis |
|---|---|---|
| Responding to your website enquiry | Name, email, phone, location, business name | Legitimate interest |
| Providing web design services | Name, email, phone, business name | Contract performance |
| Responding to direct email enquiries | Email address, message content | Legitimate interest |
| Understanding how visitors use our site | Anonymised analytics data | Legitimate interest |
| Improving our website's search performance | Aggregated Search Console data | Legitimate interest |
We do not use your personal data for automated decision-making or profiling.
How We Store Your Data
Hosting
Our website is hosted by Hostinger. Contact form submissions are stored within the WordPress database on Hostinger's servers, located within the European Economic Area and subject to EU/UK data protection standards.
Retention periods
| Data type | Retention period |
|---|---|
| Contact form submissions | 12 months from submission, then permanently deleted |
| Email correspondence | Up to 2 years for business record purposes |
| Google Analytics data | 14 months (our configured retention period) |
| Google Maps data | Managed by Google per their data retention policy |
Security
We take reasonable technical measures to protect your data, including SSL encryption across all pages, regular backups, and up-to-date software. We do not store payment information — all payments are handled externally via bank transfer.
Who We Share Your Data With
We do not sell, rent, or trade your personal data to any third party. We share data only with the following service providers, strictly as necessary to operate our website and business:
| Provider | Purpose | Location |
|---|---|---|
| Hostinger | Website hosting and database storage | EU (EEA) |
| Google LLC | Analytics (GA4), search monitoring (Search Console), mapping (Google Maps) | USA — Standard Contractual Clauses apply |
| WPForms | Contact form processing (data stored locally on Hostinger) | EU (EEA) |
Where data is transferred outside the UK or EEA — such as to Google's US servers — we rely on Standard Contractual Clauses or the UK adequacy framework to ensure your data remains protected to an equivalent standard.
Cookies
Our website uses cookies — small text files stored in your browser — to help us understand how the site is used and to deliver third-party functionality such as embedded maps.
| Cookie name | Provider | Purpose | Duration |
|---|---|---|---|
_ga |
Google Analytics | Distinguishes unique users | 2 years |
_ga_XXXXXXXX |
Google Analytics | Maintains session state | 2 years |
| Google Maps cookies | Google LLC | Delivers embedded map content | Varies |
You can control and delete cookies at any time through your browser settings. Disabling cookies may affect some functionality on this site. For further information, visit allaboutcookies.org.
Your Rights Under UK GDPR
Under UK data protection law, you have the following rights regarding your personal data:
Request a copy of the personal data we hold about you.
Ask us to correct inaccurate or incomplete data.
Ask us to delete your data where there is no compelling reason to keep it.
Ask us to limit how we process your data in certain circumstances.
Receive your data in a structured, machine-readable format.
Object to processing based on legitimate interests.
To exercise any of these rights, contact us at hello@tobycates.co.uk. We will respond within 30 days. We may need to verify your identity before processing your request.
Children's Data
Our website and services are directed exclusively at UK-based adults aged 18 and over. We do not offer services to, or knowingly collect personal data from, anyone under the age of 18 or from individuals based outside the United Kingdom.
If you believe we have inadvertently collected data from a minor or from someone outside the UK, please contact us at hello@tobycates.co.uk and we will delete it promptly.
Complaints
If you are unhappy with how we have handled your personal data, please contact us in the first instance so we can try to resolve the matter:
Email: hello@tobycates.co.uk
If you remain dissatisfied after contacting us, you have the right to lodge a complaint with the UK's supervisory authority:
Information Commissioner's Office (ICO)
Website: ico.org.uk
Helpline: 0303 123 1113
Address: Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
Changes to This Policy
We may update this privacy policy from time to time to reflect changes in our practices, services, or legal obligations. The "last updated" date at the top of this page will always reflect the most recent revision.
We encourage you to review this policy periodically. Where changes are significant, we will take reasonable steps to draw them to your attention.
Continued use of our website following any update constitutes acceptance of the revised policy.