Last updated: 9 March 2026
Website: https://www.kaspercg.co.uk/
This Privacy Policy explains how Kasper CG (“we”, “us”, “our”) collects, uses, shares and protects your personal data when you visit our website or interact with us. It also outlines your rights under the UK GDPR and the Data Protection Act 2018.
If you have questions, please contact us using the details below.
1) Who we are (Data Controller)
Kasper CG
Warrington, Cheshire
WA10 4EB
Email: help@kaspercg.co.uk
We are the data controller for the personal data processed via our website and our services.
2) How we collect personal data
We collect data in the following ways:
- Directly from you: when you complete forms (contact/quote/booking), email us, call us, sign contracts, or subscribe to updates.
- Automatically: via cookies and similar technologies for analytics and site performance (see our Cookie Policy).
- From third parties: e.g., payment providers, advertising platforms (if you interact with our ads), or referrals/partners where lawful.
3) The personal data we collect
Depending on how you interact with us, we may collect:
- Identity & contact data: name, email address, phone number, company name, job title, postal address.
- Project & service data: project scope, requirements, content/assets you supply, feedback, support requests.
- Account/billing data (if applicable): invoices, payment status, VAT details, limited payment metadata from our payment provider (we do not store full card details).
- Technical & usage data: IP address, device/browser type, pages visited, time on page, referral source, consent preferences.
- Marketing & communications data: your preferences and engagement with our messages (e.g., opens/clicks if you subscribe).
We do not intentionally collect special category data. Please do not provide sensitive information unless we expressly ask for it and provide a lawful basis.
4) Purposes and lawful bases for processing
We use your data for the following purposes:
| Purpose | Examples | Lawful Basis |
|---|---|---|
| Provide our services | Respond to enquiries, proposals, design/build websites, provide training/support, manage projects. | Contract (Art. 6(1)(b)) or Legitimate interests (pre‑contract enquiries). |
| Customer support | Answer questions, troubleshoot, provide updates. | Contract or Legitimate interests. |
| Billing & administration | Invoicing, payments, accounting, tax records. | Legal obligation (tax), Contract, Legitimate interests. |
| Website operation & security | Hosting, uptime, security logs, performance. | Legitimate interests; PECR exemption for strictly necessary cookies. |
| Analytics & improvement | Understand site usage to improve content and services (e.g., GA4). | Consent (for non‑essential cookies). |
| Marketing | News, offers, updates, retargeting (e.g., Meta/Google Ads), testimonials (with permission). | Consent (electronic direct marketing) or Legitimate interests (B2B non‑electronic, where appropriate); you can opt out anytime. |
| Legal & compliance | Prevent fraud, enforce terms, respond to lawful requests. | Legal obligation or Legitimate interests. |
Where we rely on legitimate interests, we balance those interests against your rights and expectations.
5) How long we keep your data (retention)
We keep personal data only as long as necessary for the purposes described above:
- Enquiries (no contract): up to 12–24 months after last contact.
- Clients & projects: generally 6–7 years to align with tax/accounting requirements and project records.
- Marketing contacts: until you unsubscribe or your consent is withdrawn, plus a short suppression period to ensure no further contact.
- Analytics data: per the cookie lifespans in our Cookie Policy and vendor defaults (e.g., GA4 up to 14 months if configured).
We may keep data longer where required by law or to establish, exercise, or defend legal claims.
6) Sharing your data (recipients)
We share data with carefully selected processors and service providers to operate our business, for example:
- Website & infrastructure: hosting providers, content delivery networks (CDN), DNS, security/uptime tools.
- Analytics & marketing (if enabled): Google Analytics, Google Ads, Meta (Facebook) Pixel, email marketing tools.
- Payments (if applicable): Stripe, PayPal (we do not store full card details).
- Communications & productivity: email and calendar providers, project management tools, helpdesk.
- Professional advisors: accountants, legal advisors, insurers (where necessary).
- Regulators or law enforcement: where legally required.
We require processors to protect your data and only process it under our instructions. We do not sell your personal data.
7) International transfers
Some providers may process data outside the UK/EEA. Where this occurs, we ensure appropriate safeguards, such as:
- UK International Data Transfer Agreement (IDTA) or UK Addendum to EU SCCs;
- Adequacy regulations; or
- Other lawful transfer mechanisms.
For more detail, please see the privacy notices of relevant providers (e.g., Google, Meta, Stripe/PayPal) and our Cookie Policy.
8) Cookies and similar technologies
We use cookies and similar technologies for functionality, analytics, and (if enabled) marketing. We manage consent using Complianz. For full details, including how to change your preferences, please read our [Cookie Policy] and use the Cookie Settings link in the site footer.
9) Your rights
Under UK data protection laws, you have the right to:
- Access your personal data.
- Rectify inaccurate or incomplete data.
- Erase your data in certain circumstances.
- Restrict or object to processing (including direct marketing).
- Data portability (receive your data in a usable format).
- Withdraw consent at any time (where processing is based on consent).
- Complain to the UK Information Commissioner’s Office (ICO).
To exercise your rights, contact help@kaspercg.co.uk. We may need to verify your identity. You also have the right to complain to the ICO at https://ico.org.uk/ or by calling 0303 123 1113.
10) Keeping your data secure
We use appropriate technical and organisational measures to protect your data, including:
- Secure hosting and encryption in transit (HTTPS).
- Access controls and principle of least privilege.
- Regular updates and security monitoring.
- Vendor due diligence and data processing agreements.
While no method is 100% secure, we work to protect your data and promptly address issues.
11) Children’s privacy
Our website and services are not intended for children under 13. We do not knowingly collect personal data from children. If you believe a child has provided us data, please contact us so we can delete it.
12) Third‑party links
Our website may contain links to third‑party sites and embedded content (e.g., YouTube, maps). These third parties have their own privacy policies. We are not responsible for their practices.
13) Changes to this policy
We may update this Privacy Policy from time to time to reflect changes in law, technology, or our services. The “Last updated” date at the top indicates the most recent revision. Significant changes may be communicated via the website or email where appropriate.
14) Contact us
If you have questions or wish to exercise your rights:
Kasper CG
Warrington, Cheshire
WA10 4EB
Email: help@kaspercg.co.uk
