Privacy Policy

1. Who I Am

I'm Tim Norris, a sole trader providing web design, development, and hosting services based in the United Kingdom.

For the purposes of data protection law, I am the "data controller" of the personal information I collect through this website and my services.

Contact:
Email: me@timmynorris.co.uk
Website: timmynorris.co.uk

2. What Data I Collect

Information you provide directly:

• Contact form submissions: Name, email address, phone number (optional), company name (optional), project type, and your message
• Email correspondence: Any information you share when emailing me
• Project information: Details you provide during consultations or project work
• Hosting account details: Information needed to set up and manage hosting services

Information collected automatically:

• Technical data: IP address, browser type, device information
• Usage data: Pages visited, time spent, referring website
• Cookies: See Section 8 for details on cookies

3. How I Use Your Data

I use your personal data for the following purposes:

Purpose	Legal Basis (GDPR)
Responding to your enquiries	Legitimate interest / Contract performance
Providing services you've requested	Contract performance
Managing hosting accounts	Contract performance
Sending project updates	Contract performance
Improving my website	Legitimate interest
Legal compliance	Legal obligation

I will never sell, rent, or share your personal data with third parties for marketing purposes.

4. Data Sharing

I may share your data with:

• Hosting providers: To provide web hosting services (data processed in accordance with their privacy policies)
• Email service providers: To send you communications
• Payment processors: To process payments securely
• Professional advisors: Accountants, lawyers if legally required
• Law enforcement: If required by law or to protect legal rights

All third parties are required to respect the security of your data and treat it in accordance with the law.

5. Data Retention

I keep your data only for as long as necessary:

• Contact form submissions: 2 years from last contact, unless we enter into a business relationship
• Client project data: 6 years after project completion (for legal and tax purposes)
• Hosting account data: Duration of service plus 1 year
• Financial records: 6 years (legal requirement)

6. Your Rights Under GDPR

Under UK GDPR and the Data Protection Act 2018, you have the following rights:

• Right of access: Request a copy of the personal data I hold about you
• Right to rectification: Request correction of inaccurate data
• Right to erasure: Request deletion of your data (subject to legal retention requirements)
• Right to restrict processing: Request limitation of how I use your data
• Right to data portability: Request your data in a structured, machine-readable format
• Right to object: Object to processing based on legitimate interests
• Right to withdraw consent: Where processing is based on consent

To exercise any of these rights, email me at me@timmynorris.co.uk. I will respond within 30 days.

You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk if you believe your data protection rights have been violated.

7. Data Security

I take the security of your data seriously and implement appropriate measures including:

• SSL/TLS encryption for all data transmission
• Secure password hashing for any account systems
• Regular security updates and patches
• Limited access to personal data on a need-to-know basis
• Secure backup procedures

While I implement robust security measures, no method of transmission over the internet is 100% secure. I cannot guarantee absolute security but will notify you and relevant authorities of any breach as required by law.

8. Cookies

This website uses minimal cookies:

• Essential cookies: Required for the website to function (e.g., session management)
• Analytics cookies: To understand how visitors use the site (anonymised)

You can control cookies through your browser settings. Blocking essential cookies may affect website functionality.

9. International Transfers

Your data is primarily stored and processed in the United Kingdom. If any data is transferred outside the UK, I ensure appropriate safeguards are in place, such as:

• Transfers to countries with adequate data protection (as recognised by UK law)
• Standard contractual clauses approved by the ICO

10. Children's Privacy

My services are not directed at individuals under 18. I do not knowingly collect personal data from children. If you believe I have inadvertently collected such data, please contact me immediately.

11. Third-Party Links

This website may contain links to third-party websites. I am not responsible for their privacy practices. Please review their privacy policies before providing any personal information.

12. Changes to This Policy

I may update this privacy policy from time to time. Significant changes will be communicated via email (for existing clients) or prominently displayed on this website. The "last updated" date at the top indicates when this policy was last revised.

13. Contact Me

If you have any questions about this privacy policy or how I handle your data, please contact me: