Privacy Policy

1. Who we are and how to contact us

GoodChildDesign (“we”, “us”, “our”) operates the website at goodchild-design.co.uk and provides design and related services in the United Kingdom. We are the controller of the personal data collected and processed through this website and in the course of our business.

If you have questions about this Privacy Policy or how we handle your personal data, contact our privacy team by email at privacy@goodchild-design.co.uk.

2. Scope of this policy

This Privacy Policy explains how we collect, use, disclose and safeguard personal data when you visit our website, communicate with us, subscribe to updates, or engage us to provide services.

We process personal data in accordance with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and, where applicable, the Privacy and Electronic Communications Regulations (PECR).

3. How we collect personal data

  • Directly from you: when you complete forms, email or call us, request a quote, subscribe to updates, download resources, or become a client.
  • Automatically: via cookies and similar technologies that capture technical and usage information when you browse our website.
  • From third parties: where lawful, for example from service providers that help us manage enquiries, analytics providers, or publicly available sources such as professional profiles and business registries.

4. Personal data we process

  • Identity and contact data: name, email address, telephone number, organisation, job title.
  • Enquiry and communication data: the content of your messages, project details, notes from calls or meetings, and your preferences.
  • Client and billing data (for clients only): invoice details, service records, contractual correspondence, and payment status. We do not store full payment card numbers on our systems.
  • Website and technical data: IP address, device and browser details, pages viewed, referral sources, and interaction data collected through cookies and similar technologies.
  • Marketing preferences: your choices about receiving updates and promotional communications.

We do not intentionally collect special category data (for example, health, political opinions, or religious beliefs). Please do not include such information in enquiries unless necessary and you consent to our processing of it for the purpose of your request.

5. Purposes and legal bases for processing

We process personal data for the following purposes and on the legal bases described below:

  • Operating our website, ensuring security and performance, and preventing fraud: legitimate interests (to run an effective and secure website and business).
  • Responding to enquiries, providing quotes, and pre-contract discussions: legitimate interests and, where we are taking steps at your request prior to entering a contract, performance of a contract.
  • Providing our services, managing projects, and client communications: performance of a contract.
  • Invoicing, accounting, tax and regulatory compliance: legal obligations and legitimate interests (to manage our business effectively).
  • Marketing communications (such as newsletters or updates): consent where required; for existing clients and business contacts, legitimate interests in direct marketing, with the ability to opt out at any time.
  • Analytics and improvements to our website and services: consent (for non-essential cookies and similar technologies); legitimate interests for aggregated, non-identifying insights where permitted.
  • Handling legal claims and compliance requests: legal obligations and legitimate interests (to establish, exercise or defend legal claims).

Where we rely on legitimate interests, we balance those interests against your rights and expectations. You can contact us for more information about these assessments.

6. Cookies and similar technologies

Cookies are small files placed on your device that help the website function and collect information about how you use it. We use:

  • Strictly necessary cookies: required for core functionality, security and network management. These do not require your consent.
  • Performance/analytics cookies: help us understand how visitors use the site so we can improve it. These run only with your consent.
  • Functionality cookies: remember your choices to provide enhanced features, used with your consent where required.

Examples of cookies that may be set include:

  • Session and security cookies from our content management system that keep the site running and protect against malicious activity (expire when you close your browser or within a short period).
  • Analytics cookies that may include identifiers such as “_ga” (up to 2 years), “_gid” (24 hours), and “_gat” (1 minute) if analytics services are enabled.

On your first visit, and at intervals thereafter, you can manage your cookie preferences through the consent banner presented on the site. You can also control cookies via your browser settings, including blocking or deleting them. Blocking some cookies may impact how the site functions.

We may use third-party analytics providers to help measure and analyse traffic and usage. Where we do so, we take steps to minimise data (for example, by truncating IP addresses where available) and ensure appropriate safeguards for any international transfers.

7. Sharing your personal data

We do not sell your personal data. We share personal data only as necessary and in accordance with the UK GDPR:

  • Service providers (processors) who support our operations and act on our instructions, such as website hosting and maintenance, email and productivity tools, analytics, customer relationship management, project management, secure file transfer, and invoicing/accounting systems.
  • Professional advisers, insurers, banks and auditors for legitimate business purposes.
  • Authorities, regulators, courts or law enforcement where required by law or necessary to protect rights, safety and property.
  • Business transfers: if we undergo a reorganisation, merger or sale of assets, personal data may be transferred as part of the transaction, subject to confidentiality safeguards.

8. International data transfers

Some of our service providers may be located outside the United Kingdom. Where personal data is transferred internationally, we ensure an adequate level of protection by using one or more of the following:

  • A UK adequacy regulation for the destination country.
  • Appropriate safeguards such as the UK International Data Transfer Agreement (IDTA) or the UK Addendum to the EU Standard Contractual Clauses, together with supplementary measures where necessary.

You can contact us for more information about international transfers relevant to your data.

9. Data retention

We keep personal data only for as long as necessary for the purposes set out in this policy, and to comply with legal, accounting and reporting obligations. Typical retention periods are:

  • Enquiries and correspondence: up to 24 months after our last interaction, unless you become a client or we need to retain records for legal reasons.
  • Client and project records: for the duration of the contract and generally 7 years thereafter to meet tax, accounting and legal requirements.
  • Marketing contact details: until you opt out or withdraw consent, or up to 24 months after your last meaningful interaction with us.
  • Website logs and security records: up to 12 months, unless required longer for security or legal reasons.
  • Analytics data: as configured by the analytics provider, commonly up to 26 months, subject to your consent choices.

We may retain data longer if necessary to establish, exercise or defend legal claims.

10. Your rights

Under the UK GDPR, you have the following rights (subject to conditions and exemptions):

  • Right of access to your personal data and to receive a copy.
  • Right to rectification of inaccurate or incomplete data.
  • Right to erasure (right to be forgotten).
  • Right to restriction of processing.
  • Right to data portability.
  • Right to object to processing based on our legitimate interests, including direct marketing.
  • Right to withdraw consent at any time where processing is based on consent.
  • Right not to be subject to a decision based solely on automated processing, including profiling, that produces legal or similarly significant effects.

To exercise your rights, email privacy@goodchild-design.co.uk. We may need to verify your identity before acting on a request. We aim to respond within one month.

You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO). ICO contact details: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF; telephone 0303 123 1113.

11. Data security

We apply appropriate technical and organisational measures to protect personal data against unauthorised access, alteration, disclosure or destruction. Measures include secure hosting, encryption in transit (TLS), access controls and authentication, least-privilege permissions, regular software updates, audit logging, and staff awareness. No method of transmission or storage is completely secure; we continually review and improve our safeguards.

12. Direct marketing

We may send you information about our services if you have opted in, or if you are an existing client or business contact and we believe it is relevant to you. You can opt out at any time by using the unsubscribe instructions in our messages or by emailing privacy@goodchild-design.co.uk.

13. Children’s privacy

Our website and services are not directed to children and we do not knowingly collect personal data from anyone under 13 years of age. If you believe a child has provided personal data to us, please contact us so we can delete it.

14. Third-party websites and services

Our website may include integrations or content from third parties (for example, embedded media, maps or social sharing features). These third parties may collect information about you in accordance with their own privacy policies. We are not responsible for the privacy practices of websites or services we do not control.

15. International users

If you access our website from outside the United Kingdom, your personal data may be processed in, and transferred to, countries that may have different data protection laws. We will protect your personal data as described in this policy and in accordance with applicable law.

16. Data Protection Officer and privacy contact

We are not required to appoint a Data Protection Officer. We have designated a privacy point of contact who can be reached at privacy@goodchild-design.co.uk for all questions and requests regarding this policy and your personal data.

17. Changes to this policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, or legal requirements. We will post the revised version on this page and update the “Last updated” date below. We encourage you to review this policy periodically.

Last updated: 8 December 2025

About The Editorial Team Terms of Service Legal Notice Privacy Policy Sitemap Contact
© 2025 GoodChildDesign