Privacy Policy
Last updated: 6 July 2026 and effective from that date.
This Privacy Policy explains how the Provider collects, uses, stores, and protects personal data when providing website design, hosting, support, domain management, and related services, and when visitors use this website or contact the Provider.
The Provider is committed to handling personal data in accordance with the UK GDPR, the Data Protection Act 2018, and related privacy laws applicable in the United Kingdom.
1. Who We Are
TechSpec is a trading Style of David Rutldige, sole trader.
For the purposes of data protection law, the Provider is the data controller for personal data collected directly from clients, prospective clients, and website users in connection with the Provider’s own business activities.
Where the Provider hosts or supports a client website that processes personal data on the client’s behalf, the client will usually be the data controller and the Provider will usually act as a processor or service provider, depending on the circumstances and the role actually performed.
2. Personal Data We Collect
The Provider may collect and process the following categories of personal data:
- Name, business name, postal address, billing address, email address, and telephone number.
- Account, project, and contract information.
- Payment and billing information, excluding full card details where payments are handled by third-party payment providers.
- Technical data such as IP addresses, browser information, device information, server logs, and security-related event data.
- Communications data, including emails, contact form submissions, support requests, and project correspondence.
- Website usage data collected through cookies or similar technologies where used.
- Any other information voluntarily provided by the client or website user.
3. How Personal Data Is Collected
Personal data may be collected when:
- A person contacts the Provider by email, phone, or contact form.
- A client requests a quotation or purchases services.
- A website is hosted, supported, monitored, or secured by the Provider.
- A domain is registered or managed on a client’s behalf.
- A website user browses this website and technical information is captured through logs or cookies.
4. How We Use Personal Data
The Provider may use personal data to:
- Respond to enquiries and provide quotations.
- Set up, deliver, maintain, and support services.
- Manage hosting, domains, DNS, security, backups, and technical operations.
- Issue invoices, take payments, and manage accounts.
- Communicate about projects, support requests, renewals, incidents, and service changes.
- Maintain security, prevent abuse, investigate incidents, and protect systems and infrastructure.
- Comply with legal, regulatory, accounting, and tax obligations.
- Improve the website, services, and user experience.
Privacy information should include the purposes for processing personal data, retention periods, and who data is shared with, and this policy is intended to provide that information in a concise and transparent form.
5. Lawful Bases
Depending on the context, the Provider relies on one or more of the following lawful bases:
- Contract: where processing is necessary to take steps before entering into a contract or to perform a contract with a client.
- Legal obligation: where processing is necessary to comply with legal or regulatory obligations.
- Legitimate interests: where processing is necessary for the Provider’s legitimate business interests, including operating services, securing systems, responding to enquiries, recovering debts, keeping records, and improving services, provided those interests are not overridden by an individual’s rights and interests.
- Consent: where consent is required, for example for certain optional cookies or certain forms of marketing.
The UK GDPR requires organisations to tell people what lawful basis they rely on for processing their personal data.
6. Marketing
The Provider may send service-related communications where necessary to administer accounts, projects, hosting, support, renewals, invoices, incidents, or contractual matters.
Marketing communications will only be sent where there is an appropriate lawful basis to do so. Where consent is required, the Provider will seek it before sending such communications, and individuals may opt out at any time.
7. Hosting and Client Data
Where the Provider hosts or supports a client website, the Provider may process personal data contained within that website, its databases, emails, forms, backups, and related systems solely for the purpose of providing the agreed services to the client.
In those cases, the client is generally responsible for determining the purposes and means of the processing and for ensuring that the website has an appropriate privacy notice, lawful basis, and any necessary consent mechanisms.
The Provider does not accept responsibility for the client’s compliance with data protection law in relation to the client’s own website content, forms, user databases, marketing activities, or application-level configuration.
8. Sensitive Data
The Provider may permit hosting or technical processing of sensitive or regulated data only where agreed in writing in advance and subject to any verification, due diligence, or additional safeguards considered necessary.
The client remains responsible for ensuring that any special category data or other regulated data processed through their website or systems is lawful and appropriately protected.
9. Sharing Personal Data
The Provider may share personal data with third parties where reasonably necessary, including:
- Hosting providers, data centres, and infrastructure suppliers.
- Domain registrars, DNS providers, SSL providers, and email service providers.
- Payment processors, accountants, legal advisers, insurers, and professional advisers.
- Software vendors, security providers, and technical subcontractors where needed to deliver services.
- Regulators, law enforcement, courts, or authorities where required by law or reasonably necessary to protect legal rights or prevent harm.
Individuals should be told who personal data will be shared with, and this includes categories of recipients where naming each recipient is not practical.
10. International Transfers
Some suppliers or service providers may process personal data outside the United Kingdom. Where this happens, the Provider will take reasonable steps to ensure that personal data is protected using appropriate safeguards required by applicable law.
11. Retention
The Provider keeps personal data only for as long as reasonably necessary for the purposes for which it was collected, including to provide services, comply with legal obligations, resolve disputes, enforce agreements, and maintain appropriate business and tax records.
Retention periods may vary depending on the type of data, the service provided, and applicable legal or operational requirements. Privacy information should explain retention periods, and organisations must provide this information to individuals.
12. Security
The Provider takes reasonable technical and organisational measures to protect personal data against unauthorised access, loss, misuse, disclosure, alteration, or destruction. These measures may include access controls, authentication, encryption where appropriate, patching, monitoring, backups, and security procedures appropriate to the nature of the service.
However, no method of transmission over the internet or electronic storage is completely secure, and no absolute guarantee of security can be given.
13. Cookies
This website may use cookies and similar technologies to make the website work, improve functionality, remember preferences, measure usage, and support embedded third-party content.
Organisations must provide clear and comprehensive information about cookies, and for cookies that are not strictly necessary, they must provide an appropriate way for users to consent.
Where required, optional cookies will only be used after the user has given appropriate consent. Users can also manage cookies through their browser settings, although some website features may not function properly if cookies are disabled.
14. Individual Rights
Subject to applicable law, individuals may have the right to:
- Request access to their personal data.
- Request correction of inaccurate or incomplete personal data.
- Request erasure of personal data in certain circumstances.
- Request restriction of processing in certain circumstances.
- Object to processing in certain circumstances.
- Request transfer of their personal data where applicable.
- Withdraw consent at any time where processing is based on consent.
- Lodge a complaint with the Information Commissioner’s Office (ICO).
Individuals have the right to be informed about the collection and use of their personal data, and privacy information must be concise, transparent, intelligible, and easily accessible.
15. Contact and Complaints
To ask a question about this Privacy Policy or to exercise any applicable data protection right, please contact the Provider using the contact details published on this website. We will respond to any complaint or data access request as soon as possible and certainly within thirty days.
If an individual is not satisfied with how their personal data has been handled, they may complain to the Information Commissioner’s Office via ico.org.uk.
16. Updates to This Policy
This Privacy Policy may be updated from time to time. Any updated version will apply from the date it is published on the website or otherwise notified.
