1. Who We Are
LocalWebsCoder is a web design and development business based in the United Kingdom. When we refer to "we", "us", or "our" in this policy, we mean LocalWebsCoder.
2. What Data We Collect
We collect only the minimum data necessary to provide our services:
Information you provide directly
- Contact form submissions: name, email address, phone number (optional), and your message content
- Email correspondence: any information you share when emailing us directly
- Project enquiries: business details, project requirements, and any files or briefs you send
Information collected automatically
- Server logs: IP address, browser type, referring page, pages visited, and timestamps. These are standard web server logs retained for security and diagnostic purposes.
- Essential cookies: session cookies required for the website to function (e.g. CSRF protection, form submissions). These are strictly necessary and do not track you.
What we do NOT collect
- We do not use Google Analytics, Facebook Pixel, or any third-party tracking scripts
- We do not use advertising or marketing cookies
- We do not sell, rent, or share your personal data with any third party for marketing purposes
- We do not use automated decision-making or profiling
3. How We Use Your Data
We use the data we collect for the following purposes:
- To respond to enquiries — when you contact us via our form or email, we use your details to reply
- To deliver our services — if you commission a project, we use your business information to deliver the agreed work
- To maintain site security — server logs help us detect and prevent malicious activity, brute-force attacks, and abuse
- To improve our website — we may review aggregated, anonymised server data to understand which pages are most visited
4. Legal Basis for Processing
Under UK GDPR, we process your personal data on the following legal bases:
- Consent: when you submit a contact form, you consent to us processing your message and contact details
- Contractual necessity: if you engage us for a project, processing your data is necessary to fulfil the contract
- Legitimate interests: server logs and security measures protect our website and users from threats
5. Data Retention
- Contact form submissions: retained for up to 12 months unless a project engagement follows, in which case project-related data is retained for the duration of the business relationship plus 6 years (for legal and accounting purposes)
- Server logs: automatically rotated and deleted after 90 days
- Cookies: session cookies expire when you close your browser. The GDPR consent preference is stored in your browser's localStorage indefinitely (you can clear it at any time)
6. Cookies
We use a minimal number of cookies, all of which are strictly necessary:
- PHPSESSID: a standard PHP session cookie used for form CSRF protection. Expires when you close your browser.
- lw_gdpr_consent: stored in localStorage (not a cookie) to remember your cookie banner preference. You can clear this via your browser settings at any time.
We do not use any third-party cookies, analytics cookies, or advertising cookies.
7. Third-Party Services
Our website uses the following third-party services:
- Google Fonts: web fonts are loaded from Google's servers. Google may log your IP address when fonts are requested. See Google's Privacy Policy.
- SMTP (email delivery): contact form submissions are sent via SMTP. The email provider processes your name, email, and message content to deliver the email to us.
We do not use any social media tracking pixels, embedded social widgets, or third-party analytics platforms.
8. Your Rights
Under UK GDPR, you have the following rights regarding your personal data:
- Right of access: request a copy of the personal data we hold about you
- Right to rectification: ask us to correct any inaccurate or incomplete data
- Right to erasure: ask us to delete your personal data ("right to be forgotten")
- Right to restrict processing: ask us to limit how we use your data
- Right to data portability: receive your data in a structured, commonly used format
- Right to object: object to our processing of your data based on legitimate interests
- Right to withdraw consent: withdraw consent at any time where processing is based on consent
To exercise any of these rights, contact us at hello@localwebscoder.co.uk. We will respond within 30 days.
9. Data Security
We take appropriate technical and organisational measures to protect your personal data, including:
- HTTPS encryption on all pages
- CSRF token protection on all forms
- SQL injection and XSS prevention
- Brute-force and rate-limiting protection
- Regular security updates and monitoring
- UK-based server hosting
10. Children's Privacy
Our website and services are not directed at children under the age of 16. We do not knowingly collect personal data from children. If you believe a child has submitted personal data to us, please contact us and we will delete it promptly.
11. Changes to This Policy
We may update this privacy policy from time to time. Any changes will be posted on this page with an updated "Last updated" date. We encourage you to review this policy periodically.
12. Contact & Complaints
If you have questions about this policy or wish to exercise your data rights, contact us:
If you are unsatisfied with our response, you have the right to lodge a complaint with the Information Commissioner's Office (ICO):