Privacy Policy
We take your privacy seriously. This page explains what personal data Pixelroot collects, why we collect it, and what your rights are under UK data protection law.
01 Who we are
This website is operated by Pixelroot, a web design studio based in Warrington, UK. For the purposes of UK data protection law, Pixelroot is the data controller for the personal information collected through this website.
Business name: Pixelroot
Location: Warrington, UK
Email: thestudio@pixelroot.online
Phone: 07823 602767
Website: pixelroot.online
02 What we collect
We only collect information that is necessary for running our business and providing our services. This includes:
| Information | How it is collected | Why we collect it |
|---|---|---|
| Name | Contact form, email, phone | To address you correctly and manage our working relationship |
| Email address | Contact form, email | To respond to enquiries and communicate about your project |
| Phone number | Contact form, phone call | To discuss your project and provide support |
| Business name and details | Contact form, calls, emails | To understand your business and deliver appropriate services |
| Payment information | Payment processor (Stripe or equivalent) | To process your monthly subscription. We do not store card details ourselves |
| Website usage data | Cookies and analytics tools | To understand how people use our site and improve it over time |
| IP address | Automatically, when you visit | Security monitoring and analytics |
We do not collect sensitive personal data such as health information, ethnicity, or financial account details. We do not buy or sell personal data.
03 How we use your information
We use personal data for the following purposes:
- Responding to enquiries. When you contact us, we use your details to reply and have a conversation about what you need.
- Delivering our services. To build, maintain, and support your website throughout our working relationship.
- Billing and administration. To raise invoices, manage subscriptions, and keep accurate business records.
- Improving our website. Analytics data helps us understand how people find and use pixelroot.online so we can make it better.
- Legal compliance. To meet our obligations under UK law, including tax and accounting requirements.
We do not use your personal data for automated decision-making or profiling. We do not send marketing emails unless you have specifically asked us to.
04 Legal basis for processing
Under UK GDPR, we are required to have a lawful basis for processing your personal data. We rely on the following:
Contract
When you become a client, processing your data is necessary to deliver the services we have agreed. This covers communication, project delivery, and billing.
Legitimate interests
We have a legitimate interest in responding to enquiries from prospective clients and in understanding how our website is being used so we can improve it. We have considered whether this interest overrides your privacy rights and believe it does so proportionately.
Legal obligation
Some data, such as financial records, must be retained to comply with UK tax and accounting law.
Consent
Where we use cookies beyond those that are strictly necessary, we will ask for your consent. You can withdraw consent at any time by adjusting your cookie preferences or contacting us directly.
05 Who we share your information with
We do not sell your personal data. We only share it with third parties where it is necessary to deliver our services or meet a legal obligation. These may include:
| Third party | Purpose | Where based |
|---|---|---|
| WordPress hosting provider | Hosting your website | UK or EEA (depends on provider) |
| Payment processor (e.g. Stripe) | Processing monthly plan payments | USA (with UK GDPR safeguards) |
| Google (Analytics, Search Console) | Website analytics and performance monitoring | USA (with UK GDPR safeguards) |
| Calendly | Booking discovery calls | USA (with UK GDPR safeguards) |
| Email provider | Business email communication | Varies by provider |
| Accountant or HMRC | Legal and financial compliance | UK |
All third parties we work with are required to handle your data securely and in compliance with applicable data protection law.
06 Cookies
Cookies are small text files stored on your device when you visit a website. We use the following types of cookies on pixelroot.online:
Strictly necessary cookies
These are required for the website to function. They do not require your consent and cannot be turned off. They include things like session management and security tokens.
Analytics cookies
We use Google Analytics to understand how visitors use our site. Which pages are popular, how people arrive, and where they leave. This data is anonymised and aggregated. These cookies are only set with your consent.
Third-party cookies
Embedded content such as booking widgets (Calendly) may set their own cookies. These are governed by the respective third party’s privacy policy.
You can control or delete cookies through your browser settings at any time. Disabling analytics cookies will not affect your ability to use this website.
07 How long we keep your information
We keep personal data only for as long as necessary. Our general approach is:
| Data type | Retention period | Reason |
|---|---|---|
| Enquiry data (no project started) | 12 months | Reasonable follow-up period |
| Client project data | Duration of contract plus 2 years | Support and dispute resolution |
| Financial and billing records | 7 years | UK tax law (HMRC requirement) |
| Website analytics | 26 months (Google Analytics default) | Performance tracking |
When data is no longer needed, we delete it securely. If you would like us to delete your data sooner, see your rights below.
08 Your rights
Under UK GDPR, you have the following rights in relation to your personal data:
- Right of access. You can ask us what personal data we hold about you and request a copy of it.
- Right to rectification. If any information we hold is inaccurate or incomplete, you can ask us to correct it.
- Right to erasure. You can ask us to delete your personal data where there is no legitimate reason for us to continue holding it.
- Right to restrict processing. You can ask us to pause processing your data in certain circumstances, for example while a complaint is being resolved.
- Right to data portability. Where we process your data by automated means on the basis of consent or contract, you can ask for a copy in a machine-readable format.
- Right to object. You can object to processing based on legitimate interests. We will stop unless we can demonstrate compelling grounds that override your interests.
- Rights related to automated decision-making. We do not carry out automated profiling or decision-making, so this right is unlikely to apply – but you can ask us about it at any time.
To exercise any of these rights, get in touch using the contact details in section 13. We will respond within one month. There is no charge for making a request.
If you are not satisfied with how we have handled your data, you have the right to complain to the UK Information Commissioner’s Office (ICO) at ico.org.uk or by calling 0303 123 1113.
09 International data transfers
Some of the third-party tools we use, such as Google Analytics, Stripe, and Calendly, are based in the United States. When data is transferred outside the UK, we ensure that appropriate safeguards are in place, such as the UK’s International Data Transfer Agreement or adequacy decisions.
You can find more detail on the safeguards used in each provider’s own privacy documentation.
10 How we protect your data
We take reasonable technical and organisational steps to protect your personal data from unauthorised access, loss, or disclosure. This includes:
- SSL encryption on all Pixelroot websites
- Secure, password-protected access to client files and accounts
- Use of reputable third-party providers with their own security standards
- Keeping software and plugins up to date
No method of transmission over the internet is completely secure. While we do our best to protect your data, we cannot guarantee absolute security.
11 Children
Our website and services are intended for adults. We do not knowingly collect personal data from anyone under the age of 16. If you believe a child has provided us with personal data, please contact us and we will delete it promptly.
12 Changes to this policy
We may update this privacy policy from time to time. When we do, we will update the “last updated” date at the top of the page. If any changes are significant, we will make reasonable efforts to notify active clients directly.
We recommend checking this page periodically if you are a regular user of our website.
13 How to contact us
If you have any questions about this privacy policy, want to exercise your rights, or have a concern about how we handle your data, please get in touch.
We aim to respond to all data-related requests within one month. If a request is complex or there are a large number of requests, we may extend this by a further two months and will let you know if that is the case.
Got a question about your data?
We are happy to help. Drop us an email or give us a call and we will get back to you as soon as we can.