Privacy Policy — TEMPLATE

DRAFT — not legal advice. Solicitor review required.

Last updated: TODO

1. Controllers and processors

This site is operated by an electrical contractor (the controller for any data you submit). COMPANY-NAME hosts the site and processes data on the electrician's behalf (processor under UK GDPR Art. 28).

For mailbox accounts on the electrician's domain, COMPANY-NAME and the electrician are joint controllers because we provision and reset accounts.

2. What we collect

• Contact form submissions — your name, email, phone (optional), postcode, service interest, and message. Used only to respond to your enquiry.
• Server logs — IP address, user agent, requested URL, timestamp. Retained 30 days for security and abuse prevention.
• Cookies — only the cookies described in our cookie policy.

3. Lawful basis

• Contact form: legitimate interests in responding to enquiries (UK GDPR Art. 6(1)(f))
• Server logs: legitimate interests in security (Art. 6(1)(f))
• Analytics cookies: your consent (Art. 6(1)(a)) — opt-in only

4. Retention

Contact form submissions: 24 months unless we have an ongoing contract. Server logs: 30 days.

5. Sharing

We don't sell your data. We share it only with:

• The electrician you're contacting
• Our infrastructure providers (Cloudways, OpenSRS, CentralNic, Postmark) acting as our processors
• Law enforcement when legally required

6. International transfers

Some processors are outside the UK. Transfers rely on UK IDTA or equivalent safeguards. List available on request.

7. Your rights (UK GDPR)

You have the right to access, correct, delete, port, restrict processing, and object. Email PRIVACY-CONTACT-EMAIL. You can also complain to the ICO at ico.org.uk.

8. Contact

PRIVACY-CONTACT-EMAIL · COMPANY-ADDRESS