Privacy policy

We understand that your privacy matters. Whether you're visiting coysh.digital (Our Site), working with us on a project, or simply getting in touch, we’re committed to handling your personal data responsibly.

At Coysh Digital, we respect your rights and take data protection seriously. We only collect and use personal data when it’s necessary, and always in line with our legal obligations.

Please take a moment to read this Privacy Policy - it explains how we collect, use, and protect your information across our services, communications, and website.

In this Policy the following terms shall have the following meanings: 

“Cookie”

means a small text file placed on your computer or device by our site when you visit certain parts of our site and/or when you use certain features of our Site. Details of the Cookies used by our site are set out in Part 14, below; and

“Cookie Law”

means the relevant parts of the Privacy and Electronic Communications (EC Directive) Regulations 2003;

Our Site is owned and operated by Coysh Digital.

Registered address: 6 Dennett Close, Warwick, CV34 5HF.

Data Protection Officer: Tim Coysh <[email protected]>

This Privacy Policy applies to all personal data collected and processed by Coysh Digital in the course of operating our business. This includes data collected through our website, by email, through client communications, project documentation, support services, and any other interactions with us.

Our website may contain links to other websites. Please note that we have no control over how your data is collected, stored, or used by other organisations or websites, and we recommend that you check the privacy policies of any third parties before providing them with personal data.

Personal data is defined by the UK GDPR and the Data Protection Act 2018 (collectively, “the Data Protection Legislation”) as ‘any information relating to an identifiable person who can be directly or indirectly identified in particular by reference to an identifier’.

Personal data is, in simpler terms, any information about you that enables you to be identified. Personal data covers obvious information such as your name and contact details, but it also covers less obvious information such as identification numbers, electronic location data, and other online identifiers.

Under the Data Protection Legislation, you have the following rights, which we will always work to uphold:

1. The right to be informed about our collection and use of your personal data. This Privacy Policy should tell you everything you need to know, but you can always contact us to find out more or to ask any questions using the details in Part 15.
2. The right to access the personal data we hold about you. Part 13 will tell you how to do this.
3. The right to have your personal data rectified if any of your personal data held by Us is inaccurate or incomplete. Please contact us using the details in Part 15 to find out more.
4. The right to be forgotten, i.e. the right to ask us to delete or otherwise dispose of any of your personal data that we hold. Please contact us using the details in Part 15 to find out more.
5. The right to restrict (i.e. prevent) the processing of your personal data.
6. The right to object to us using your personal data for a particular purpose or purposes.
7. The right to withdraw consent. This means that, if we are relying on your consent as the legal basis for using your personal data, you are free to withdraw that consent at any time.
8. The right to data portability. This means that, if you have provided personal data to us directly, we are using it with your consent or for the performance of a contract, and that data is processed using automated means, you can ask us for a copy of that personal data to re-use with another service or business in many cases.

For more information about our use of your personal data or exercising your rights as outlined above, please contact us using the details provided in Part 15.

It is important that your personal data is kept accurate and up-to-date. If any of the personal data we hold about you changes, please keep us informed as long as we have that data.

Further information about your rights can also be obtained from the Information Commissioner’s Office or your local Citizens Advice Bureau.

If you have any cause for complaint about our use of your personal data, you have the right to lodge a complaint with the Information Commissioner’s Office.

We would welcome the opportunity to resolve your concerns ourselves, however, so please contact us first, using the details in Part 15.

Depending upon your use of our Site, we may collect and hold some or all of the personal and non-personal data set out in the table below, using the methods also set out in the table. Please also see Part 14 for more information about our use of Cookies and similar technologies. We do not collect any ‘special category’ or ‘sensitive’ personal data.

Data Collected

How we Collect the Data

Identity information including full name, title

Collected directly from users via contact forms, project onboarding, or email correspondence.

Contact information including email address, telephone number, and occasionally business address

Provided by the user through enquiry forms, email, or project intake documents.

Business information including organisation name, role, and nature of services required

Supplied during project discussions, onboarding forms, and email communication.

Payment information including invoice recipient, bank account name, and payment confirmation (no card details stored)

Provided directly by clients for invoicing purposes or processed securely through our payment provider.

Profile information including preferences and past project details

Collected through ongoing client relationships, consultation notes, and internal project documentation.

Technical information including IP address, browser type, device type, and OS

Collected automatically via Google Analytics 4 and server logs when you browse our website.

Data from third parties including anonymised usage data from analytics providers

Collected via cookies and analytics services such as Google Analytics 4.

Project-related content such as website copy, media, brand assets, and documentation

Provided voluntarily by the client during the course of the project.

Under the Data Protection Legislation, we must always have a lawful basis for using personal data. The following table describes how we may use your personal data, and our lawful bases for doing so:

What we do

What Data we Use

Our Lawful Basis

Registering you on our site

Identity and contact data

Consent, where applicable

Providing and managing your account

Identity, contact, and account data

Contract – necessary to deliver services you’ve requested

Providing and managing your access to our site

Technical and usage data

Legitimate interests – ensuring website functionality and security

Personalising and tailoring your experience on our site

Technical and usage data

Legitimate interests – improving site usability and personalisation

Administering our site

Technical, analytics, and error tracking data

Legitimate interests – maintaining and improving the performance and integrity of our website

Administering our business

Identity, contact, and business information

Legitimate interests – internal administration, planning, and reporting

Supplying our services to you

Identity, contact, and service-related data

Contract – to deliver digital services and consultancy you’ve purchased

Managing payments for our services

Identity and limited payment-related data (e.g. invoice recipient, payment records)

Contract – necessary for billing; Legitimate interests – to keep financial records

Personalising and tailoring our services for you

Profile, preferences, and project data

Legitimate interests – delivering services more effectively and efficiently

Communicating with you

Identity and contact data

Contract or Legitimate interests – for service delivery, updates, and client management

Supplying you with information by email that you have opted in to (you may opt-out at any time by clicking the unsubscribe link in our emails)

Contact and communication preferences

Consent

With your permission and/or where permitted by law, we may also use your personal data for marketing purposes, which may include contacting you with information, news, and offers on our services. You will not be sent any unlawful marketing or spam. we will always work to fully protect your rights and comply with our obligations under the Data Protection Legislation and the Privacy and Electronic Communications (EC Directive) Regulations 2003, and you will always have the opportunity to opt-out. 

In some circumstances, where permitted or required by law, we may process your personal data without your knowledge or consent. This will only be done within the bounds of the Data Protection Legislation and your legal rights.

We will not keep your personal data for any longer than is necessary in light of the reason(s) for which it was first collected.

We will store some of your personal data in the UK. This means that it will be fully protected under the Data Protection Legislation.

We will store some of your personal data within the European Economic Area (the “EEA”). The EEA consists of all EU member states, plus Norway, Iceland, and Liechtenstein. This means that your personal data will be fully protected under the EU GDPR and/or to equivalent standards by law. Transfers of personal data to the EEA from the UK are permitted without additional safeguards.

We may also store some or all of your personal data in countries outside of the UK. These are known as “third countries”. We will take additional steps in order to ensure that your personal data is treated just as safely and securely as it would be within the UK and under the Data Protection Legislation as follows:

The security of your personal data is essential to us, and to protect your data, we take a number of important measures, including the following:

• limiting access to your personal data to those employees, agents, contractors, and other third parties with a legitimate need to know and ensuring that they are subject to duties of confidentiality;
• procedures for dealing with data breaches (the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, your personal data) including notifying you and/or the Information Commissioner’s Office where we are legally required to do so;

We will not share any of your personal data with any third parties for any purposes, subject to the following exception.

In some limited circumstances, we may be legally required to share certain personal data, which might include yours, if we are involved in legal proceedings or complying with legal obligations, a court order, or the instructions of a government authority.

In addition to your rights under the Data Protection Legislation, set out in Part 5, when you submit personal data via our Site, you may be given options to restrict Our use of your personal data. In particular, we aim to give you strong controls on Our use of your data for direct marketing purposes (including the ability to opt-out of receiving emails from Us which you may do by unsubscribing using the links provided in Our emails.

You may access our site without providing any personal data at all.

You may restrict our use of Cookies. For more information, see Part 14.

If you want to know what personal data we have about you, you can ask us for details of that personal data and for a copy of it (where any such personal data is held). This is known as a “subject access request”.

All subject access requests should be made in writing and sent to the email or postal addresses shown in Part 15. 

There is not normally any charge for a subject access request. If your request is ‘manifestly unfounded or excessive’ (for example, if you make repetitive requests) a fee may be charged to cover our administrative costs in responding.

We will respond to your subject access request within one month of receiving it. Normally, we aim to provide a complete response, including a copy of your personal data within that time. In some cases, however, particularly if your request is more complex, more time may be required up to a maximum of three months from the date we receive your request. You will be kept fully informed of our progress.

Our website uses cookies to enhance your browsing experience and help us improve the way we deliver our services.

Cookies are small data files placed on your device when you visit a website. Some are essential for the site to function properly, while others help us understand how visitors use the site so we can make improvements over time.

We use both strictly necessary first-party cookies and analytics cookies from trusted providers.

First-party cookies

Our site uses first-party cookies that are set and managed directly by us, primarily through Craft CMS, the content management system we use. These cookies help us maintain a secure and smooth experience for users.

The following first-party cookies may be placed on your device:

Name of Cookie

Purpose

Strictly Necessary

CraftSessionId

Maintains session state across page requests (used by Craft CMS).

Yes

CRAFT_CSRF_TOKEN

Protects against Cross-Site Request Forgery (CSRF) attacks.

Yes

Analytics cookies

We use Google Analytics 4 to help us understand how visitors interact with our website. These cookies allow us to track usage in an anonymous way, which helps us improve site content and performance. These cookies are only set if you accept them via our cookie banner.

The following analytics cookies may be used:

Name of Cookie

First / Third Party

Provider

Purpose

_ga

Third

Google Analytics

Used to distinguish users and generate usage statistics.

_ga_<container-id>

Third

Google Analytics

Used to persist session state across pages.

_gid

Third

Google Analytics

Used to distinguish users for 24 hours after visiting the website.

_gat

Third

Google Analytics

Throttles request rate to Google Analytics servers.

Managing your cookie preferences

When you first visit our site, you’ll see a cookie banner asking for your consent to use cookies. You can choose to accept all cookies or manage your preferences. Strictly necessary cookies will always be set, as they are essential for the website to function.

You can also control and delete cookies at any time through your browser settings. For guidance on how to do this, refer to your browser’s help section.