Privacy Policy

This Privacy Policy explains how ZENTAG collects, uses, stores and protects personal data when you visit this website, contact us, or engage us to deliver services. It is intended to explain, in clear terms, how we handle enquiry, business contact and client-related data in line with applicable data protection law, including the UK GDPR and Data Protection Act 2018.

Who we are

ZENTAG is a UK-based web design, development and cyber security business.

For personal data relating to website visitors, enquiries, suppliers and business contacts, ZENTAG acts as the data controller and decides how and why that personal data is used.

Where we handle personal data solely on behalf of a client in the course of delivering services, we will usually act as that client's data processor and will process that data only on the client's documented instructions and under the relevant contract.

If you have any questions about this policy or want to exercise your data protection rights, you can contact us at hi@zentag.com.

What information we collect

Depending on how you interact with us, we may collect and process:

  • Identity and contact details such as your name, email address, phone number, company name and job title.
  • Enquiry information you submit through our contact form, by email, or through direct conversations with us.
  • Project and client data needed to provide services, including business information, technical requirements, credentials, files, content, documentation and correspondence shared with us in the course of a project.
  • Technical usage data such as IP address, browser type, device information, pages visited and approximate location data generated through analytics tools and routine server logs.

How we collect information

We collect personal data directly from you when you contact us, submit a form on this website, discuss a project with us, or provide information during delivery of services.

We may also receive personal data from your employer, colleagues, suppliers or clients where they involve you in a project or ask us to communicate with you as part of a business relationship.

We also collect limited technical information automatically when you use the site, including through analytics and standard hosting logs.

How we use personal data

We use personal data to:

  • Respond to enquiries and provide quotes or proposals.
  • Communicate with clients, suppliers and prospective clients.
  • Deliver contracted services, manage projects and protect client confidentiality.
  • Maintain, secure and improve our website, systems and services.
  • Keep internal records, handle billing and comply with legal, regulatory and professional obligations.
  • Detect abuse, spam, fraud and other misuse of our website or systems.

Our lawful bases

We process personal data on one or more of the following lawful bases, depending on the context:

  • Legitimate interests to respond to enquiries, run our business, administer client relationships, secure our systems and maintain records, provided those interests are not overridden by your rights and freedoms.
  • Performance of a contract where processing is necessary to provide services you have asked us to deliver or to take steps before entering into a contract.
  • Legal obligation where we need to keep records or disclose information to comply with applicable law, regulation or a lawful request.
  • Consent where consent is specifically requested for a particular activity, including optional analytics or similar technologies where consent is required.

If you do not provide personal data

You are not under a statutory obligation to provide personal data to us. However, if you do not provide the information needed for a contact request, proposal, contract or project, we may be unable to respond, enter into an agreement, or deliver the relevant services.

On our contact form, the fields marked as required are needed so that we can assess and reply to your enquiry.

Client data handling and confidentiality

We treat client information as confidential and only use it for the purposes of providing the agreed services, supporting those services, maintaining security, and meeting legal or contractual obligations. Access to client data is limited to people who need it for delivery or support. We do not sell client data and we do not use confidential client material for public marketing without permission.

Where we process personal data on behalf of a client, we do so only for the agreed service scope, under appropriate access controls, and subject to the instructions and contractual terms agreed with that client.

Where a project requires us to work with credentials, codebases, databases, documents or other sensitive business information, we handle that material under appropriate access controls and retain it only for as long as there is a legitimate business, legal, contractual or security reason to do so.

Analytics, cookies and website usage data

This site uses Google Analytics to help us understand how visitors use the website and to improve performance and content. Google Analytics may collect information such as pages viewed, device and browser details, approximate location, referral source and interactions with the site, and may do so using cookies or similar technologies.

We also collect standard server log information for security, diagnostics and performance monitoring. This may include IP addresses, timestamps, requested URLs, referring pages and user agent details.

Who we share data with

We may share personal data only where necessary, including with:

  • Website hosting, infrastructure, analytics, email and communications providers.
  • Professional advisers such as accountants, insurers or legal advisers where needed for legitimate business purposes.
  • Regulators, law enforcement bodies, courts or other authorities where disclosure is required by law or is necessary to protect our legal rights.

Where third-party providers process data on our behalf, we require them to handle personal data only for the relevant purpose, under appropriate confidentiality and security measures, and in line with applicable data protection requirements.

International transfers

We do not routinely transfer client or enquiry data outside the United Kingdom in our own operations.

However, this website currently uses Google Analytics. Google states that EU traffic is collected through EU domains and servers before being forwarded to Analytics servers for processing. If Google Analytics remains enabled, analytics-related data should therefore be treated as potentially involving international processing.

How long we keep personal data

We keep personal data only for as long as reasonably necessary for the purpose it was collected, including to satisfy legal, accounting, contractual, support and security requirements. As a general guide:

  • Website enquiries are normally retained for up to 24 months after the last meaningful contact, unless a longer period is needed.
  • Client project information is retained for the duration of the engagement and for a reasonable period afterwards to provide support, maintain records, protect legal interests or meet regulatory obligations.
  • Technical logs and analytics data are retained in line with operational and provider settings, after which they are deleted, anonymised or aggregated where appropriate.

How we protect data

We use reasonable technical and organisational measures designed to protect personal data against unauthorised access, loss, misuse, alteration or disclosure. These measures may include access controls, authentication, least-privilege access, secure transmission methods, backups and monitoring. No method of transmission or storage is completely secure, but we take data protection seriously and work to keep safeguards proportionate to the risk.

Your rights

Depending on the circumstances, you may have the right to request access to your personal data, ask for inaccurate data to be corrected, request erasure, restrict processing, object to processing, or ask for your data to be transferred. Where we rely on consent, you may withdraw that consent at any time.

Right to object: where we rely on legitimate interests as our lawful basis, you have the right to object to that processing. You also have the right to object to direct marketing, although we do not currently send routine marketing emails through this website.

To exercise any of these rights, contact us at hi@zentag.com. You also have the right to complain to the Information Commissioner's Office in the United Kingdom if you believe your data has been handled unlawfully.

Automated decision-making

We do not use personal data for solely automated decision-making or profiling that produces legal effects or similarly significant effects on individuals.

Third-party links

This website may link to third-party websites or services. Those third parties have their own privacy practices, and we are not responsible for how they collect or use personal data once you leave our site.

Children's privacy

Our website and services are not directed at children, and we do not knowingly collect personal data from children.

Changes to this policy

We may update this Privacy Policy from time to time to reflect changes to our services, providers, legal obligations or data handling practices. The latest version will always be published on this page with the revised date shown at the top.