Pay Monthly Websites byForte Web Solutions — Pay Monthly Websites UK
    029 2167 1825Contact Us
    Legal Document

    Privacy Policy

    Last updated: April 2026 · Compliant with UK GDPR & Data Protection Act 2018

    Your privacy matters to us. This policy explains what personal data we collect, why we collect it, how we use and protect it, and your rights as a data subject under UK law.

    1. Who We Are

    Forte Web Solutions Ltd is the data controller responsible for any personal data collected through our website and services. We are based in Cardiff, UK. If you have any questions about this policy or how we handle your data, please contact us via our contact page.

    2. Personal Data We Collect

    a) Data you provide directly

    • Your name, email address, phone number and business address when contacting us.
    • Your business name and project requirements when requesting a quote.
    • Billing details, processed via secure third-party payment providers — we do not store card details.
    • Project content, images and logos that you supply for use on your website.

    b) Data collected automatically

    • Your IP address, browser type and pages visited, collected via website analytics.
    • Records of email correspondence sent to and from us.

    3. How We Use Your Data

    The table below summarises how we use the personal data we collect:

    PurposeData Used
    Responding to enquiries and quotesName, email, phone, business details
    Delivering servicesContact details, project content
    Processing paymentsBilling details, name, email
    Maintaining client recordsContact details, project history
    Service communicationsEmail, name
    Improving our websiteUsage / analytics data (anonymised)
    Legal complianceFinancial and contractual records
    Marketing (with consent)Email, name

    We will never sell your personal data.

    4. Lawful Basis for Processing

    Under UK GDPR Article 6, we rely on the following lawful bases for processing your personal data:

    • Contract (Article 6(1)(b)) — to deliver the services you have engaged us to provide.
    • Legitimate Interests (Article 6(1)(f)) — to respond to enquiries and maintain accurate client records.
    • Legal Obligation (Article 6(1)(c)) — to retain financial and tax records as required by HMRC.
    • Consent (Article 6(1)(a)) — for marketing emails. You may withdraw consent at any time.

    5. Sharing Your Data

    We do not sell or rent your personal data. We share it only with the following categories of recipients:

    • Trusted service providers (such as hosting, payment, email and accounting platforms) under GDPR-compliant contracts.
    • Professional advisers, including accountants and legal advisers.
    • Legal or regulatory authorities, where we are required to disclose information by law.

    6. How Long We Keep Your Data

    • Client records and project files: 6 years after the relationship ends.
    • Financial and invoicing records: 6 years, in line with HMRC requirements.
    • Enquiries that do not result in a contract: 12 months from last contact.
    • Marketing consent records: until consent is withdrawn.
    • Analytics data: kept in anonymised or aggregated form only.

    7. International Data Transfers

    Where any of our third-party service providers are based outside the UK or EEA, we ensure that an equivalent level of protection to UK GDPR is maintained through appropriate safeguards — including International Data Transfer Agreements (IDTAs), Standard Contractual Clauses (SCCs) or recognised adequacy decisions.

    8. Your Rights

    Under UK GDPR you have the following rights in relation to your personal data:

    Right of Access

    Request a copy of the personal data we hold about you (Subject Access Request).

    Right to Rectification

    Have inaccurate or incomplete personal data corrected.

    Right to Erasure

    Ask us to delete your personal data — the 'right to be forgotten'.

    Right to Restriction

    Limit how we use your personal data in certain circumstances.

    Right to Data Portability

    Receive your data in a structured, commonly used, machine-readable format.

    Right to Object

    Object to processing — including an absolute right to object to direct marketing.

    Right to Withdraw Consent

    Withdraw consent at any time where processing is based on consent.

    Right Not to Be Subject to Automated Decision-Making

    Including profiling, where it produces a legal or similarly significant effect.

    To exercise any right, contact us. We will respond within one calendar month as required by law.

    Complaints to the ICO. If you are unhappy with how we have handled your data, you may complain to the Information Commissioner's Office (ICO) at ico.org.uk or by calling 0303 123 1113. We ask that you contact us first so we have the opportunity to put things right.

    10. Children's Privacy

    Our services are not directed at children under the age of 13 and we do not knowingly collect personal data from anyone in that age group. If you believe we may have collected information about a child, please contact us immediately and we will delete it.

    11. Changes to This Policy

    We may update this Privacy Policy from time to time. The latest version will always be posted on this page with a revised "last updated" date. Where required by law, we will communicate material changes to you directly.

    12. Contact Us and Complaints

    If you have any questions, want to exercise your rights, or wish to make a complaint about how we handle your personal data, please get in touch using the details below.

    Please note: Subject Access Requests should include your full name and contact details so we can verify your identity before responding.