Full Privacy Policy :: Pole Position

Pole Position Internet Services Ltd

Privacy Policy in Full

Last updated: June 2026

1. Who We Are

We are a web and digital agency providing website design, development, hosting, and related digital services. As a data controller, we are responsible for the personal data we collect and process in the course of our business.

If you have any questions about this policy or how we handle your data, please contact us at:

Pole Position Internet Services Ltd
4 George Street, Oban
Argyll PA34 5RX
gdpr@poleposition.uk.com
01631 567384

2. What Data We Collect

We may collect and process the following personal data:

- **Contact information** – name, email address, phone number, postal address
- **Business information** – company name, job title
- **Technical data** – IP addresses, browser type, device information, cookies and usage data collected via websites we operate or maintain
- **Communication records** – emails, enquiry forms, and project correspondence
- **Financial data** – invoicing details (we do not store full payment card data)
- **Client website data** – personal data belonging to our clients' end users, which we process on their behalf as a data processor

3. How We Collect Your Data

We collect data through:

- Enquiry and contact forms on our website
- Email and phone communications
- Project onboarding processes
- Cookies and analytics tools on websites we manage
- Third-party platforms (e.g. project management, invoicing, or CRM software)

4. Why We Process Your Data (Legal Basis)

We process personal data under the following lawful bases:

| Purpose | Legal Basis |
|---|---|
| Responding to enquiries and quotes | Legitimate interest / pre-contractual steps |
| Delivering contracted services | Performance of a contract |
| Sending invoices and managing payments | Legal obligation / contract |
| Marketing communications (opt-in only) | Consent |
| Improving our services and website | Legitimate interest |
| Compliance with legal obligations | Legal obligation |

We do not use your data for automated decision-making or profiling.

5. Client Data (Data Processor Role)

When we build or manage websites that collect data from our clients' customers, we act as a **data processor** on behalf of our client (the data controller). In such cases:

- We process data only on documented instructions from the client
- We assist clients in meeting their own GDPR obligations
- We maintain appropriate technical and organisational security measures
- Data processing activities are governed by a Data Processing Agreement (DPA) with each relevant client

6. Who We Share Data With

We do not sell personal data. We may share data with trusted third parties where necessary, including:

- Hosting and infrastructure providers
- Cloud-based project management or CRM tools
- Accounting and invoicing software
- Email and communication platforms

All third-party processors are required to handle data in compliance with GDPR. Where data is transferred outside the UK or EEA, appropriate safeguards are in place (e.g. Standard Contractual Clauses).

7. How Long We Keep Your Data

We retain personal data only for as long as necessary:

- **Enquiries that don't proceed** – 12 months
- **Active client data** – for the duration of the contract, plus 6 years (to meet legal/accounting obligations)
- **Marketing consent records** – until consent is withdrawn
- **Website analytics data** – typically 26 months (in line with industry standard)

After the relevant retention period, data is securely deleted or anonymised.

8. Your Rights

Under UK GDPR, you have the right to:

- **Access** – request a copy of the personal data we hold about you
- **Rectification** – ask us to correct inaccurate or incomplete data
- **Erasure** – request deletion of your data (subject to legal obligations)
- **Restriction** – ask us to limit how we use your data
- **Portability** – receive your data in a machine-readable format
- **Object** – object to processing based on legitimate interest
- **Withdraw consent** – at any time, where processing is based on consent

To exercise any of these rights, please contact us at gdpr@poleposition.uk.com. We will respond within **30 days**.

9. Cookies

Websites we operate may use cookies for functionality, analytics, and (where applicable) marketing purposes. Cookie usage is disclosed separately in a Cookie Policy or banner on the relevant website, in line with PECR requirements.

10. Security

We take appropriate technical and organisational measures to protect personal data against unauthorised access, loss, or disclosure. These include:

- Secure (HTTPS) connections on all websites we manage
- Access controls and password policies
- Regular software and security updates
- Secure disposal of data when no longer needed

In the event of a personal data breach that poses a risk to individuals, we will notify the ICO within 72 hours and affected individuals where required.

11. Complaints

If you are unhappy with how we handle your personal data, you have the right to lodge a complaint with the **Information Commissioner's Office (ICO)**:

**Website:** https://ico.org.uk
**Helpline:** 0303 123 1113

We would, however, appreciate the opportunity to address your concerns directly before you contact the ICO.

12. Changes to This Policy

We may update this policy from time to time. The most current version will always be available on our website, with the date of last update shown at the top.

Pole Position Internet Services Ltd,
4 George Street, Oban, Argyll, Scotland PA34 5RX
Tel: 01631 567384

info@poleposition.uk.com

Terms & Conditions »