Legal

Privacy &
Cookie Policy

Eagle Works Design Co Last updated: 4 May 2026 UK GDPR Compliant

This Privacy and Cookie Policy explains how Eagle Works Design Co collects, uses, and protects your personal data when you visit our website or use our services. We are committed to handling your information fairly and transparently in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

01Who We Are

Eagle Works Design Co is the data controller responsible for your personal data.

As data controller, we determine the purposes and means of processing your personal data. If you have any questions about how we handle your data, please contact us at the details above.

02Data We Collect

We collect personal data in the following ways:

Data you provide directly

  • Your name, email address, and telephone number when you submit our enquiry or contact form
  • Details of the services you are interested in and any message content you submit
  • Your consent record (including the date and nature of consent given)
  • Email correspondence and any attachments you send us

Data collected automatically

  • Your IP address and general geographic location (country/region)
  • Browser type, version, and operating system
  • Pages visited on our website and time spent on each
  • Referring website or search term that brought you to our site
  • Date and time of your visit
  • Cookie identifiers (where you have consented — see Section 5)

Data from clients we work with

  • Business contact information for project communication
  • Access credentials for systems we manage on your behalf (stored securely)
  • Project files, brand assets, and content you share with us

We do not collect special category data (such as health information, religious beliefs, or political opinions) and we ask that you do not include such information in any form submission or correspondence.

03How We Use Your Data

We use your personal data for the following purposes:

  • Responding to your enquiry and communicating with you about our services
  • Preparing and sending quotes, proposals, and project documentation
  • Delivering contracted design, SEO, and AI services to clients
  • Sending invoices and processing payments
  • Improving the performance and content of our website
  • Complying with legal and regulatory obligations
  • Sending service-related updates (where you are an existing or prospective client)
  • Marketing communications (only where you have given explicit consent or there is a legitimate interest)

We will never sell your personal data to third parties, or use it for purposes incompatible with those set out above.

04Legal Basis for Processing

Under UK GDPR Article 6, we process your personal data on the following legal bases:

  • Consent (Art. 6(1)(a)): When you tick the consent checkbox on our enquiry form, or accept cookies via our cookie banner. You may withdraw consent at any time.
  • Contract (Art. 6(1)(b)): Where processing is necessary to fulfil a contract with you (e.g. delivering a website design project) or to take steps at your request before entering into a contract.
  • Legal obligation (Art. 6(1)(c)): Where we are required to process data to comply with a legal obligation, such as tax or accounting records.
  • Legitimate interests (Art. 6(1)(f)): For reasonable business activities such as improving our website, preventing fraud, and sending relevant follow-up communications to existing contacts. We always balance these interests against your rights.

05Cookies Policy

Cookies are small text files placed on your device when you visit a website. We use cookies to make our site work, to understand how it is used, and (with your consent) to support our marketing activities.

Your cookie choices

When you first visit our website, a cookie banner will appear asking for your preferences. You can choose to accept all cookies, reject non-essential cookies, or manage your preferences individually. You can change your preferences at any time using the button below.

Manage Cookie Preferences

Cookies we use

Cookie Name Category Purpose Duration
ew_cookie_consent Essential Stores your cookie consent preferences so we don't ask again unnecessarily. 1 year
PHPSESSID Essential Session identifier used by the server to manage your session and prevent spam submissions on our contact form. Session
_ga, _gid Analytics Google Analytics cookies that help us understand how visitors interact with our website (page views, session duration, traffic sources). No personally identifiable information is transmitted. 2 years / 24 hrs
_gcl_au Marketing Google Ads conversion tracking — measures the effectiveness of advertising campaigns. 3 months
fbp Marketing Meta (Facebook) Pixel cookie, used to measure and optimise advertising on Meta platforms. Only set if marketing cookies are accepted. 3 months

Managing cookies in your browser

You can also control cookies through your browser settings. Note that disabling certain cookies may affect how our website functions. Most browsers allow you to:

  • View what cookies are stored on your device
  • Delete cookies individually or in bulk
  • Block third-party cookies
  • Block all cookies (this may break some website functionality)

For more information, visit www.aboutcookies.org or your browser's help documentation.

06Third-Party Services

We may use the following third-party services, each of which has its own privacy policy:

  • Google Analytics — website usage analytics. Data is processed in accordance with Google's Privacy Policy. We use IP anonymisation where available.
  • Google Workspace — email and document management. Governed by Google Workspace Terms.
  • Anthropic Claude API — powers AI features on client websites built by us. Data submitted to AI tools is handled per Anthropic's Privacy Policy. We do not submit personally identifiable information to AI APIs without appropriate safeguards.
  • Stripe — payment processing for invoices. Stripe is PCI-DSS compliant. See Stripe's Privacy Policy.
  • Cloudflare / hosting provider — website hosting and security. May process server logs including IP addresses for security purposes.

Where we engage third-party processors, we ensure appropriate data processing agreements are in place in accordance with UK GDPR Article 28.

07Data Sharing

We do not sell, rent, or trade your personal data. We only share data in the following limited circumstances:

  • Service providers: Trusted third-party processors who help us operate our business (e.g. email hosting, payment processing), subject to data processing agreements.
  • Legal requirement: Where disclosure is required by law, regulation, court order, or to protect our legal rights.
  • Business transfer: In the event of a merger, acquisition, or sale of assets, your data may be transferred to the new owner, who will be bound by this policy.
  • With your consent: In any other circumstances where you have explicitly consented to sharing.

All third parties are required to handle your data securely and in accordance with applicable data protection law.

08Data Retention

We retain personal data only for as long as necessary for the purposes outlined in this policy:

  • Enquiry form submissions: Up to 12 months from last contact, or until you request deletion.
  • Client project data: For the duration of the contract plus 6 years (to comply with statutory accounting and tax obligations under UK law).
  • Email correspondence: Up to 3 years from the last communication.
  • Invoice and payment records: 6 years from the date of transaction, as required by HMRC.
  • Cookie consent records: 13 months from the date consent was given.
  • Website analytics data: Up to 26 months (per Google Analytics data retention settings).

After the applicable retention period, data is securely deleted or anonymised.

09Data Security

We take the security of your personal data seriously and implement appropriate technical and organisational measures to protect it, including:

  • SSL/TLS encryption for all data in transit on our website
  • Secure, access-controlled email and document systems
  • Regular software updates and security patching
  • Restricted access to personal data on a need-to-know basis
  • Spam and bot protection on contact forms (honeypot fields, rate limiting)
  • Regular review of third-party processor security standards

In the event of a personal data breach that is likely to result in a high risk to your rights and freedoms, we will notify you without undue delay and, where required, report it to the Information Commissioner's Office (ICO) within 72 hours.

While we take all reasonable steps to protect your data, no method of transmission over the internet is 100% secure. If you have concerns about the security of your data, please contact us.

10Your Rights

Under UK GDPR, you have the following rights regarding your personal data. To exercise any of these rights, please contact us at design@eagleworks.co.uk. We will respond within one calendar month.

Right of Access

Request a copy of the personal data we hold about you (Subject Access Request).

Right to Rectification

Ask us to correct inaccurate or incomplete personal data we hold about you.

Right to Erasure

Request deletion of your personal data where there is no compelling reason to continue processing it ("right to be forgotten").

Right to Restrict Processing

Ask us to limit how we use your data in certain circumstances (e.g. while accuracy is contested).

Right to Data Portability

Receive your data in a structured, machine-readable format and transfer it to another organisation where applicable.

Right to Object

Object to processing based on legitimate interests or for direct marketing purposes at any time.

Right to Withdraw Consent

Withdraw any consent you have given at any time. This will not affect the lawfulness of processing before withdrawal.

Rights re: Automated Decisions

Not be subject to solely automated decisions that have a significant effect on you, without human review.

There is no charge for exercising your rights. If your request is manifestly unfounded or excessive, we may charge a reasonable fee or refuse to comply, with written reasons provided.

11Children's Privacy

Our website and services are directed at business owners and individuals aged 18 and over. We do not knowingly collect personal data from children under the age of 13. If you believe we have inadvertently collected such data, please contact us immediately and we will delete it.

12Changes to This Policy

We may update this Privacy and Cookie Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will update the "Last updated" date at the top of this page.

We encourage you to review this policy periodically. Your continued use of our website after any changes constitutes acceptance of the updated policy.

Previous versions of this policy are available on request.

13Contact & Complaints

If you have any questions, concerns, or requests regarding this policy or our handling of your personal data, please contact us:

Eagle Works Design Co
24 Gold Street, Podington, NN29 7HX
United Kingdom
Email: design@eagleworks.co.uk
Phone: +44 (0) 7494 486837

Right to Complain

You have the right to lodge a complaint with the Information Commissioner's Office (ICO) if you are unhappy with how we have handled your personal data.

  • Website: ico.org.uk
  • Helpline: 0303 123 1113
  • Address: ICO, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF

We would, however, appreciate the chance to address your concerns before you approach the ICO, so please contact us in the first instance.