Skip to main content

Privacy notice.

This privacy notice sets out how We Create Digital Ltd (WCD) uses and protects any information that you give WCD when you use this website.

Data Controller

WCD is a data controller, in the meaning of Article 4 of the GDPR. WCD is committed to ensuring that your privacy is protected. We adhere to all relevant legislation around data protection including the Data Protection Act 2018 and the UK GDPR. Should we ask you to provide certain information by which you can be identified when using this website, then you can be assured that it will only be used in accordance with this privacy statement.

WCD may change this notice from time to time by updating this page. You should check this page from time to time to ensure that you are happy with any changes. This notice was first published in February 2018 and was most recently updated on 25 April 2026.

Should you have any questions at all about this statement, please contact our Data Protection Lead at anna@wecreatedigital.co.uk.

What we collect

We may collect the following information:

  • Name, job title and organisation
  • Contact information – email address and phone number
  • Geographic information – such as postcode
  • IP address – which is anonymised before processing
  • Enquiry or survey information – details relevant to a client enquiry or request
  • Website usage information – to support you with your work
  • Job application information – if you apply for a role with us

We only process your personal data where we have a lawful basis to do so under Article 6 of the UK GDPR.

Responding to enquiries and follow-up contact

When you submit a contact form, we use your name, email address, phone number and enquiry details to respond to you and follow up where needed. We do this on the basis of our legitimate interests (Article 6(1)(f)) in handling business enquiries effectively.

Internal record keeping and service improvement

We keep records of interactions and use anonymised website usage data and IP address information to maintain accurate business records and improve our website and services. We do this on the basis of our legitimate interests (Article 6(1)(f)).

Marketing emails and newsletters

We only send marketing emails or newsletters where you have explicitly opted in. We do this on the basis of your consent (Article 6(1)(a)). You can withdraw your consent at any time by emailing anna@wecreatedigital.co.uk or using the unsubscribe link in any email we send you. Withdrawing consent does not affect the lawfulness of any processing carried out before withdrawal.

Testimonials

We only display testimonials where you have given explicit consent, or where a testimonial has been posted publicly. We do this on the basis of your consent (Article 6(1)(a)).

Job applications

If you apply for a role with us, we use your name, contact details, CV and application information to assess your application. We do this because it is necessary to take steps prior to entering a contract (Article 6(1)(b)).

Legal obligations

Where we are required to process personal data to comply with a legal obligation, we do so on the basis of Article 6(1)(c).

Your right to object

Where we rely on legitimate interests as our lawful basis, you have the right to object to that processing at any time. Please see the Your Rights section below for details of how to do this.

Where we rely on consent as our lawful basis, you have the right to withdraw that consent at any time. To do so, please contact us at anna@wecreatedigital.co.uk. Withdrawal of consent will not affect the lawfulness of any processing carried out before withdrawal.

Cookies

We use cookies and similar technologies on our website. For full details of what cookies we use, why we use them, and how to manage your preferences, please see our cookie policy.

How long we hold data for

We do not keep personal data for longer than is necessary for the purposes for which it was collected.

Enquiry and contact form data is kept for two years from the date of last contact, after which it is securely deleted.

Newsletter subscriber data is kept for as long as you remain subscribed. If you unsubscribe or withdraw your consent, your data will be removed promptly.

Unsuccessful job applications are kept for six months from the date of our decision, after which all application data is securely deleted.

Successful job applications are retained for the duration of employment and then in line with our HR data retention policy.

Client records are kept for seven years from the end of the client relationship, to meet our legal and accounting obligations.

Website analytics data is anonymised and retained for up to two years.

At the end of each retention period, data is securely deleted and a log is kept by our Data Protection Lead recording what was removed and when, without retaining any personal information.

Third parties

We will share your personal data with third parties only where necessary to deliver our services, or where required by law. We do not and will not sell your personal data.

All third-party processors are subject to written agreements requiring them to keep your data secure and to process it only on our instructions in accordance with Article 28 of the UK GDPR. Each third party has its own privacy statement and we encourage you to review these on their respective websites.

The third parties we use on this website are:

  • Plausible Analytics: to review visitors to our website and assess how pages are used so we can improve user experience. They are based in the EU, which benefits from a UK adequacy decision meaning data can be transferred there lawfully.
  • Mailgun: to process and respond to contact forms submitted via our website. They are based in the USA. Data transfers are covered by standard contractual clauses.
  • Tawk.to: to provide a live help chat to answer questions or support clients. They are based in the USA. Data transfers are covered by standard contractual clauses.
  • Mailcoach: to manage our newsletter mailing list for those who have subscribed. They are based in the EU, which benefits from a UK adequacy decision.

How we store and protect your data

We are committed to ensuring your information is kept secure. We have put in place appropriate physical, electronic and organisational measures to safeguard the personal data we process, including:

Physical security:

  • Paper files are kept in a locked drawer or filing cabinet when not in use
  • Employees ensure that printouts are not left where unauthorised persons could see them
  • Paper records are securely shredded when no longer required

Electronic security:

  • Data is protected by strong, regularly changed passwords, which are not shared between employees unnecessarily
  • Data is stored on designated drives and servers, or an approved cloud computing service only
  • Servers containing personal data are located in a secure environment away from general office space
  • Data is not saved directly to laptops, tablets or smartphones
  • All devices and servers are protected by up-to-date security software and a firewall
  • Removable media containing data is kept locked away securely when not in use
  • Data is backed up regularly and backups are tested in line with our standard procedures

Reviewing data we hold

We review the data we hold at least once a year to ensure we do not hold unnecessary data. If  we review specific data and decide it is no longer necessary or appropriate for us to retain it, it will be removed and added to a log by the Data Protection Lead with minimal information, ensuring it is anonymous but describing how it was removed, what was removed and when it was removed.

Your rights

Under the UK GDPR, you have the following rights in relation to your personal data:

  • The right to be informed – about how your data is being used (this notice fulfils that obligation)
  • The right of access – to request a copy of the personal data we hold about you
  • The right to rectification – to request that inaccurate or incomplete data is corrected
  • The right to erasure – to request that we delete your personal data in certain circumstances
  • The right to restrict processing – to request that we limit how we use your data in certain circumstances
  • The right to data portability – to receive your personal data in a structured, commonly used format
  • The right to object – to processing based on legitimate interests, or to direct marketing
  • Rights related to automated decision-making and profiling – we do not carry out solely automated decision-making that produces legal or similarly significant effects

To exercise any of these rights, please contact our Data Protection Lead at anna@wecreatedigital.co.uk. We will respond to your request within one calendar month of receipt. In complex cases, or where we receive a high volume of requests, we may extend this by a further two months, in which case we will notify you.

You can find out more about your rights on the ICO website.

Links to other websites

Our website may contain links to other websites. Once you have used these links to leave our site, we have no control over those other websites and are not responsible for the protection of any information you provide while visiting them. Please refer to the privacy notice of any website you visit.

Controlling your personal information

You may choose to restrict the collection or use of your personal information in the following ways:

  • Whenever you are asked to fill in a form on the website, look for the box that you can click to indicate that you do not want the information to be used by anybody for direct marketing purposes
  • If you have previously agreed to us using your personal information for direct marketing purposes, you may change your mind at any time by writing to or emailing us at anna@wecreatedigital.co.uk

We will not sell, distribute or lease your personal information to third parties unless we have your permission or are required by law to do so.

You may request details of personal information which we hold about you under the Data Protection Act 2018. If you would like a copy of the information held on you please contact our Data Protection Lead, anna@wecreatedigital.co.uk. She will aim to provide the relevant data within one calendar month.

If you believe that any information we are holding on you is incorrect or incomplete, please write to or email us as soon as possible at the above address. We will promptly correct any information found to be incorrect.

If you wish to lodge a complaint, you have the right to do this through the Information Commissioner’s Office:

  • Phone: 0303 123 1113
  • Post: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF

Disclosing data for other reasons

In certain circumstances, the Data Protection Act allows personal data to be disclosed to law enforcement agencies without the consent of the data subject.

Under these circumstances, WCD will disclose requested data. However, the Data Protection Lead will ensure the request is legitimate, seeking assistance from the company’s legal advisers where necessary.

Got a project in mind?