1. Data Controller
The data controller responsible for your personal data is:
- Company name: Hi Internet Group Ltd
- Trading as: Clean Code Sites
- Website: cleancodesites.com
- Email: hello@cleancodesites.com
Hi Internet Group Ltd is registered in England and Wales. For the purposes of the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018, we are the data controller of the personal data you provide to us.
2. What Data We Collect
We collect and process the following categories of personal data:
Information you provide directly
- Contact details: name, email address, phone number and business name, submitted via our brief form or other contact methods.
- Project brief information: details about your business, design preferences, content and any other information you include in your project brief.
- Payment information: billing name, billing address and payment card details. Card details are processed directly by Stripe and are never stored on our servers.
- Communications: any emails, messages, or other correspondence you send to us.
Information collected automatically
- Usage data: pages visited, time spent on pages, referring URLs and navigation paths through our website.
- Technical data: IP address, browser type and version, operating system, device type and screen resolution.
- Cookie data: information collected through cookies and similar technologies (see Section 6 below).
3. Legal Basis for Processing
Under the UK GDPR, we must have a lawful basis for processing your personal data. We rely on the following bases:
| Purpose | Legal Basis |
|---|---|
| Delivering the website development services you have purchased | Contract: processing is necessary for the performance of our contract with you |
| Processing payments via Stripe | Contract: necessary to fulfil our contractual obligations |
| Responding to enquiries and providing customer support | Legitimate interests: to manage our business and respond to your requests |
| Sending service-related communications (e.g., project updates, delivery notifications) | Contract: necessary to keep you informed about your project |
| Improving our website and services through analytics | Legitimate interests: to understand how our website is used and improve our offering |
| Complying with legal and regulatory obligations | Legal obligation: processing is necessary to comply with applicable law |
Where we rely on legitimate interests, we have assessed that our interests do not override your fundamental rights and freedoms. You may contact us at any time to discuss this balance.
4. How We Use Your Data
We use the personal data we collect to:
- Process and deliver the website development services you have ordered.
- Communicate with you about your project, including progress updates and delivery of completed work.
- Process payments securely through Stripe.
- Respond to your enquiries, questions and support requests.
- Maintain records of our business transactions for accounting and tax purposes.
- Analyse website usage to improve performance, content and user experience.
- Detect, prevent and address technical issues or fraudulent activity.
We do not sell your personal data to third parties. We do not engage in automated decision-making or profiling that produces legal effects concerning you.
5. Third-Party Services
We share personal data with the following categories of third-party service providers, strictly as needed to operate our business and deliver our services:
Stripe (payment processing)
We use Stripe to process all payments securely. When you make a payment, your card details are transmitted directly to Stripe and are not stored on our servers. Stripe acts as an independent data controller for the payment data it processes. You can review Stripe's privacy policy at stripe.com/gb/privacy.
Netlify (website hosting and form processing)
Our website is hosted by Netlify, Inc. (US). Netlify processes technical data such as IP addresses and server logs as part of delivering the hosting service. Netlify also processes form submissions made through our website (including contact forms and project briefs). As Netlify is based in the United States, data is transferred to the US under Standard Contractual Clauses (SCCs) approved by the UK Information Commissioner's Office. You can review Netlify's privacy policy at netlify.com/privacy.
Other hosting providers
Client websites (where we provide managed hosting) may be hosted by third-party infrastructure providers based in the US or other jurisdictions. These providers may process technical data such as IP addresses and server logs as part of delivering the hosting service. Where data is transferred outside the UK, we ensure appropriate safeguards are in place, including Standard Contractual Clauses or transfers to countries with an adequacy decision.
Analytics
We do not currently use analytics tracking cookies. If we introduce analytics in the future, this policy will be updated accordingly.
Email and communication tools
We use third-party email services to manage correspondence. These providers process your name and email address solely for the purpose of delivering communications between us.
All third-party providers we work with are required to process your data in accordance with our instructions and applicable data protection law. We do not permit them to use your data for their own marketing purposes.
6. Cookies
Cookies are small text files stored on your device when you visit a website. We use cookies to ensure our website functions correctly and to understand how it is used.
Types of cookies we use
| Type | Purpose | Duration |
|---|---|---|
| Strictly necessary | Required for the website to function (e.g., security, load balancing). These cannot be disabled. | Session / up to 12 months |
| Analytics | Help us understand how visitors interact with our website by collecting anonymous usage data. | Up to 12 months |
We do not use advertising or marketing cookies. We do not use cookies to track you across other websites.
Managing cookies
You can control and delete cookies through your browser settings. Disabling cookies may affect the functionality of some parts of our website. For more information on managing cookies, visit aboutcookies.org.
7. Data Retention
We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected, or as required by law.
| Data Type | Retention Period |
|---|---|
| Project briefs and communications | 6 years after project completion (in line with the limitation period under UK law) |
| Payment and invoicing records | 6 years (as required by HMRC for tax and accounting purposes) |
| Contact form submissions (non-clients) | 12 months from the date of submission, unless a business relationship is established |
| Website analytics data | Up to 26 months (anonymised or pseudonymised) |
| Cookie data | Up to 12 months (or as specified in Section 6) |
When personal data is no longer needed, it is securely deleted or anonymised so that it can no longer be associated with you.
8. Your Rights
Under the UK GDPR, you have the following rights in relation to your personal data:
- Right of access: you can request a copy of the personal data we hold about you.
- Right to rectification: you can ask us to correct any inaccurate or incomplete personal data.
- Right to erasure: you can ask us to delete your personal data where there is no compelling reason for us to continue processing it.
- Right to restrict processing: you can ask us to suspend the processing of your personal data in certain circumstances.
- Right to data portability: you can request that we provide your personal data in a structured, commonly used, machine-readable format.
- Right to object: you can object to our processing of your personal data where we are relying on legitimate interests as our legal basis.
- Right to withdraw consent: where we rely on your consent to process personal data, you may withdraw that consent at any time.
How to exercise your rights
To exercise any of your rights, please contact us at hello@cleancodesites.com. We will respond to your request within one month, as required by law. In exceptional cases, we may extend this by a further two months, in which case we will inform you of the reason for the delay.
There is no fee for exercising your rights, unless your request is clearly unfounded or excessive, in which case we may charge a reasonable fee or refuse the request.
Right to complain
If you believe we have not handled your personal data properly, you have the right to lodge a complaint with the Information Commissioner's Office (ICO), the UK's supervisory authority for data protection:
- Website: ico.org.uk
- Helpline: 0303 123 1113
We would appreciate the opportunity to address your concerns before you contact the ICO, so please reach out to us first.
9. Data Security
We take the security of your personal data seriously and implement appropriate technical and organisational measures to protect it against unauthorised access, alteration, disclosure, or destruction. These measures include:
- Encryption of data in transit using TLS/SSL.
- Secure payment processing through Stripe (PCI DSS Level 1 certified).
- Access controls limiting who within our organisation can access personal data.
- Regular review of our data processing practices and security measures.
While we take all reasonable precautions, no method of transmission over the internet or electronic storage is completely secure. We cannot guarantee the absolute security of your data.
10. International Data Transfers
Your personal data is primarily processed within the United Kingdom. Where data is transferred outside the UK (for example, through the use of third-party services whose servers may be located abroad), we ensure that appropriate safeguards are in place, such as:
- Transfers to countries recognised by the UK government as providing an adequate level of data protection.
- Standard contractual clauses approved by the Information Commissioner's Office.
- Other lawful transfer mechanisms under the UK GDPR.
11. Children’s Privacy
Our services are not directed at individuals under the age of 18. We do not knowingly collect personal data from children. If you believe we have inadvertently collected data from a child, please contact us immediately at hello@cleancodesites.com and we will delete the data promptly.
12. Changes to This Policy
We may update this privacy policy from time to time to reflect changes in our practices, services, or legal requirements. When we make material changes, we will:
- Update the "Effective date" at the top of this page.
- Where appropriate, notify existing clients by email.
We encourage you to review this page periodically to stay informed about how we protect your data.
13. Contact Us
If you have any questions about this privacy policy, your personal data, or wish to exercise any of your rights, please contact us:
- Business name: Hi Internet Group Ltd, trading as Clean Code Sites
- Email: hello@cleancodesites.com
- Website: cleancodesites.com