Privacy Policy

Who we are:
Francis Böecker (“we”, “us”, “our”).

1) What this policy covers

How we collect, use and share personal data when you visit our website, make an enquiry, or work with us. It also explains your rights and how to contact us.

2) The data we collect

  • Contact data: name, email, phone, company, role.

  • Enquiry and project data: messages, briefs, meeting notes.

  • Website analytics: device/usage data (pages viewed, referrer, approximate location).

  • Marketing preferences: opt-in/out records.

  • Supplier/partner data (B2B): contact details, invoicing and contract records.

Sources are you (forms, email, calls) and your device/browser (via cookies/analytics—see Cookies below).

3) How we use data & lawful bases

We only process personal data where a lawful basis applies (UK GDPR Art. 6):

  • To respond to enquiries and deliver work (contract / steps before a contract).

  • To operate and improve our site and services (legitimate interests—service quality, security, analytics).

  • To send updates where opted-in (consent; you can withdraw at any time).

  • To meet legal and accounting obligations (legal obligation).

ICO guidance on lawful bases: consent, contract, legitimate interests, legal obligation, vital interests, public task. We primarily rely on contract, legitimate interests, consent, and legal obligation.

4) Cookies & analytics

Our site may use cookies and similar technologies for essential functionality and aggregated analytics (e.g., GA4/Consent Mode). Where required, we seek consent and provide controls. See our Cookie Notice for details of tools used and how to manage preferences. PECR requires clear and comprehensive information and, in most cases, consent before setting non-essential cookies.

5) Sharing your data

We use vetted service providers (processors) for hosting, email, analytics, project management and accounting. They only process data under our instructions and appropriate agreements. We may also share data if required by law or to establish/exercise legal claims.

6) International transfers

Where tools store data outside the UK, we use recognised safeguards (e.g., UK IDTA or UK Addendum to EU SCCs) and assess provider practices. Details available on request.

7) Retention

We keep personal data only as long as needed:

  • Enquiries: typically 12–24 months after last contact.

  • Client/project records: typically 6–7 years (accounting/contract purposes).

  • Marketing preferences: until you opt out or the list is refreshed.
    We review retention periodically and delete/aggregate when no longer needed.

8) Your rights

You have rights under UK GDPR, including to be informed, access, rectify, erase, restrict, object, and data portability. You also have rights around automated decision-making where applicable. To exercise a right, email us your address; we aim to respond within one month

9) Direct marketing

You can opt out of marketing at any time via the link in messages or by contacting us. We keep a record of your preference to ensure it’s respected.

10) Children

Our services are intended for business customers. We do not knowingly collect children’s data.

11) Security

We take reasonable technical and organisational measures appropriate to our size and the nature of data processed (e.g., access controls, least-privilege, encrypted transports). No method is 100% secure.

12) Complaints

Please contact us first and we’ll try to resolve your concern.

13) Changes to this policy

We may update this notice from time to time. The latest version will always be posted here with an updated date.