Privacy Policy

How we handle your personal data

Last updated: April 2026

Who we are

Spyced Concepts is the trading name of the data controller responsible for this website. If you have any questions about how we handle your personal data, please contact us:

Email: datacontroller@spycedconcepts.uk
Website: www.spycedconcepts.co.uk

What data we collect and why

We collect only the personal data you actively provide to us — for example, when you send us an enquiry via our contact form or email. This typically includes your name, email address, and any information you choose to share about your project.

We do not collect data about visitors who simply browse this website. We do not use analytics tools, advertising trackers, or demographic profiling of any kind.

Legal basis for processing

We process your personal data under the following lawful bases (UK GDPR Article 6):

Legitimate interests — responding to enquiries you have sent to us and maintaining our client relationship records.
Contract performance — processing data necessary to deliver services under an agreement with you.
Legal obligation — retaining financial records as required by UK law.

How we use your data

To respond to your enquiry or provide a quote.
To deliver and manage projects we undertake for you.
To fulfil our legal and financial obligations.
To maintain our legitimate business records.

We will never sell your data or share it for marketing purposes.

Third-party services

We use a number of third-party tools to run our business. Where those tools may store or process personal data on our behalf, we have agreements in place that require them to handle that data lawfully and securely. The services we use include:

Capsule CRM — contact and client relationship management
Google Workspace — email, documents, and calendar
FreeAgent — accounting and invoicing
GitHub — source code management
Atlassian (Jira / Confluence) — project management and documentation

Each of these providers has its own privacy policy and operates under applicable data protection law. We encourage you to review their policies if you wish to understand how your data is handled within those platforms.

International data transfers

Some of the third-party services listed above may store or process data outside the UK or European Economic Area. Where this occurs, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses approved by the UK Information Commissioner's Office (ICO), or we use providers certified under equivalent frameworks.

How long we keep your data

Enquiries that do not become projects — we retain your contact details for up to 12 months, after which they are deleted.
Client project records — retained for 7 years following project completion to meet our legal and financial obligations.
Financial records — retained for 7 years as required by HMRC.

Your rights under UK GDPR

You have the following rights in relation to your personal data:

Right of access — to request a copy of the data we hold about you.
Right to rectification — to ask us to correct inaccurate data.
Right to erasure — to ask us to delete your data, subject to our legal obligations.
Right to restriction — to ask us to limit how we use your data.
Right to data portability — to receive your data in a structured, machine-readable format.
Right to object — to object to processing based on legitimate interests.

To exercise any of these rights, please email datacontroller@spycedconcepts.uk. We will respond within one calendar month.

Cookies

This website uses a single, strictly necessary cookie (sc_cookie_ok) to remember that you have acknowledged this privacy notice. It expires after 30 days and contains no personal information. We do not use advertising, analytics, or tracking cookies.

Complaints

If you are unhappy with how we have handled your personal data, you have the right to lodge a complaint with the UK Information Commissioner's Office (ICO):

Website: ico.org.uk
Helpline: 0303 123 1113

We would, however, appreciate the chance to address your concerns before you contact the ICO — please reach out to us first.

Changes to this policy

We may update this policy from time to time. Any material changes will be reflected on this page with an updated date. We encourage you to review this page periodically.