Legal

Privacy Policy

How we collect, use, and protect your personal data.

Last updated: 16 July 2026

1. Who We Are

Coltura Solutions (“we”, “us”, “our”) is a web design and digital marketing agency based in the United Kingdom. We design strategic websites for local businesses.

For the purposes of the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018, Coltura Solutions is the data controller of your personal data.

2. What Data We Collect

When you use our website, contact us, or engage our services, we may collect the following types of personal data:

  • Contact information — name, email address, phone number, and business name when you submit a form, send a WhatsApp message, or call us.
  • Business information — details about your business, website URL, and project requirements that you voluntarily provide.
  • Usage data — anonymous analytics such as pages visited, time spent on pages, referral sources, and device type (collected via analytics tools).
  • Cookies — small text files placed on your device to enable core site functionality and measure performance. See Section 6 below.

3. How We Use Your Data

We use your personal data for the following purposes:

  • To respond to your enquiries and provide the services you request.
  • To send you website audits, proposals, and project updates.
  • To process payments and manage our business relationship.
  • To improve our website, services, and customer experience.
  • To comply with legal obligations and resolve disputes.

4. Legal Basis for Processing

Under UK GDPR, we process your data on the following legal bases:

  • Consent — where you have given us clear consent to process your data for a specific purpose (e.g. marketing emails).
  • Contract — where processing is necessary for the performance of a contract with you (e.g. delivering a website build).
  • Legitimate interests — where processing is necessary for our legitimate business interests (e.g. responding to enquiries, improving our website), provided these do not override your rights.
  • Legal obligation — where we need to process data to comply with the law.

5. Data Sharing and Third Parties

We do not sell your personal data. We may share your data with:

  • Service providers — trusted third-party providers who help us operate our business, such as hosting providers, email services, analytics tools (e.g. Google Analytics), and payment processors. These providers are contractually bound to protect your data.
  • WhatsApp (Meta) — when you contact us via WhatsApp, your message data is handled by Meta in accordance with their privacy policy.
  • Legal authorities — where required by law, court order, or regulatory request.

6. Cookies

Our website uses the following types of cookies:

  • Essential cookies — required for the website to function (e.g. theme preferences). These cannot be turned off.
  • Analytics cookies — help us understand how visitors use our site (e.g. Google Analytics). These are optional and only set when you consent.

You can manage your cookie preferences at any time using the cookie banner on our site, or by clearing cookies through your browser settings.

7. Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected:

  • Enquiry data — retained for up to 12 months after your last communication, unless you become a client.
  • Client data — retained for the duration of our working relationship plus 6 years, in line with UK tax and accounting requirements.
  • Analytics data — anonymised after 26 months (Google Analytics default).

8. Your Rights

Under UK data protection law, you have the right to:

  • Access — request a copy of the personal data we hold about you.
  • Rectification — request correction of inaccurate or incomplete data.
  • Erasure — request deletion of your personal data (“right to be forgotten”).
  • Restriction — request that we limit how we process your data.
  • Object — object to our processing of your data based on legitimate interests.
  • Data portability — request your data in a structured, machine-readable format.

To exercise any of these rights, contact us using the details below. We will respond within one month.

9. Data Security

We take appropriate technical and organisational measures to protect your personal data against unauthorised access, loss, misuse, or alteration. These measures include encryption, secure hosting, access controls, and regular security reviews. However, no method of transmission over the internet is 100% secure, and we cannot guarantee absolute security.

10. International Transfers

Some of our service providers may be based outside the UK. Where personal data is transferred internationally, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses (SCCs) or adequacy decisions, in compliance with UK GDPR.

11. Changes to This Policy

We may update this Privacy Policy from time to time. Any changes will be posted on this page with an updated “Last updated” date. We encourage you to review this policy periodically.

12. Contact Us

If you have any questions about this Privacy Policy or wish to exercise your data rights, please contact us: