i. Who we are
Tywi Digital is a digital agency based in Carmarthenshire, Wales. We design, build and look after websites and provide SEO, digital marketing and creative design support for businesses across Wales and the UK.
For the purposes of UK data protection law, Tywi Digital is the data controller of the personal information described in this policy. That means we decide what information is collected and how it is used.
ii. What we collect
We try to collect only what we need. Depending on how you interact with us, this may include:
- Contact details
- Name, business name, email, phone number and website URL when you submit our enquiry form, email us or call us.
- Project information
- Notes, briefs, content and access credentials you share with us so we can carry out the work you have asked us to do.
- Billing details
- The information needed to raise an invoice and reconcile payment, such as company name, billing address and VAT number where relevant.
- Website analytics
- Anonymised usage information about how visitors interact with our website — pages viewed, approximate location, device type and referrer.
- Correspondence
- Emails, messages and call notes you exchange with us, kept so we can answer questions and keep an accurate project history.
We do not collect special category data (such as health, ethnicity or political opinions) and we do not ask for payment card details — payments are handled through trusted third-party processors.
iii. How we collect it
We collect personal information in three ways:
- Directly from you when you submit a form on this website, email us, call us or speak to us during a project.
- Automatically when you visit our website — for example basic analytics that help us understand whether the site is working well.
- From third parties in limited cases, for example a referral from another business or publicly available business directory information.
iv. Why we use it
We use your information for the following purposes:
- To respond to enquiries and answer your questions.
- To provide the services you have asked us to deliver.
- To manage projects, communicate progress and arrange meetings.
- To raise invoices, take payment and keep accounting records.
- To improve our website, services and the way we work.
- To comply with our legal and accounting obligations.
- Where you have agreed, to send occasional helpful updates about our work.
v. Legal basis
Under UK GDPR we need a lawful basis to process your personal information. The ones we rely on are:
- Legitimate interests — responding to enquiries, running our business, keeping records and improving our services.
- Contract — performing work you have asked us to do, or taking steps before entering into a contract.
- Legal obligation — keeping financial and tax records as required by UK law.
- Consent — if you have opted in to receive marketing communications.
Where we rely on consent you can withdraw it at any time by emailing us at hello@tywidigital.co.uk.
vi. Sharing & processors
We do not sell your information and we do not share it with anyone who has no reason to see it. We do, however, work with carefully chosen suppliers who help us run our business. They act as data processors on our behalf and are bound by appropriate data protection terms. They may include:
- Hosting and email providers used to run our infrastructure.
- WordPress hosting partners that host the websites we build.
- Accounting, invoicing and payment providers.
- Cloud storage and project management tools used to deliver projects.
- Analytics and search tools that help us understand website performance.
We will also disclose information where we are legally required to do so, for example to respond to a lawful request from a regulator, court or law enforcement agency.
vii. Cookies & analytics
Our website uses a small number of cookies and similar technologies. These fall into two groups:
- Strictly necessary — required for the website to work, for example remembering form state. These do not require consent.
- Analytics — help us understand which pages are useful and how visitors find us. Where used, these are configured to anonymise IP addresses and respect the choices you make in any cookie banner shown on the site.
You can clear or block cookies from your browser at any time. Doing so may affect parts of the website.
viii. Where we store it
Your information is stored on systems located in the United Kingdom and the European Economic Area wherever practical. Where a supplier is based outside these regions, we make sure that appropriate safeguards are in place, such as standard contractual clauses or an equivalent legal mechanism.
ix. How long we keep it
We keep your information only as long as we need it for the purpose it was collected:
- Enquiries that do not lead to a project — up to 24 months, then deleted.
- Active client records — for as long as we are working together.
- Financial records — at least 6 years to meet HMRC accounting requirements.
- Marketing contact details — until you ask to be removed.
- Project files and backups — typically for 12 months after a project closes, unless we have agreed otherwise.
x. Security
We take security seriously. We use sensible permissions, strong unique passwords, two-factor authentication where available, encrypted storage and regular updates on the systems we use. We also limit access to personal information to the people who need it to do their job.
If something does go wrong and a data breach affects you, we will tell you and the Information Commissioner where required by law, and we will explain what happened and what we are doing about it.
xi. Your rights
Under UK GDPR you have a number of rights over your personal information:
- Access — ask for a copy of the personal information we hold about you.
- Rectification — ask us to correct anything that is wrong or out of date.
- Erasure — ask us to delete your information where there is no good reason for us to keep it.
- Restriction — ask us to limit how we use your information in certain situations.
- Objection — object to us using your information for direct marketing or where we rely on legitimate interests.
- Portability — ask for a machine-readable copy of certain information you have given us.
- Withdraw consent — at any time, where we rely on consent.
To exercise any of these rights, email hello@tywidigital.co.uk. We will reply within one calendar month. If you are not happy with our response, you have the right to complain to the Information Commissioner's Office.
xii. Children
Our services are aimed at businesses and we do not knowingly collect personal information from children under 13. If you believe we hold information about a child, please contact us and we will delete it.
xiii. Changes to this policy
We may update this policy from time to time, for example if our services change or the law changes. When we do, we will update the “last updated” date at the top. Material changes will be communicated where appropriate.
xiv. Contact us
If you have any questions about this policy or about how we look after your information, please get in touch. We are happy to talk it through.
Talk to us directly.
Tywi Digital is a small team and a real person will reply. The fastest way to reach us is by email or phone during office hours.
- Email · hello@tywidigital.co.uk
- Phone · 07581 238 286
- Office hours · Monday–Friday, by appointment
- Based in · Carmarthenshire, Wales