Privacy Policy Polisi preifatrwydd

How we look after
your information.

Tywi Digital is a small Welsh digital agency. We collect the minimum personal information we need to run our business, keep it secure and never share it with anyone who has no reason to see it. This page explains what we do, in plain English.

Last updated · 15 May 2026 UK GDPR & Data Protection Act 2018

i. Who we are

Tywi Digital is a digital agency based in Carmarthenshire, Wales. We design, build and look after websites and provide SEO, digital marketing and creative design support for businesses across Wales and the UK.

For the purposes of UK data protection law, Tywi Digital is the data controller of the personal information described in this policy. That means we decide what information is collected and how it is used.

ii. What we collect

We try to collect only what we need. Depending on how you interact with us, this may include:

Contact details
Name, business name, email, phone number and website URL when you submit our enquiry form, email us or call us.
Project information
Notes, briefs, content and access credentials you share with us so we can carry out the work you have asked us to do.
Billing details
The information needed to raise an invoice and reconcile payment, such as company name, billing address and VAT number where relevant.
Website analytics
Anonymised usage information about how visitors interact with our website — pages viewed, approximate location, device type and referrer.
Correspondence
Emails, messages and call notes you exchange with us, kept so we can answer questions and keep an accurate project history.

We do not collect special category data (such as health, ethnicity or political opinions) and we do not ask for payment card details — payments are handled through trusted third-party processors.

iii. How we collect it

We collect personal information in three ways:

  1. Directly from you when you submit a form on this website, email us, call us or speak to us during a project.
  2. Automatically when you visit our website — for example basic analytics that help us understand whether the site is working well.
  3. From third parties in limited cases, for example a referral from another business or publicly available business directory information.

iv. Why we use it

We use your information for the following purposes:

  • To respond to enquiries and answer your questions.
  • To provide the services you have asked us to deliver.
  • To manage projects, communicate progress and arrange meetings.
  • To raise invoices, take payment and keep accounting records.
  • To improve our website, services and the way we work.
  • To comply with our legal and accounting obligations.
  • Where you have agreed, to send occasional helpful updates about our work.

vi. Sharing & processors

We do not sell your information and we do not share it with anyone who has no reason to see it. We do, however, work with carefully chosen suppliers who help us run our business. They act as data processors on our behalf and are bound by appropriate data protection terms. They may include:

  • Hosting and email providers used to run our infrastructure.
  • WordPress hosting partners that host the websites we build.
  • Accounting, invoicing and payment providers.
  • Cloud storage and project management tools used to deliver projects.
  • Analytics and search tools that help us understand website performance.

We will also disclose information where we are legally required to do so, for example to respond to a lawful request from a regulator, court or law enforcement agency.

vii. Cookies & analytics

Our website uses a small number of cookies and similar technologies. These fall into two groups:

  • Strictly necessary — required for the website to work, for example remembering form state. These do not require consent.
  • Analytics — help us understand which pages are useful and how visitors find us. Where used, these are configured to anonymise IP addresses and respect the choices you make in any cookie banner shown on the site.

You can clear or block cookies from your browser at any time. Doing so may affect parts of the website.

viii. Where we store it

Your information is stored on systems located in the United Kingdom and the European Economic Area wherever practical. Where a supplier is based outside these regions, we make sure that appropriate safeguards are in place, such as standard contractual clauses or an equivalent legal mechanism.

ix. How long we keep it

We keep your information only as long as we need it for the purpose it was collected:

  • Enquiries that do not lead to a project — up to 24 months, then deleted.
  • Active client records — for as long as we are working together.
  • Financial records — at least 6 years to meet HMRC accounting requirements.
  • Marketing contact details — until you ask to be removed.
  • Project files and backups — typically for 12 months after a project closes, unless we have agreed otherwise.

x. Security

We take security seriously. We use sensible permissions, strong unique passwords, two-factor authentication where available, encrypted storage and regular updates on the systems we use. We also limit access to personal information to the people who need it to do their job.

Plain English

If something does go wrong and a data breach affects you, we will tell you and the Information Commissioner where required by law, and we will explain what happened and what we are doing about it.

xi. Your rights

Under UK GDPR you have a number of rights over your personal information:

  • Access — ask for a copy of the personal information we hold about you.
  • Rectification — ask us to correct anything that is wrong or out of date.
  • Erasure — ask us to delete your information where there is no good reason for us to keep it.
  • Restriction — ask us to limit how we use your information in certain situations.
  • Objection — object to us using your information for direct marketing or where we rely on legitimate interests.
  • Portability — ask for a machine-readable copy of certain information you have given us.
  • Withdraw consent — at any time, where we rely on consent.

To exercise any of these rights, email hello@tywidigital.co.uk. We will reply within one calendar month. If you are not happy with our response, you have the right to complain to the Information Commissioner's Office.

xii. Children

Our services are aimed at businesses and we do not knowingly collect personal information from children under 13. If you believe we hold information about a child, please contact us and we will delete it.

xiii. Changes to this policy

We may update this policy from time to time, for example if our services change or the law changes. When we do, we will update the “last updated” date at the top. Material changes will be communicated where appropriate.

xiv. Contact us

If you have any questions about this policy or about how we look after your information, please get in touch. We are happy to talk it through.

Get in touch Cysylltwch â ni

Talk to us directly.

Tywi Digital is a small team and a real person will reply. The fastest way to reach us is by email or phone during office hours.

Back to top