Blue Penguin Digital Blue Penguin Digital

Privacy Policy

Last updated: June 2026

1. Who we are

Blue Penguin Digital is a web development business based in the UK. We build and host websites for businesses across the country.

For the purposes of UK data protection law, the data controller is Rob Hawlor, trading as Blue Penguin Digital.

If you have questions about this policy or how your data is handled, email robert@bluepenguin.digital.

2. What data we collect

We collect the bare minimum needed to run our business. That means:

  • Contact form submissions — your name, email address, phone number (optional), company name (optional), and the content of your message. This is what you type into our contact form and hit send on.
  • Client project data — information you provide during a project: business details, login credentials for existing services, content and images for your website. This is held only for the duration of the project and any ongoing support arrangement.
  • Hosting client data — if we host your website, we hold the technical details needed to manage your hosting: domain name, email addresses for account notifications, and server access credentials.

We do not collect:

  • Payment card details (we invoice by bank transfer)
  • Marketing data from third parties
  • Any data you haven't explicitly given us

3. Cookies

This website uses essential cookies and, with your consent, self-hosted anonymised analytics. No Google Analytics, no Facebook pixel, no marketing scripts, no third-party trackers of any kind.

Essential cookies are strictly necessary — for example, a session cookie to make the contact form work and a cookie to remember your consent choice. These are exempt from consent requirements under UK law because the site cannot function without them.

Analytics cookies are only set after you click Accept in our cookie banner. We use self-hosted Matomo Analytics running on our own server. IP addresses are anonymised, and the data is never shared with anyone. Rejecting analytics does not affect your experience on the site.

Our cookie banner gives you a genuine choice. Accept enables self-hosted anonymised analytics. Essential only means just that — no analytics cookies, ever. You can change your mind at any time by clearing your cookies and revisiting the site.

4. How we use your data

We use the information you provide for exactly the purposes you'd expect:

  • To respond to your enquiry
  • To deliver the services you've asked for
  • To manage your hosting account
  • To send invoices and account-related communications

We do not:

  • Sell your data to anyone
  • Share your data with third parties unless required for your project (e.g. registering a domain name) or by law
  • Add you to marketing lists
  • Send newsletters unless you've explicitly asked to receive them

5. Who we share data with

We share data only when necessary to deliver our services:

  • Unity Tech — our hosting infrastructure partner. They have access to server-level data for monitoring and maintenance purposes.
  • Domain registrars — if we register a domain on your behalf, we share the required registrant information with the registrar.
  • Legal obligations — we'll share data if required by law or to protect our legal rights.

6. How long we keep data

  • Enquiry messages — up to 12 months after last contact, then deleted.
  • Client project data — for the duration of the project plus 12 months after completion, then deleted unless you're on an ongoing support plan.
  • Hosting account data — for as long as you remain a hosting client, plus 30 days after cancellation.
  • Invoices and financial records — 6 years (standard UK legal requirement).

7. Where your data is stored

All data is stored on servers located in the United Kingdom. We do not transfer personal data outside the UK.

8. Your rights

Under UK GDPR, you have the right to:

  • Access the personal data we hold about you
  • Ask us to correct any inaccurate data
  • Ask us to delete your data (the "right to be forgotten")
  • Object to processing of your data
  • Request a copy of your data in a portable format

To exercise any of these rights, email robert@bluepenguin.digital. We'll respond within 30 days.

If you're unhappy with how we handle your data, you can complain to the Information Commissioner's Office (ICO).

9. Changes to this policy

If we change this policy, we'll update this page. If the changes are significant, we'll let our clients know directly.