Legal & Compliance

Privacy & Data Protection Policy

Our commitment to protecting your personal data under UK GDPR.

Last Updated: 20 May 2026 UK GDPR | Data Protection Act 2018

1. Privacy & Data Protection Policy

1.1 Introduction

Smart Digital Tech Access ('we', 'us', 'our') is committed to protecting and respecting your privacy. This Privacy and Data Protection Policy explains how we collect, use, store, share, and protect your personal data in accordance with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and all other applicable UK data protection legislation.

This policy applies to all personal data we process in relation to our clients, website visitors, contractors, and other individuals who interact with our business.

Our registered business address is: Smart Digital Tech Access, London, United Kingdom. You may contact us at hello@sdtaccess.co.uk or +44 7311 477017 with any data protection enquiries.

1.2 Who We Are — Data Controller

For the purposes of UK GDPR and the Data Protection Act 2018, Smart Digital Tech Access is the Data Controller in respect of the personal data we hold about you. As Data Controller, we are responsible for determining the purposes and means of processing your personal data.

We are not currently required to register with the Information Commissioner's Office (ICO) as a data processor under the fee exemption provisions, however we fully comply with all obligations under applicable data protection law. Should registration become required, we will ensure timely compliance. You may contact the ICO at www.ico.org.uk.

1.3 What Personal Data We Collect

We may collect and process the following categories of personal data:

  • Identity Data — including your first name, last name, business name, and job title.
  • Contact Data — including your email address, telephone number, and postal address.
  • Financial Data — including payment card details processed via our secure third-party payment providers. We do not store card details on our own systems.
  • Transaction Data — including details of services purchased from us, invoices issued, and payment history.
  • Technical Data — including your IP address, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform, and other technology identifiers collected when you visit our website.
  • Usage Data — including information about how you use our website, products, and services.
  • Marketing and Communications Data — including your preferences in receiving marketing communications from us and your communication preferences.
  • Project Data — including brief documents, brand assets, creative materials, business information, and other data you share with us for the purpose of delivering our services.

1.4 How We Collect Personal Data

We collect personal data through the following means:

  • Direct interactions: When you fill in our contact form, request a quote, communicate with us by email, telephone, or social media, or enter into a service agreement with us.
  • Automated technologies: When you visit our website, we may automatically collect Technical Data and Usage Data using cookies, server logs, and similar technologies.
  • Third-party sources: We may receive personal data about you from analytics providers such as Google, advertising networks, search information providers, and social media platforms through which you interact with our content.

1.5 Legal Basis for Processing

We rely on the following lawful bases to process your personal data, as required under UK GDPR Article 6:

  • Performance of a contract (Article 6(1)(b)): Processing is necessary to perform our contract with you or to take steps at your request before entering a contract. This includes managing your project, delivering services, and raising invoices.
  • Compliance with a legal obligation (Article 6(1)(c)): Processing is necessary to comply with UK legal obligations, such as retaining financial records for HMRC purposes.
  • Legitimate interests (Article 6(1)(f)): Processing is necessary for our legitimate business interests, such as improving our services, operating our website, preventing fraud, and marketing our services — provided these interests are not overridden by your rights and interests.
  • Consent (Article 6(1)(a)): Where you have given clear, informed consent to processing for a specific purpose, such as receiving our marketing newsletter. You may withdraw consent at any time.

1.6 How We Use Your Personal Data

We use your personal data for the following purposes:

  • To register you as a client and set up your account or project file.
  • To deliver and manage the digital services you have contracted with us, including website design, graphic design, ads management, virtual assistant services, and mobile app development.
  • To process and collect payment for our services.
  • To manage our relationship with you, including notifying you about changes to our terms or policies.
  • To administer and protect our business and website, including troubleshooting, data analysis, testing, system maintenance, and security.
  • To deliver relevant website content and advertisements to you and measure the effectiveness of our advertising.
  • To use data analytics to improve our website, products, services, marketing, and client experience.
  • To make suggestions and recommendations to you about services that may be of interest to you.
  • To send you our newsletter and marketing communications where you have subscribed or consented.
  • To comply with legal and regulatory obligations, including tax and accounting requirements.

1.7 Data Sharing & Third Parties

We do not sell, rent, or trade your personal data to any third party. We may share your personal data with the following categories of recipients where necessary:

  • Service providers: Third-party companies and individuals who provide services on our behalf, such as website hosting providers, payment processors (e.g., Stripe, PayPal), email platforms, project management tools, and cloud storage providers. These parties are contractually required to protect your data and use it only for specified purposes.
  • Advertising and analytics partners: We use tools such as Google Analytics and Meta Pixel for website analytics and advertising performance measurement. These may involve transfer of Technical and Usage Data.
  • Professional advisers: Including solicitors, accountants, auditors, and insurers who provide professional services to us.
  • HM Revenue & Customs (HMRC) and regulatory authorities: Where required by law or regulation.
  • Business transfers: If we merge with or are acquired by another business, your data may be transferred as part of that transaction, subject to the same privacy protections.

We require all third parties to respect the security of your personal data and to treat it in accordance with applicable law. We do not permit third-party service providers to use your data for their own purposes.

1.8 International Data Transfers

Some of our third-party service providers may be based outside the United Kingdom or European Economic Area (EEA). Where we transfer personal data internationally, we ensure appropriate safeguards are in place in accordance with UK GDPR, including reliance on UK adequacy regulations, Standard Contractual Clauses approved by the ICO, or the UK International Data Transfer Agreement (IDTA), as applicable.

1.9 Data Retention

We retain your personal data only for as long as is necessary for the purposes for which it was collected, including to satisfy legal, accounting, or reporting requirements. The following retention periods generally apply:

  • Client project and contractual records: 6 years from the end of the contract (to comply with the Limitation Act 1980).
  • Financial records and invoices: 6 years from the end of the relevant tax year (HMRC requirement).
  • Marketing consent records: Until you withdraw consent or for 2 years of inactivity, whichever is earlier.
  • Website usage data and analytics: As per our cookie and analytics platform settings, typically 26 months.
  • Job applications and enquiries: 6 months from the date of application or enquiry if unsuccessful.

Where your data is no longer required, we will securely delete or anonymise it.

1.10 Data Security

We have implemented appropriate technical and organisational measures to protect your personal data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure, or access. These measures include:

  • Encryption of data in transit using SSL/TLS protocols on our website.
  • Password-protected systems and access controls with role-based permissions.
  • Use of reputable, security-certified third-party platforms for payment processing and cloud storage.
  • Regular review and testing of our security systems and procedures.
  • Staff training and awareness on data protection obligations.

Where we have given you or where you have chosen a password to access parts of our website or services, you are responsible for keeping that password confidential and not sharing it with any third party.

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the ICO within 72 hours of becoming aware of the breach, and will notify affected individuals without undue delay, in accordance with our obligations under UK GDPR Articles 33 and 34.

1.11 Cookies

Our website uses cookies to distinguish you from other users and to improve your experience. Cookies are small text files placed on your device. We use the following types of cookies:

  • Strictly necessary cookies: Required for the website to function properly. These cannot be switched off.
  • Analytics and performance cookies: Allow us to count visits and traffic sources so we can measure and improve site performance (e.g., Google Analytics).
  • Functional cookies: Enable the website to provide enhanced functionality and personalisation.
  • Targeting and advertising cookies: Set by our advertising partners to build a profile of your interests and show you relevant adverts on other sites (e.g., Meta Pixel).

You can control and manage cookies through your browser settings. Disabling certain cookies may affect the functionality of our website. By continuing to use our website, you consent to our use of cookies in accordance with this policy.

1.12 Your Rights Under UK GDPR

You have the following rights in relation to your personal data under UK GDPR:

  • Right of access (Article 15): You have the right to request a copy of the personal data we hold about you (known as a Subject Access Request or SAR). We will respond within one month of receipt.
  • Right to rectification (Article 16): You have the right to request that we correct any inaccurate or incomplete personal data we hold about you.
  • Right to erasure (Article 17): You have the right to request that we delete your personal data where it is no longer necessary for us to hold it, or where you withdraw consent (subject to legal retention obligations).
  • Right to restriction of processing (Article 18): You have the right to request that we restrict the processing of your personal data in certain circumstances.
  • Right to data portability (Article 20): Where we process your data by automated means on the basis of consent or contract, you have the right to receive your data in a structured, commonly used, machine-readable format.
  • Right to object (Article 21): You have the right to object to processing of your personal data for direct marketing purposes or where we rely on legitimate interests as our lawful basis.
  • Rights related to automated decision-making (Article 22): You have the right not to be subject to decisions based solely on automated processing which produce legal or similarly significant effects.

To exercise any of these rights, please contact us in writing at hello@sdtaccess.co.uk. We will respond within one calendar month. You will not be charged a fee for making a request, unless your request is manifestly unfounded or excessive.

You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) at www.ico.org.uk or by calling 0303 123 1113 if you believe we have not handled your personal data in accordance with applicable law.

1.13 Changes to This Policy

We may update this Privacy & Data Protection Policy from time to time. Any changes will be posted on this page with an updated revision date. Where changes are material, we will notify you by email or a prominent notice on our website. We encourage you to review this policy periodically.