CHRISP DESIGN.
    07888 862977

    Privacy policy

    Last updated: June 2026

    This privacy policy explains how Chrisp Design collects, uses, stores, and protects your personal data. We are committed to handling your information responsibly and in line with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

    By using our website or engaging our services, you acknowledge this policy.

    1. Who we are

    Chrisp Design is a UK-based web design, AI automation, and digital marketing agency trading as Chrisp Design.

    Contact: info@chrispdesign.com
    Website: chrispdesign.com

    We are in the process of registering with the Information Commissioner's Office (ICO). Until registration is confirmed, we operate in full compliance with UK GDPR obligations.

    2. What data we collect

    Depending on how you interact with us, we may collect the following personal data.

    From website enquiry forms and contact submissions

    • Full name
    • Email address
    • Phone number
    • Business name
    • Message content and enquiry details

    From calls, emails, and direct communication

    • Contact details shared during conversations
    • Notes from calls or meetings

    From cold outreach and lead generation activity

    • Business name and contact details sourced from publicly available sources including Google Maps, business directories, and similar platforms
    • Email addresses and phone numbers used for outreach purposes

    From advertising platforms

    • Data collected via Meta (Facebook and Instagram) Ads and Google Ads, including pixel tracking data, ad interactions, and audience data generated through our campaigns

    From our CRM and automation systems

    • Lead and contact records
    • Communication history
    • Booking and enquiry data
    • Automated message responses and engagement data

    Technical data from website visits

    • IP address
    • Browser type and version
    • Pages visited and time spent
    • Referring website
    • Cookie data (see Section 8)

    3. How we collect your data

    We collect data through the following means:

    • Enquiry and contact forms on our website
    • Direct email, phone, and in-person communication
    • Our CRM platform (GoHighLevel)
    • Cold outreach campaigns via email and SMS
    • Lead scraping tools including Apify
    • Meta Ads and Google Ads platforms
    • Third-party email outreach tools including Instantly
    • Cookies and tracking technology on our website

    4. Why we collect your data and our lawful basis

    We process your personal data for the following purposes.

    To deliver our services

    Lawful basis: Contract - processing is necessary to fulfil our obligations to you as a client.

    To respond to enquiries

    Lawful basis: Legitimate interests - we have a legitimate interest in responding to people who contact us.

    To send marketing communications to existing clients

    Lawful basis: Legitimate interests - we may contact you about relevant services where you are an existing client and have not opted out.

    To conduct cold outreach to prospective business clients

    Lawful basis: Legitimate interests - we contact business owners and decision makers about services that may be relevant to them, in line with UK PECR regulations. We always provide a clear and easy way to opt out.

    To run advertising campaigns

    Lawful basis: Legitimate interests and consent - we use Meta and Google advertising platforms to reach relevant audiences. Where consent is required for cookie-based tracking, we obtain this through our cookie notice.

    To improve our website and services

    Lawful basis: Legitimate interests - we analyse usage data to understand how our website performs and how we can improve it.

    To comply with legal obligations

    Lawful basis: Legal obligation - where we are required to retain or share data by law.

    5. Who we share your data with

    We do not sell your personal data. We may share your data with the following third parties where necessary to deliver our services.

    GoHighLevel - our primary CRM and automation platform. Data is stored and processed on their servers. GoHighLevel is a US-based platform operating under appropriate data transfer safeguards.

    Instantly - used for cold email outreach campaigns. US-based platform.

    Apify - used for lead data collection from publicly available sources. Data collected is used solely for outreach purposes.

    Meta (Facebook and Instagram) - advertising platform. Data shared includes pixel tracking data and custom audiences.

    Google - advertising and analytics platform. Data shared includes tracking data via Google Analytics and Google Ads.

    Maildoso and email infrastructure providers - used for sending outreach and marketing emails.

    Payment processors - where applicable, payment data is handled by our payment provider. We do not store full payment card details.

    All third-party processors are required to handle your data securely and in accordance with applicable data protection law.

    6. International data transfers

    Some of the platforms we use are based in the United States, including GoHighLevel and Instantly. Where your data is transferred outside the UK, we ensure appropriate safeguards are in place, including Standard Contractual Clauses or reliance on platforms that operate under equivalent data protection frameworks recognised by the UK.

    7. How long we keep your data

    We retain personal data only for as long as necessary for the purpose it was collected.

    • Client data: retained for the duration of the engagement plus 6 years in line with UK contractual limitation periods
    • Enquiry and contact data: retained for up to 2 years if no engagement results
    • Cold outreach contact data: retained until you opt out or we determine outreach is no longer appropriate
    • Website analytics data: retained in line with platform defaults, typically up to 26 months
    • Financial and billing records: retained for 7 years in line with HMRC requirements

    8. Cookies

    Our website uses cookies to improve your experience and help us understand how people use the site.

    Cookies we use include:

    • Essential cookies - necessary for the website to function
    • Analytics cookies - help us understand traffic and usage patterns (Google Analytics)
    • Marketing cookies - used to track ad performance and retargeting (Meta Pixel, Google Ads)

    You can control cookie preferences through your browser settings. Refusing non-essential cookies may affect some website functionality.

    9. Your rights

    Under UK GDPR you have the following rights regarding your personal data:

    • Right to access - you can request a copy of the data we hold about you
    • Right to rectification - you can ask us to correct inaccurate data
    • Right to erasure - you can ask us to delete your data in certain circumstances
    • Right to restrict processing - you can ask us to limit how we use your data
    • Right to object - you can object to processing based on legitimate interests, including direct marketing
    • Right to data portability - you can request your data in a portable format where applicable
    • Right to withdraw consent - where processing is based on consent, you can withdraw it at any time

    To exercise any of these rights, contact us at info@chrispdesign.com. We will respond within one calendar month.

    If you are unhappy with how we handle your data, you have the right to lodge a complaint with the ICO at ico.org.uk.

    10. Opting out of marketing and outreach

    You can opt out of marketing communications at any time by:

    • Replying STOP to any SMS message
    • Clicking unsubscribe in any email
    • Emailing info@chrispdesign.com requesting removal

    We will process all opt-out requests promptly and within 5 business days at the latest.

    11. Data security

    We take reasonable technical and organisational measures to protect your personal data against unauthorised access, loss, or misuse. These include access controls, encrypted platforms, and limiting data access to those who need it to carry out their role.

    No method of transmission over the internet is completely secure. While we do our best to protect your data, we cannot guarantee absolute security.

    12. Children's data

    Our services are directed at business owners and are not intended for individuals under the age of 18. We do not knowingly collect data from children. If you believe we have inadvertently collected data from a child, please contact us at info@chrispdesign.com and we will delete it promptly.

    13. Changes to this policy

    We may update this privacy policy from time to time. The most current version will always be available at chrispdesign.com/privacy. Where changes are significant, we will notify existing clients directly.

    14. Contact

    For any questions, requests, or complaints regarding this privacy policy or how we handle your data, please contact us at info@chrispdesign.com.