Privacy Policy
Forsa Design – Art & Web Design
Last Updated: June 2026
1. Introduction
Forsa Design ("we," "us," "our," or "Company") is committed to protecting your privacy and ensuring you have a positive experience on our website and when engaging with our services. This Privacy Policy explains how we collect, use, disclose, and process your personal data in accordance with the General Data Protection Regulation (GDPR), the Data Protection Act 2018, and all applicable data protection laws. By accessing our website or engaging our services, you consent to the practices described in this Privacy Policy.
2. Definitions
"Personal Data" means any information relating to an identified or identifiable natural person. "Processing" means any operation performed on Personal Data, such as collection, recording, organisation, storage, use, transmission, or deletion. "Data Subject" means the individual to whom Personal Data relates. "Controller" means the entity that determines the purposes and means of Processing. Forsa Design is the Controller for this website.
3. Controller and Data Protection Officer
Forsa Design, Art & Web Design, Banff, Scotland is the Data Controller. For all data protection enquiries and to exercise your rights, please contact the Data Protection Officer at Forsa Design.
4. Personal Data We Collect
We collect Personal Data that you voluntarily provide, including: contact form submissions (name, email, phone, company, message), service enquiry and quotation request details, client project data, communication records, and account or service registration details.
4.1 Data Collected Automatically
We collect data automatically when you visit our website: IP address, browser type and version, operating system, referring website, pages visited, time spent, click-through data, search queries, device type, and identifiers. We also use cookies and tracking technologies and analytics data via Google Analytics.
4.2 Data from Third Parties
We may receive Personal Data from your employer, referral sources or partners, publicly available sources, and third-party service providers.
5. Legal Basis for Processing
We process your Personal Data only where we have a lawful basis under GDPR.
5.1 Consent
You have explicitly consented to Processing for marketing emails, newsletters, non-essential cookies, testimonial use, call recordings, and optional data fields. You may withdraw consent at any time.
5.2 Contract Performance
Processing is necessary to perform a contract with you or to take steps at your request prior to entering into a contract.
5.3 Legal Obligation
Processing is necessary for compliance with applicable law, including tax records, accounting data, fraud prevention, and public safety.
5.4 Legitimate Interest
Processing is necessary for legitimate interests pursued by the Company, including website security, fraud prevention, analytics, customer service improvements, and business operations.
5.5 Vital Interests
Processing is necessary to protect vital interests, applied to emergency situations and data breaches affecting your safety.
6. How We Use Your Personal Data
We use your Personal Data for service delivery, communication and customer service, marketing and promotion (with your consent), website analytics and improvement, security and fraud prevention, legal compliance, and business operations.
7. Data Retention
We retain Personal Data only as long as necessary to achieve the purposes for which it was collected, unless a longer retention period is required by law.
7.1 Retention Periods
Contact Form Enquiries: 2 years. Project Clients: duration of project + 7 years. Marketing Lists: until you unsubscribe, plus 2 years. Website Analytics: 26 months. Email Communications: 2 years or duration of business relationship. Payment Records: 7 years. Server Logs and IP Data: 90 days.
7.2 Deletion
When Personal Data is no longer necessary, we securely delete or anonymise it. You may request deletion at any time, subject to legal retention requirements.
8. Sharing and Disclosure of Personal Data
We only share your Personal Data with third parties if you have consented or it is necessary for service delivery.
8.1 Service Providers and Third Parties
We may disclose Personal Data to hosting providers, payment processors, email service providers, analytics providers (Google Analytics), communication tools, and professional services. All service providers are contractually bound to process data only on our instructions.
8.2 Legal Obligations
We may disclose Personal Data if required by law, court order, or lawful authority request.
8.3 Business Transfer
If Forsa Design is acquired, merged, or restructured, Personal Data may be transferred as part of that transaction. We will notify you of any such change.
8.4 No Sale of Data
We do not sell, rent, or trade your Personal Data to third parties for marketing purposes.
9. International Data Transfers
Forsa Design processes and stores Personal Data primarily within the United Kingdom and European Union. If Personal Data is transferred outside the UK or EU, we ensure appropriate safeguards are in place and that the transfer is necessary for service delivery.
10. Cookies and Tracking Technologies
We use essential cookies (security, session management), analytics cookies (Google Analytics, requiring consent), preference cookies (theme, language), and marketing cookies (targeted advertising, requiring consent). You may accept all, reject non-essential, customise preferences, or change consent at any time.
11. Your Rights Under GDPR
As a Data Subject, you have the following rights:
11.1 Right of Access
You have the right to request access to your Personal Data and information about how we process it. We will provide this within 30 days at no cost.
11.2 Right to Rectification
You have the right to correct inaccurate or incomplete Personal Data.
11.3 Right to Erasure ("Right to Be Forgotten")
You have the right to request deletion of your Personal Data, except where processing is necessary for legal obligations or contract performance.
11.4 Right to Restrict Processing
You have the right to request that we limit how we process your data while you resolve a dispute or exercise other rights.
11.5 Right to Data Portability
You have the right to receive a copy of your Personal Data in a structured, machine-readable format and to transmit it to another controller.
11.6 Right to Object
You have the right to object to Processing based on legitimate interest, including for marketing purposes.
11.7 Right to Lodge a Complaint
You have the right to lodge a complaint with the UK Information Commissioner's Office (ICO): www.ico.org.uk.
11.8 Automated Decision-Making
We do not use automated decision-making or profiling for decisions that significantly affect you.
12. Children's Privacy
Our website and services are not directed to children under 13 years old. We do not knowingly collect Personal Data from children under 13.
13. Data Security
We implement reasonable technical, administrative, and organisational security measures to protect Personal Data: SSL/TLS encryption for data in transit, encrypted data storage, restricted access to personal data, regular security assessments, and secure password policies with multi-factor authentication.
13.1 Limitations
While we implement appropriate security measures, no method of transmission over the internet is completely secure. We cannot guarantee absolute security.
13.2 Data Breach Notification
If we discover a data breach that poses a risk to your rights and freedoms, we will notify the relevant data protection authority within 72 hours (where required) and notify affected individuals without undue delay.
14. Third-Party Links and Services
Our website may contain links to third-party websites, applications, and services. This Privacy Policy applies only to our website and services. Third-party services we use (Google Analytics, payment processors, hosting providers) have their own privacy policies.
15. Business Partners and Client Data Processing
If you are a Forsa Design client, we process Personal Data on your behalf for website hosting, maintenance, and operation. As a Data Processor, we process data only according to your instructions.
16. Retention and Deletion Requests
You may request deletion of your Personal Data by contacting us at hello@forsadesign.co.uk. We will respond to deletion requests within 30 days.
17. Marketing Communications and Opt-Out
We may send marketing emails only if you have consented. You may unsubscribe at any time by clicking the "Unsubscribe" link in any email or contacting us directly. We will honour unsubscribe requests within 10 business days.
18. Changes to This Privacy Policy
We may update this Privacy Policy periodically. Last Updated: June 2026. We will notify you of material changes by email or by posting a notice on this website.
19. Contact Us
For questions, concerns, or to exercise your rights under GDPR, please contact: Forsa Design, Art & Web Design, Banff, Scotland. Email: hello@forsadesign.co.uk. Phone: 07770110735. We will respond to all privacy enquiries within 30 days.
20. Legal Basis Summary Table
Contact form data: Consent + Contract. Project client data: Contract. Email address: Consent (marketing). Website usage data: Legitimate interest (analytics). IP address, device info: Legitimate interest (security). Payment information: Contract + Legal obligation. Testimonials: Consent. Call recordings: Consent. Cookies: Consent (essential cookies exempt).