Privacy Policy

Forsa Design – Art & Web Design

Last Updated: June 2026

1. Introduction

Forsa Design ("we," "us," "our," or "Company") is committed to protecting your privacy and ensuring you have a positive experience on our website and when engaging with our services. This Privacy Policy explains how we collect, use, disclose, and process your personal data in accordance with the General Data Protection Regulation (GDPR), the Data Protection Act 2018, and all applicable data protection laws. By accessing our website or engaging our services, you consent to the practices described in this Privacy Policy.

2. Definitions

"Personal Data" means any information relating to an identified or identifiable natural person. "Processing" means any operation performed on Personal Data, such as collection, recording, organisation, storage, use, transmission, or deletion. "Data Subject" means the individual to whom Personal Data relates. "Controller" means the entity that determines the purposes and means of Processing. Forsa Design is the Controller for this website.

3. Controller and Data Protection Officer

Forsa Design, Art & Web Design, Banff, Scotland is the Data Controller. For all data protection enquiries and to exercise your rights, please contact the Data Protection Officer at Forsa Design.

4. Personal Data We Collect

We collect Personal Data that you voluntarily provide, including: contact form submissions (name, email, phone, company, message), service enquiry and quotation request details, client project data, communication records, and account or service registration details.

4.1 Data Collected Automatically

We collect data automatically when you visit our website: IP address, browser type and version, operating system, referring website, pages visited, time spent, click-through data, search queries, device type, and identifiers. We also use cookies and tracking technologies and analytics data via Google Analytics.

4.2 Data from Third Parties

We may receive Personal Data from your employer, referral sources or partners, publicly available sources, and third-party service providers.

5. Legal Basis for Processing

We process your Personal Data only where we have a lawful basis under GDPR.

5.1 Consent

You have explicitly consented to Processing for marketing emails, newsletters, non-essential cookies, testimonial use, call recordings, and optional data fields. You may withdraw consent at any time.

5.2 Contract Performance

Processing is necessary to perform a contract with you or to take steps at your request prior to entering into a contract.

5.3 Legal Obligation

Processing is necessary for compliance with applicable law, including tax records, accounting data, fraud prevention, and public safety.

5.4 Legitimate Interest

Processing is necessary for legitimate interests pursued by the Company, including website security, fraud prevention, analytics, customer service improvements, and business operations.

5.5 Vital Interests

Processing is necessary to protect vital interests, applied to emergency situations and data breaches affecting your safety.

6. How We Use Your Personal Data

We use your Personal Data for service delivery, communication and customer service, marketing and promotion (with your consent), website analytics and improvement, security and fraud prevention, legal compliance, and business operations.

7. Data Retention

We retain Personal Data only as long as necessary to achieve the purposes for which it was collected, unless a longer retention period is required by law.

7.1 Retention Periods

Contact Form Enquiries: 2 years. Project Clients: duration of project + 7 years. Marketing Lists: until you unsubscribe, plus 2 years. Website Analytics: 26 months. Email Communications: 2 years or duration of business relationship. Payment Records: 7 years. Server Logs and IP Data: 90 days.

7.2 Deletion

When Personal Data is no longer necessary, we securely delete or anonymise it. You may request deletion at any time, subject to legal retention requirements.

8. Sharing and Disclosure of Personal Data

We only share your Personal Data with third parties if you have consented or it is necessary for service delivery.

8.1 Service Providers and Third Parties

We may disclose Personal Data to hosting providers, payment processors, email service providers, analytics providers (Google Analytics), communication tools, and professional services. All service providers are contractually bound to process data only on our instructions.

8.2 Legal Obligations

We may disclose Personal Data if required by law, court order, or lawful authority request.

8.3 Business Transfer

If Forsa Design is acquired, merged, or restructured, Personal Data may be transferred as part of that transaction. We will notify you of any such change.

8.4 No Sale of Data

We do not sell, rent, or trade your Personal Data to third parties for marketing purposes.

9. International Data Transfers

Forsa Design processes and stores Personal Data primarily within the United Kingdom and European Union. If Personal Data is transferred outside the UK or EU, we ensure appropriate safeguards are in place and that the transfer is necessary for service delivery.

10. Cookies and Tracking Technologies

We use essential cookies (security, session management), analytics cookies (Google Analytics, requiring consent), preference cookies (theme, language), and marketing cookies (targeted advertising, requiring consent). You may accept all, reject non-essential, customise preferences, or change consent at any time.

11. Your Rights Under GDPR

As a Data Subject, you have the following rights:

11.1 Right of Access

You have the right to request access to your Personal Data and information about how we process it. We will provide this within 30 days at no cost.

11.2 Right to Rectification

You have the right to correct inaccurate or incomplete Personal Data.

11.3 Right to Erasure ("Right to Be Forgotten")

You have the right to request deletion of your Personal Data, except where processing is necessary for legal obligations or contract performance.

11.4 Right to Restrict Processing

You have the right to request that we limit how we process your data while you resolve a dispute or exercise other rights.

11.5 Right to Data Portability

You have the right to receive a copy of your Personal Data in a structured, machine-readable format and to transmit it to another controller.

11.6 Right to Object

You have the right to object to Processing based on legitimate interest, including for marketing purposes.

11.7 Right to Lodge a Complaint

You have the right to lodge a complaint with the UK Information Commissioner's Office (ICO): www.ico.org.uk.

11.8 Automated Decision-Making

We do not use automated decision-making or profiling for decisions that significantly affect you.

12. Children's Privacy

Our website and services are not directed to children under 13 years old. We do not knowingly collect Personal Data from children under 13.

13. Data Security

We implement reasonable technical, administrative, and organisational security measures to protect Personal Data: SSL/TLS encryption for data in transit, encrypted data storage, restricted access to personal data, regular security assessments, and secure password policies with multi-factor authentication.

13.1 Limitations

While we implement appropriate security measures, no method of transmission over the internet is completely secure. We cannot guarantee absolute security.

13.2 Data Breach Notification

If we discover a data breach that poses a risk to your rights and freedoms, we will notify the relevant data protection authority within 72 hours (where required) and notify affected individuals without undue delay.

14. Third-Party Links and Services

Our website may contain links to third-party websites, applications, and services. This Privacy Policy applies only to our website and services. Third-party services we use (Google Analytics, payment processors, hosting providers) have their own privacy policies.

15. Business Partners and Client Data Processing

If you are a Forsa Design client, we process Personal Data on your behalf for website hosting, maintenance, and operation. As a Data Processor, we process data only according to your instructions.

16. Retention and Deletion Requests

You may request deletion of your Personal Data by contacting us at hello@forsadesign.co.uk. We will respond to deletion requests within 30 days.

17. Marketing Communications and Opt-Out

We may send marketing emails only if you have consented. You may unsubscribe at any time by clicking the "Unsubscribe" link in any email or contacting us directly. We will honour unsubscribe requests within 10 business days.

18. Changes to This Privacy Policy

We may update this Privacy Policy periodically. Last Updated: June 2026. We will notify you of material changes by email or by posting a notice on this website.

19. Contact Us

For questions, concerns, or to exercise your rights under GDPR, please contact: Forsa Design, Art & Web Design, Banff, Scotland. Email: hello@forsadesign.co.uk. Phone: 07770110735. We will respond to all privacy enquiries within 30 days.

20. Legal Basis Summary Table

Contact form data: Consent + Contract. Project client data: Contract. Email address: Consent (marketing). Website usage data: Legitimate interest (analytics). IP address, device info: Legitimate interest (security). Payment information: Contract + Legal obligation. Testimonials: Consent. Call recordings: Consent. Cookies: Consent (essential cookies exempt).