Book Audit

Privacy Policy

Last updated: 8 August 2025

Quick Summary

Wove Digital collects minimal business contact information to provide automation consulting services. We process data lawfully under legitimate interests, use secure UK/EU providers, and respect your rights under UK GDPR.

1. Who We Are

Data Controller: Wove Digital

Contact: Thomas Walmsley & Luke Bentley

Email: admin@wovedigital.co.uk

Address: London, United Kingdom

ICO Registration: We are registered with the Information Commissioner's Office (ICO) as required under UK GDPR.

As a data controller, we determine the purposes and means of processing your personal data. This privacy policy explains how we collect, use, and protect your information when you use our website or services.

2. What Information We Collect

Contact Form Data

  • Name and business email address
  • Company name and team size
  • Project type and current challenges
  • Communication preferences

Website Usage Data

  • IP address and browser type
  • Pages visited and time spent
  • Referring website information
  • Device and screen resolution data

Client Project Data

  • Business process information and workflow data
  • System architecture and database schemas
  • Performance metrics and automation requirements
  • Technical documentation and implementation details

3. How We Use Your Information

Lawful Basis for Processing

We process personal data under legitimate interests (Article 6(1)(f) UK GDPR) for:

  • Responding to business inquiries and providing consultations
  • Delivering automation and AI consulting services
  • Managing client relationships and project communications
  • Improving our services based on feedback and usage patterns

Specific Processing Purposes

  • Service Delivery: Project management, technical implementation, and ongoing support
  • Communication: Updates, technical discussions, and service improvements
  • Legal Compliance: Maintaining records for tax, accounting, and regulatory requirements
  • Business Development: Understanding market needs and improving service offerings

4. Who We Share Information With

We may share your data with carefully selected third parties:

Service Providers

  • Google Workspace: Email communications and document collaboration (UK/EU)
  • Notion: Project management and documentation (US - Data Privacy Framework certified)
  • AWS: Website hosting and data storage (UK/EU regions)
  • OpenAI: AI processing for automation solutions (US - with appropriate safeguards)

International Transfers

Where we transfer data outside the UK/EU, we ensure adequate protection through:

  • EU-US Data Privacy Framework certification
  • Standard Contractual Clauses (SCCs)
  • Adequacy decisions for secure jurisdictions
  • Transfer Impact Assessments where required

5. How Long We Keep Your Data

  • Contact Inquiries: 2 years from last contact (unless you become a client)
  • Client Project Data: 7 years after project completion (for legal and tax requirements)
  • Website Analytics: 26 months (automatically deleted)
  • Marketing Communications: Until you unsubscribe or object

We regularly review our data retention and securely delete information when it's no longer necessary. You can request early deletion at any time, subject to our legal obligations.

6. Your Rights Under UK GDPR

You have the following rights regarding your personal data:

  • Access: Request a copy of your personal data
  • Rectification: Correct inaccurate or incomplete data
  • Erasure: Request deletion of your data (subject to legal requirements)
  • Restriction: Limit how we process your data
  • Portability: Receive your data in a structured format
  • Objection: Object to processing based on legitimate interests

To exercise any of these rights, email us at admin@wovedigital.co.uk. We'll respond within one month and may request identity verification for security.

7. Cookies and Website Analytics

Essential Cookies

These cookies are necessary for the website to function and cannot be disabled:

  • Session management and form functionality
  • Security and fraud prevention
  • Load balancing and performance optimization

Analytics Cookies

We use privacy-focused analytics to understand website usage. These cookies:

  • Don't collect personally identifiable information
  • Are aggregated and anonymized automatically
  • Help us improve user experience and content
  • Can be disabled through your browser settings

8. Data Security

We implement comprehensive security measures including:

  • Encryption: Data encrypted in transit (TLS 1.3) and at rest (AES-256)
  • Access Controls: Multi-factor authentication and role-based permissions
  • Regular Audits: Security assessments and penetration testing
  • Staff Training: Regular data protection and security awareness training
  • Incident Response: 72-hour breach notification procedures to ICO

Despite our security measures, no system is 100% secure. We'll notify you and the ICO of any data breaches that pose a risk to your rights and freedoms.

9. AI and Automated Processing

When delivering AI consulting services, please note:

  • Human Oversight: All AI-generated recommendations require human verification
  • No Automated Decisions: We don't make automated decisions that significantly affect you
  • Bias Awareness: We actively monitor for and mitigate potential algorithmic bias
  • Explainability: We provide clear explanations of AI system recommendations
  • Client Data: Your data used for AI training is anonymized and aggregated only

10. Changes to This Policy

We may update this privacy policy to reflect changes in our practices or legal requirements. Significant changes will be communicated via:

  • Email notification to active clients
  • Prominent website notice for 30 days
  • Updated "last modified" date at the top of this policy

Your continued use of our services after changes constitute acceptance of the updated policy.

11. Contact Us and Complaints

For any privacy-related questions or concerns:

  • Email: admin@wovedigital.co.uk
  • Response Time: Within 4 business hours during UK working days

Right to Complain

If you're unsatisfied with our response, you can lodge a complaint with the UK's data protection authority:

Information Commissioner's Office (ICO)

Website: ico.org.uk

Phone: 0303 123 1113

Address: Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF

12. Professional Indemnity and Data Protection

Wove Digital maintains professional indemnity insurance covering data protection liabilities. Our coverage includes protection for data processing errors, security breaches, and AI-related risks in our consulting services.

We are committed to maintaining the highest standards of professional practice in data protection and AI consulting, with regular training and certification updates for all team members.