Effective Date: 08/05/2025
Business Name: Cookster Creative
Jurisdiction: United Kingdom
Contact Email: [email protected]
This Privacy Policy explains how Cookster Creative collects, stores, and uses personal data from website visitors and clients in the UK.
Cookster Creative is a UK-based website design studio providing fully managed, subscription-based website services to small businesses. We are committed to protecting your personal data and handling it in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
We collect the following types of data when you use our website or engage our services:
Contact Form Submissions: name, email address, phone number and your message
Client Onboarding: business name, service preferences and relevant project details
Website Analytics: anonymised or pseudonymised data such as IP address, browser type, browsing behaviour and approximate location (via Google Analytics)
Payment Details: handled securely by Stripe. We do not store or have access to your full card information.
Your data is processed solely for the purposes of:
Responding to enquiries and support requests
Managing your website project and subscription
Sending relevant service updates and optional marketing (only if you opt-in)
Monitoring and improving our website via analytics tools
We process personal data under the following legal bases, as permitted by UK GDPR:
Consent – e.g. when you opt-in to receive marketing emails
Contractual necessity – e.g. when providing services under a Website Services Agreement
Legitimate interests – e.g. improving our services, ensuring security or managing client communications
Non-sensitive data may be stored securely in cloud-based documents or systems. Sensitive data is stored in encrypted, access-controlled platforms. Only authorised personnel have access to client data. We use appropriate technical and organisational safeguards to prevent unauthorised access, loss or misuse.
We use trusted, GDPR-compliant third-party providers to deliver and support our services:
Google Analytics – for tracking and improving website performance
Stripe – for secure payment processing
Mailchimp – for marketing emails (if subscribed)
Cloud hosting providers – for website and email hosting
Each provider operates under its own privacy policy and terms of service.
Some of our providers (e.g., Google, Stripe, Mailchimp) may process data outside the United Kingdom. These providers rely on legally recognised safeguards, such as the UK Extension to the EU-US Data Privacy Framework or Standard Contractual Clauses, to ensure data protection is maintained.
Our website uses cookies and similar technologies to enhance user experience, enable essential functions, and gather analytics data. These may include:
Strictly necessary cookies – required for core website functionality, and cookie consent
Analytics cookies – used to track website performance (e.g. via Google Analytics)
Marketing cookies – only activated with your consent, used for personalised content or remarketing
We use CookieYes to manage your cookie preferences. When you first visit our site, a cookie banner will appear, allowing you to accept, reject, or customise your cookie settings. You can change or withdraw your consent at any time by clicking the Cookie Settings link in the banner or footer.
For any cookie-related questions, please contact us at [email protected].
You have the right to:
Request access to the data we hold about you
Correct or update your personal information
Request the deletion of your data
Withdraw consent for marketing communications at any time
To exercise any of your rights, please contact [email protected].
We retain personal data only for as long as necessary to fulfil the purposes outlined in this policy or to comply with applicable laws and regulations.
We reserve the right to update this Privacy Policy from time to time. Any changes will be posted on this page. We encourage you to review it periodically.
If you have any questions about this Privacy Policy or how we handle your personal data, please contact us at [email protected].
While we are not required to appoint a formal Data Protection Officer under UK GDPR, privacy matters are managed internally by our designated compliance contact. We are committed to protecting your data and will respond promptly to any enquiries.
