Privacy Policy

123DIGI (“we”, “us” or “our”) respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, share and protect personal data when you visit https://www.123digi.co.uk (the “Site”), when you contact us about our services, and when you engage us to deliver work for your business.

We process personal data in accordance with the UK General Data Protection Regulation (“UK GDPR”), the Data Protection Act 2018 and the Privacy and Electronic Communications Regulations 2003 (“PECR”). This policy should be read alongside our Terms of Use and Terms of Business.

If you do not agree with this policy, please do not use the Site or otherwise share personal data with us.

For the purposes of UK data protection law, the data controller is:

Entity

123DIGI

Trading as

123DIGI

Registered address

Colchester, Essex, United Kingdom

Contact for privacy matters

hello@123digi.co.uk

We are not required to appoint a statutory Data Protection Officer under Article 37 of the UK GDPR, but our founder is personally accountable for data protection at 123DIGI and you can reach them on the email address above.

Personal data

Any information relating to an identified or identifiable living individual, as defined in Article 4(1) UK GDPR.

Processing

Any operation performed on personal data, including collection, storage, use, disclosure and erasure.

Data controller

The party that determines the purposes and means of processing personal data. We are the controller for the data described in this policy.

Data processor

A party that processes personal data on behalf of a controller. Our hosting and analytics providers act as our processors.

Special category data

Data revealing racial or ethnic origin, political opinions, religious beliefs, trade-union membership, genetic or biometric data, health, sex life or sexual orientation. We do not knowingly collect special category data through this Site.

We only collect personal data that we genuinely need. The categories below describe everything we collect, broken down by the type of relationship you have with us.

4.1 Visitors to this Site

• →Technical data: IP address, browser type and version, device type, operating system, time-zone setting, screen resolution and referring URL, automatically collected by our hosting provider for security and uptime purposes.
• →Usage data: pages viewed, time spent on each page, scroll depth and outbound clicks, collected via Google Analytics 4 with IP anonymisation enabled.

4.2 People who contact us

• →Identity data: name, job title and the company you represent.
• →Contact data: email address and any phone number you choose to share.
• →Enquiry data: the contents of any message you send us, including any project details, files or links you choose to attach.

4.3 Clients and project stakeholders

• →Project data: brief, requirements, brand assets, copy, images, credentials and any other materials you share to enable us to deliver the Services.
• →Financial data: billing address, invoice references and payment confirmations. We do not store full card numbers — payments are processed through bank transfer or a regulated payment provider.
• →Correspondence: emails, meeting notes and shared workspace messages exchanged during the engagement.

We do not knowingly collect special category data, and we do not ask for it. If you choose to send us special category data voluntarily (for example, in describing the audience for a campaign), we will hold it only for the purpose of delivering the relevant work and only with your explicit consent.

• →Directly from you when you fill in a form, send an email, sign a contract or speak with us.
• →Automatically through our hosting platform and analytics tools when you visit the Site, as described in section 4.1 and section 8.
• →From third parties — for example, publicly available information about a company you represent (such as Companies House records) or a referral from a mutual contact.

Under Article 6 UK GDPR we may only process personal data where we have a lawful basis. The table below maps every purpose for which we process personal data to its lawful basis.

Where we rely on legitimate interests, we have carried out a balancing test and concluded that our interests do not override your fundamental rights and freedoms. You may request a copy of that assessment at any time.

We do not send unsolicited marketing emails. If you are an existing client, we may occasionally send you operational or project-related updates and, in line with the “soft opt-in” under regulation 22(3) PECR, information about similar Services we offer. Every such message will contain a clear unsubscribe option, and you can opt out at any time by emailing hello@123digi.co.uk.

A cookie is a small text file placed on your device when you visit a website. The cookies we use are summarised below.

You can clear or block cookies through your browser settings at any time. Disabling cookies will not block access to any content on this Site. To opt out of Google Analytics across every website, install Google’s official browser add-on at tools.google.com/dlpage/gaoptout.

We never sell, rent or trade personal data. We share personal data only with the limited list of trusted sub-processors below, each bound by a written processor agreement that requires UK GDPR-equivalent protections.

We may also disclose personal data where required by law, by a court order or by a competent regulator, or where strictly necessary to establish, exercise or defend a legal claim.

Some of our sub-processors are based outside the United Kingdom. Where personal data is transferred outside the UK, we rely on one of the following safeguards under Article 46 UK GDPR:

• →A UK adequacy decision (for example, the EU/EEA);
• →The UK Government’s International Data Transfer Agreement (“IDTA”), or the UK Addendum to the EU Standard Contractual Clauses, where the destination country has not received an adequacy decision;
• →The EU-US Data Privacy Framework and its UK extension, where the recipient is self-certified.

You may request a copy of the relevant safeguard for any international transfer by emailing hello@123digi.co.uk.

We only hold personal data for as long as is necessary for the purposes set out in this policy, which means:

• →Enquiries: up to 24 months after the last contact, unless we agree to work together (in which case the project rules below apply).
• →Active projects: for the duration of the engagement.
• →Completed projects and accounting records: a minimum of 6 years from the end of the financial year, in line with section 386 of the Companies Act 2006 and HMRC record-keeping requirements.
• →Analytics data: 14 months at user/event level (the GA4 default).
• →Server logs: typically 30 days, unless required for security investigation.

We take appropriate technical and organisational measures to protect personal data against unauthorised access, accidental loss, alteration or disclosure, as required by Article 32 UK GDPR. Those measures include:

• →HTTPS with HSTS, a strict Content Security Policy and other defence-in-depth HTTP security headers on every response.
• →Two-factor authentication on all administrative accounts (hosting, repository, email, accounting).
• →Principle of least privilege for access to client data.
• →Encrypted laptops and password managers for all staff and contractors.
• →Sub-processors selected for their security posture and contractually required to maintain UK GDPR-equivalent safeguards.
• →Documented incident response procedure, including notification of affected individuals and the ICO within 72 hours where required by Article 33 UK GDPR.

Subject to certain exemptions, you have the following rights under the UK GDPR:

• →Right to be informed — to know how your personal data is used (this policy).
• →Right of access — to request a copy of the personal data we hold about you.
• →Right to rectification — to ask us to correct inaccurate or incomplete data.
• →Right to erasure — to ask us to delete personal data where there is no compelling reason for us to continue processing it.
• →Right to restrict processing — to ask us to limit how we use your data.
• →Right to data portability — to receive your data in a structured, machine-readable format.
• →Right to object — to object to processing based on legitimate interests, including profiling.
• →Rights related to automated decision-making (see section 17).

To exercise any of these rights, email us at hello@123digi.co.uk. We will respond within one calendar month of receipt of a valid request, as required by Article 12(3) UK GDPR. There is no fee unless your request is manifestly unfounded or excessive, in which case we may charge a reasonable administrative fee or refuse to act.

We may need to verify your identity before disclosing personal data. We will only ask for what is reasonably necessary to do so.

We hope to resolve any concern you raise directly. If you remain unhappy you have the right to lodge a complaint with the UK supervisory authority:

Authority

Information Commissioner's Office (ICO)

Address

Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF

Helpline

0303 123 1113

Website

ico.org.uk

The Site and our Services are intended for businesses and individuals over the age of 18. We do not knowingly collect personal data from children. If we become aware that we have inadvertently collected such data, we will delete it without undue delay.

We do not use personal data for solely automated decision-making or profiling that produces legal or similarly significant effects on you. Where we use AI-assisted tools (for example, in research or copywriting), a human at 123DIGI reviews and is responsible for every output before it reaches you.

The Site may contain links to third-party websites or services. We are not responsible for the privacy practices of any third-party site, and we encourage you to read each third-party’s privacy policy before sharing personal data with them.

We may update this policy from time to time to reflect changes in the law, our practices or our service offering. The “Effective” date at the top of this page will always show the latest version. Where the change is material we will notify existing clients by email at least 14 days before the change takes effect.

Any privacy-related question, request or concern should be addressed to:

Entity

123DIGI

Address

Colchester, Essex, United Kingdom

Email

hello@123digi.co.uk