Privacy Policy

Soar Development

Last updated: June 2025

Version 2.0

1. Who We Are

This privacy policy applies to the website https://soar-development.co.uk, operated by Soar Development (Company Number: 09665946), whose registered address is:

40 Hillfield Road, Oundle, Peterborough, Northamptonshire, England, PE8 4QP

Soar Development is the data controller responsible for your personal data collected through this website. This means we determine the purposes and means by which your personal data is processed.

Soar Development is not currently registered with the Information Commissioner’s Office (ICO). If this changes, this section will be updated to include the ICO registration number.

If you have any questions about this policy or wish to exercise your data protection rights, please contact us:

Email: claire@soar-development.co.uk | Post: Soar Development, 40 Hillfield Road, Oundle, Peterborough, PE8 4QP

2. Scope of This Policy

This policy explains how we collect, use, store, share, and protect your personal data when you visit our website or interact with us online. It also explains your rights under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

This policy does not cover the privacy practices of third-party websites that may be linked to from our website. We are not responsible for the content or privacy practices of those sites and encourage you to read their privacy policies.

This website is not directed at children under the age of 13, and we do not knowingly collect personal data from children. If you believe we have inadvertently collected data from a child, please contact us immediately and we will take steps to delete it.

3. What Personal Data We Collect

Personal data means any information that can identify you, directly or indirectly. We collect personal data in the following ways:

3.1 Data You Provide Directly

When you interact with our website, you may choose to provide us with personal data. This includes:

Contact form submissions: your name, email address, telephone number, and the content of your message.
Newsletter or marketing sign-ups: your name and email address.
Order or transaction data (where e-commerce is in use): your name, billing and delivery address, contact details, and order information. Payment card details are handled exclusively by our third-party payment processor and are not stored by us.

3.2 Data Collected Automatically

When you visit our website, certain data is collected automatically. This includes:

Server log data: your IP address, browser type and version, operating system, referring URL, pages visited, and the date and time of your visit. This data is collected automatically by our web hosting infrastructure and may be retained in server logs. IP addresses are considered personal data under UK GDPR.
Analytics data: where analytics tools are in use (such as Google Analytics), data about your browsing behaviour on our site is collected, including pages viewed, time on site, approximate location, device type, and how you arrived at our site.
Cookie data: data collected via cookies and similar tracking technologies. Please see Section 5 for full details.

3.3 Data We Do Not Collect

We do not intentionally collect special category data (such as health information, ethnicity, religious beliefs, or biometric data) through this website. Please do not submit such information via contact forms or other website interactions.

4. Our Legal Basis for Processing Your Data

UK GDPR requires us to have a lawful basis for processing your personal data. We rely on the following bases:

Consent: where you have freely given, specific, and informed consent, for example when subscribing to our newsletter or accepting non-essential cookies. You have the right to withdraw your consent at any time without affecting the lawfulness of processing carried out before withdrawal.
Legitimate interests: where processing is necessary for our legitimate business interests, provided those interests are not overridden by your rights and freedoms. For example, responding to enquiries and maintaining website security.
Contract: where processing is necessary to enter into or perform a contract with you, such as processing an order.
Legal obligation: where we are required by law to process your data, for example for tax or accounting purposes.

5. Cookies and Tracking Technologies

Our website uses cookies and similar technologies. Cookies are small text files placed on your device that help us provide and improve our services. We use a cookie consent banner to obtain your consent before any non-essential cookies are set.

We may use the following categories of cookies:

Strictly necessary cookies: essential for the website to function correctly. These cannot be disabled as the site would not work without them. No consent is required for these cookies.
Analytics cookies: used to understand how visitors interact with our website, for example via Google Analytics. This data is anonymised and aggregated where possible.
Marketing and advertising cookies: used where we run advertising campaigns or use tools such as Meta (Facebook) Pixel or LinkedIn Insight Tag to measure performance and deliver relevant advertising. These are only set with your consent.
Preference or functional cookies: used to remember your settings and choices to improve your browsing experience.

You can manage or withdraw your cookie consent at any time through our cookie consent banner or your browser settings. Please note that restricting certain cookies may affect the functionality of our website.

For full details of the cookies in use, including their names, purposes, and expiry periods, please refer to our Cookie Policy, available on our website.

6. How We Use Your Data

We use your personal data only for the purposes for which it was collected, or for compatible purposes. These include:

Responding to enquiries and messages submitted via our website.
Sending marketing or newsletter emails where you have consented to receive them.
Processing orders, payments, and deliveries where e-commerce functionality is in use.
Analysing website usage to improve performance, content, and user experience.
Maintaining the security and integrity of our website and systems.
Complying with our legal and regulatory obligations.
Defending or bringing legal claims where necessary.

7. How We Share Your Data

We do not sell your personal data. We may share your data with the following categories of third parties where it is necessary to deliver our services or meet our legal obligations:

7.1 Website Hosting Provider

Our website is hosted by a third-party hosting provider. As part of providing that service, our host operates and maintains the servers on which our website runs and may have incidental access to data processed through our website, including contact form submissions, order data, and server logs. Our hosting provider acts as a data processor on our behalf and is contractually bound to handle your data securely and in accordance with UK GDPR. They are not permitted to use your data for their own purposes.

7.2 Analytics Providers

Where we use analytics tools such as Google Analytics, data about your use of our website is shared with the relevant provider. Google Analytics is operated by Google LLC. For further information, please see Google’s privacy policy at https://policies.google.com/privacy. Where applicable, we have enabled IP anonymisation within Google Analytics to minimise the personal data shared.

7.3 Email Marketing Platforms

Where you subscribe to our newsletter or marketing emails, your name and email address are stored with our email marketing platform. These providers act as data processors and are contractually bound to handle your data securely.

7.4 Payment Processors

Where our website includes payment functionality, transactions are processed by a third-party payment provider. We do not store or have access to your full payment card details. These providers have their own privacy policies and security certifications. We encourage you to review their policies before completing a transaction.

7.5 Social Media and Advertising Platforms

Where we use tools such as Meta (Facebook) Pixel or LinkedIn Insight Tag, data about your activity on our website may be shared with those platforms for advertising measurement and targeting purposes. This only occurs where you have consented via our cookie consent banner.

7.6 Legal and Regulatory Authorities

We may disclose your data to law enforcement, regulators, or courts where we are required to do so by law, or where necessary to protect our legal rights or the safety of others.

7.7 Sub-Processors

The third-party providers listed above may themselves engage sub-processors to assist in delivering their services. We are not directly responsible for those sub-processing arrangements, but we endeavour to work only with reputable providers who apply appropriate safeguards. Please refer to each provider’s own privacy policy for further details.

8. International Data Transfers

Some of our third-party service providers are based outside the United Kingdom or the European Economic Area (EEA). For example, Google LLC (Google Analytics) and Stripe Inc. are headquartered in the United States.

Where your data is transferred outside the UK, we ensure appropriate safeguards are in place to protect your data to an equivalent standard. These may include:

Adequacy decisions made by the UK Government confirming an equivalent level of data protection in the destination country.
Standard Contractual Clauses (SCCs) approved for use under UK GDPR.
The UK Extension to the EU-US Data Privacy Framework, where applicable.

You may request further information about the safeguards in place for any specific transfer by contacting us using the details in Section 1.

9. How Long We Keep Your Data

We retain your personal data only for as long as necessary for the purposes for which it was collected, or as required by law. Our general retention periods are:

Contact and enquiry data: up to two years from our last interaction, unless you request earlier deletion.
Marketing and newsletter data: until you withdraw your consent or unsubscribe, after which your data will be deleted or anonymised promptly.
Server log data (including IP addresses): typically up to 90 days, depending on our hosting provider’s configuration.
Analytics data: in accordance with the retention settings of the relevant platform. Google Analytics data is typically retained for up to 14 months by default.
Transaction and order data: up to seven years in line with HMRC record-keeping requirements, where applicable.
Cookie consent records: for as long as necessary to demonstrate compliance with our consent obligations.

Once data is no longer required, it is securely deleted or anonymised.

10. Your Rights

Under UK GDPR, you have the following rights in relation to your personal data. These rights are not absolute and may be subject to certain conditions or exceptions, but we will always respond to requests in good faith.

Right of access: you may request a copy of the personal data we hold about you (a Subject Access Request).
Right to rectification: you may ask us to correct inaccurate or incomplete data.
Right to erasure: you may ask us to delete your data in certain circumstances, for example where it is no longer necessary for the purpose it was collected.
Right to restriction of processing: you may ask us to limit how we process your data, for example whilst a dispute is being resolved.
Right to data portability: where processing is based on consent or contract and carried out by automated means, you may request your data in a structured, machine-readable format.
Right to object: you may object to processing based on legitimate interests or carried out for direct marketing. Where you object to direct marketing, we will cease processing immediately.
Right to withdraw consent: where processing is based on your consent, you may withdraw that consent at any time. This does not affect the lawfulness of any processing carried out before withdrawal.
Rights related to automated decision-making: you have the right not to be subject to a decision made solely by automated means that has a legal or similarly significant effect on you. We do not currently carry out such processing.

To exercise any of these rights, please contact us using the details in Section 1. We will respond within one calendar month. We may need to verify your identity before fulfilling a request. There is no charge for making a request unless it is manifestly unfounded or excessive.

11. Data Security

We take the security of your personal data seriously and have implemented appropriate technical and organisational measures to protect it against unauthorised access, loss, alteration, or disclosure. These include:

Encrypted connections (HTTPS/TLS) for all data transmitted to and from our website.
Restricted internal access to personal data, limited to those with a legitimate need.
Use of reputable, security-certified hosting and third-party processing providers.
Regular review of our data handling practices and security measures.

In the event of a personal data breach that is likely to present a risk to your rights and freedoms, we will notify the Information Commissioner’s Office (ICO) within 72 hours of becoming aware, as required by UK GDPR. Where the breach is likely to result in a high risk to you personally, we will also notify you directly without undue delay.

Please be aware that no method of internet transmission is entirely secure. Whilst we take all reasonable steps to protect your data, we cannot guarantee absolute security of data transmitted to or from our website.

12. Links to Third-Party Websites

Our website may contain links to third-party websites, social media platforms, or other external services. Once you leave our website, this privacy policy no longer applies. We have no control over, and are not responsible for, the content or privacy practices of any third-party site. We encourage you to read the privacy policy of any external site you visit.

13. Children’s Privacy

Our website is not directed at children under the age of 13, and we do not knowingly collect personal data from children. If you are a parent or guardian and believe your child has provided us with personal data without your consent, please contact us immediately. We will take prompt steps to delete any such data.

14. Complaints

If you are unhappy with how we have handled your personal data, please contact us in the first instance using the details in Section 1. We will do our best to resolve your concern promptly.

If you remain dissatisfied, or if you believe we are processing your data unlawfully, you have the right to lodge a complaint with the UK’s data protection supervisory authority:

Information Commissioner’s Office (ICO)

Website: https://ico.org.uk

Telephone: 0303 123 1113

Post: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF

15. Changes to This Policy

We may update this privacy policy from time to time to reflect changes in our practices, technology, or legal requirements. When we do, we will update the “Last updated” date at the top of this page. We encourage you to review this policy periodically.

Where changes are material and we hold your contact details, we will endeavour to notify you directly.