Privacy Policy

1. Who we are

GetOnWeb is a website design and management service for small UK businesses. We are registered in Romania and operate under EU law, including the General Data Protection Regulation (EU GDPR) 2016/679.

For the purposes of this policy, “we”, “us”, and “our” refer to GetOnWeb. “You” refers to any person who visits our website, enquires about our services, or becomes a client.

Our website is getonweb.co.uk.

You can contact us at any time at privacy@getonweb.co.uk.

2. What data we collect

We collect personal data in the following situations:

When you fill in our contact or enquiry form

• Your name
• Your email address
• Your business name
• Any other information you voluntarily provide in the message field

When you become a client and complete our onboarding brief

• Your name and business name
• Your email address and phone number
• Your business address
• Details about your business, services, and customers
• Your logo, photos, and other files you share with us
• Billing information (processed by Stripe — we do not store your card details)

When you visit our website

• Basic technical data such as your browser type, device type, and pages visited
• Your approximate location (country or region level only, derived from your IP address)
• We use privacy-friendly analytics and do not use tracking cookies or advertising pixels

We do not collect any special category data (such as health information, political opinions, or ethnicity). We do not collect data from children.

3. How we use your data

Purpose	Data used
Responding to your enquiry	Name, email, message content
Delivering our website service	All onboarding brief data, files you share
Processing your subscription payment	Email address (passed to Stripe)
Sending you service-related communications	Email address, name
Improving our website and service	Anonymous analytics data
Complying with legal obligations	Any data required by applicable law

We do not use your data for advertising, profiling, or automated decision-making. We do not sell your data to any third party, ever.

4. Legal basis for processing

Under EU GDPR, we process your personal data on the following legal bases:

• Contract: Processing your onboarding data and delivering our service is necessary to fulfil the contract between us.
• Legitimate interests: Responding to enquiries, improving our service, and maintaining basic website analytics. We have assessed that our legitimate interests do not override your rights.
• Legal obligation: Where we are required to process data to comply with applicable law.
• Consent: Where we rely on consent (for example, optional marketing emails), we will ask for it explicitly and you can withdraw it at any time.

5. Who we share your data with

We share your data only where necessary to deliver our service. The third parties we work with are:

Provider	Purpose	Location
Stripe	Payment processing and subscription management	USA (adequacy safeguards apply)
Hostinger	Website hosting for our marketing site and client sites	EU / Lithuania
Email provider	Sending and receiving service emails	EU
Analytics provider	Privacy-friendly website analytics (no cookies, no personal data)	EU

All third parties we work with are required to handle your data securely and in accordance with applicable data protection law. We do not allow them to use your data for their own marketing purposes.

We may also disclose your data if required to do so by law, court order, or a regulatory authority.

6. International data transfers

We are based in Romania (EU) and primarily process data within the European Economic Area (EEA). Where we use providers based outside the EEA (such as Stripe in the USA), we ensure appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) approved by the European Commission.

As a UK-facing service, we note that the EU-UK adequacy decision currently allows personal data to flow freely between the EU and the UK. We will update this policy if that status changes.

7. How long we keep your data

Data type	Retention period
Enquiry form submissions (non-clients)	12 months from the date of enquiry, then deleted
Client account and onboarding data	Duration of the subscription plus 2 years after cancellation
Billing records	7 years (required for accounting and tax purposes)
Website analytics	13 months rolling, then aggregated or deleted
Email correspondence	2 years from the last communication

After the applicable retention period, your data is securely deleted or anonymised so it can no longer be linked to you.

8. Your rights

Under EU GDPR, you have the following rights in relation to your personal data:

• Right of access: You can ask us for a copy of the personal data we hold about you.
• Right to rectification: You can ask us to correct any inaccurate or incomplete data.
• Right to erasure: You can ask us to delete your personal data where there is no legitimate reason for us to continue processing it.
• Right to restriction: You can ask us to restrict the processing of your data in certain circumstances.
• Right to data portability: You can ask us to provide your data in a structured, machine-readable format so you can transfer it to another service.
• Right to object: You can object to processing based on legitimate interests. We will stop unless we have compelling legitimate grounds that override your interests.
• Right to withdraw consent: Where we rely on consent, you can withdraw it at any time without affecting the lawfulness of prior processing.

To exercise any of these rights, please email us at privacy@getonweb.co.uk. We will respond within 30 days. We will not charge a fee for reasonable requests.

If you are unhappy with how we handle your data, you have the right to lodge a complaint with your national data protection authority. In Romania, this is the Autoritatea Naţională de Supraveghere a Prelucrării Datelor cu Caracter Personal (ANSPDCP) at dataprotection.ro. UK residents may also contact the ICO at ico.org.uk.

9. Cookies

Our website uses only essential cookies required for the site to function (for example, to remember your preferences during a session). We do not use advertising cookies, tracking pixels, or third-party marketing cookies.

We use privacy-friendly analytics that do not set cookies and do not track you across websites. No cookie consent banner is required for our current setup.

If we add any non-essential cookies in the future, we will update this policy and ask for your consent before setting them.

10. Security

We take the security of your personal data seriously. We use the following measures to protect it:

• All data transmitted to and from our website is encrypted using SSL/TLS
• Access to client data is restricted to authorised personnel only
• We use reputable, GDPR-compliant third-party providers for hosting and payments
• We do not store payment card details — all payment processing is handled by Stripe

No method of electronic transmission or storage is 100% secure. If you believe your data has been compromised, please contact us immediately at privacy@getonweb.co.uk.

11. Children

Our service is intended for business owners and is not directed at anyone under the age of 18. We do not knowingly collect personal data from children. If you believe we have inadvertently collected data from a child, please contact us and we will delete it promptly.

12. Changes to this policy

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable law. When we make material changes, we will update the “Last updated” date at the top of this page and, where appropriate, notify active clients by email.

We encourage you to review this policy periodically. Continued use of our service after any changes constitutes acceptance of the updated policy.

13. Contact us

If you have any questions about this Privacy Policy or how we handle your data, please get in touch:

• Email: privacy@getonweb.co.uk
• Website: getonweb.co.uk
• Registered in: Romania, European Union

We aim to respond to all privacy-related enquiries within 5 business days.