Home/Privacy
LEGAL · PRIVACY POLICY

Privacy policy.

Who We Are

PhD Networks & Systems Ltd is a digital marketing agency based in Leeds, West Yorkshire. We provide Google Ads management, SEO, website design, social media marketing, and related services to businesses primarily across Yorkshire and the UK.

Company details:

  • Registered company name: PhD Networks & Systems Ltd
  • Company number: [COMPANY_NUMBER]
  • Registered address: Leeds, West Yorkshire, LS12
  • Email: hello@phdnetworks.co.uk
  • Website: phdnetworks.co.uk

We are registered with the Information Commissioner’s Office (ICO).

ICO Registration Number: [ICO_REGISTRATION_NUMBER]

What Data We Collect

Data you give us directly

Contact form submissions

When you fill in a contact form or request a free audit on our website, we collect:

  • Your name
  • Your email address
  • Your phone number (if provided)
  • Your business name (if provided)
  • The message or details you send us

We use this to respond to your enquiry and discuss our services with you.

Email correspondence

If you email us directly, we retain that correspondence. This may include personal details you share in the course of discussing your project.

Client onboarding

When you become a client, we collect additional information needed to deliver our services:

  • Business details (company name, address, Companies House number if applicable)
  • Billing information (processed via our accountancy and invoicing systems)
  • Access credentials for platforms we manage on your behalf (Google Ads, Meta, Search Console, etc.) — stored securely in our password management system

Data we collect automatically

Google Analytics 4

Our website uses Google Analytics 4 to understand how visitors use our site. This includes:

  • Pages visited and time spent
  • How you arrived at our site (search, social, direct, referral)
  • General location (country/city level — not precise)
  • Device type and browser
  • Anonymised IP address

This data is aggregated and does not identify you personally. Google Analytics is governed by Google’s own privacy policy. We have configured IP anonymisation and do not enable data sharing with Google’s advertising products without consent.

Cookies

We use cookies on our website. See our separate Cookie Policy for full details of what cookies we use, why, and how to manage your preferences.

Why We Collect It (Legal Basis)

Under UK GDPR, we must have a lawful basis for processing personal data. Here’s ours:

PurposeLegal Basis
———————-
Responding to enquiries from potential clientsLegitimate interests (our interest in doing business)
Delivering services to existing clientsPerformance of a contract
Sending invoices and managing paymentsPerformance of a contract / legal obligation
Website analytics (Google Analytics)Legitimate interests / Consent (where required by cookie preferences)
Marketing emails to existing clientsLegitimate interests
Marketing emails to new contactsConsent
Complying with legal or regulatory obligationsLegal obligation

What “legitimate interests” means in practice: We’ve assessed that our interest in using your data to respond to enquiries and deliver our services is not outweighed by your privacy rights. You always have the right to object — see “Your Rights” below.

How We Store and Protect Your Data

Location: We store data within the UK and European Economic Area (EEA) where possible. Where data is transferred outside the EEA (for example, to Google or Meta’s servers), appropriate safeguards are in place under UK GDPR adequacy decisions or Standard Contractual Clauses.

Security: We take reasonable technical and organisational measures to protect your data, including:

  • Encrypted email communications
  • Password-protected and access-controlled systems
  • Secure credential management (we do not store passwords in plain text)
  • Limited access — only staff who need your data to do their job can access it

We cannot guarantee 100% security of any data transmitted over the internet, but we do our best to protect it.

How Long We Keep Your Data

Type of dataRetention period
————-—————–
Enquiry/contact form data (if you don’t become a client)12 months
Client correspondenceDuration of engagement + 7 years
Invoices and financial records7 years (HMRC requirement)
Website analytics data26 months (GA4 default, can be adjusted)
Email marketing (if you’ve consented)Until you unsubscribe or withdraw consent

After the relevant retention period, data is deleted or anonymised.

Data Processor Relationships

We use third-party services to run our business. Where those services process personal data on our behalf, they act as “data processors.” Our key processors are:

Google (Google Analytics 4, Google Ads, Gmail, Google Workspace)

We use Google Analytics to understand website traffic, and Google Workspace for email and document storage. Google is subject to its own privacy policies and operates under Standard Contractual Clauses for UK data transfers.

Google Privacy Policy

Make.com (formerly Integromat)

We use Make.com to automate workflows and data flows between systems. Data passing through Make.com automations is subject to their privacy and data processing terms.

Make.com Privacy Policy

Asana

We use Asana for project management and task tracking. Client project information may be stored in Asana.

Asana Privacy Policy

Microsoft 365

We use Microsoft 365 for email and business operations.

Microsoft Privacy Statement

We have Data Processing Agreements in place with our key processors where required by UK GDPR.

Your Rights

Under UK GDPR, you have the following rights. To exercise any of them, email us at hello@phdnetworks.co.uk.

Right of access: You can ask us for a copy of the personal data we hold about you (a “Subject Access Request”). We’ll respond within one month.

Right to rectification: If any data we hold about you is inaccurate or incomplete, you can ask us to correct it.

Right to erasure (“right to be forgotten”): You can ask us to delete your personal data. We’ll comply unless we have a legal obligation to keep it (e.g. financial records we must retain for HMRC).

Right to restrict processing: You can ask us to stop using your data in certain ways while a dispute is resolved.

Right to data portability: For data you’ve given us under consent or contract, you can ask for it in a structured, commonly used, machine-readable format.

Right to object: You can object to processing based on legitimate interests. We’ll stop unless we have compelling legitimate grounds that override your rights.

Rights related to automated decision-making: We don’t use solely automated decision-making that produces legal or similarly significant effects on individuals.

Right to withdraw consent: Where we rely on consent to process your data, you can withdraw it at any time. This won’t affect the lawfulness of processing before withdrawal.

Complaints

If you’re unhappy with how we’ve handled your data, please contact us first at hello@phdnetworks.co.uk — we’ll do our best to resolve it.

You also have the right to lodge a complaint with the ICO (the UK’s data protection regulator):

Information Commissioner’s Office

Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF

Phone: 0303 123 1113

Website: ico.org.uk

Changes to This Policy

We’ll update this policy when our practices change. The “last updated” date at the top of this page tells you when it was last revised. For significant changes, we’ll notify active clients directly.

Contact Us

For any data protection questions, Subject Access Requests, or to exercise your rights:

Email: hello@phdnetworks.co.uk

Post: Leeds, West Yorkshire, LS12

We aim to respond to all data-related requests within one month.