1. Who we are
Facturama Limited ("Facturama", "we", "us", "our") is the data controller responsible for the personal data we collect through this website and our services. We are registered in England & Wales.
- Company: Facturama Limited
- Companies House number: 8595688
- Registered office: 16 Blanchington Road, BN3 3YN, United Kingdom
- Data Protection contact: Julio Alonso — [email protected]
2. Scope
This policy explains what personal data we collect when you use facturama.co.uk, contact us, subscribe to our newsletter, or engage us as a client. It applies to data we collect both online and offline. It does not cover third-party websites we link to.
3. Personal data we collect
We only collect what we need to run the business and respond to you.
| Category | Examples | Source |
|---|---|---|
| Contact / lead data | Name, email, company, phone, project description | You — via our contact form, email, or Calendly booking |
| Newsletter data | Email address, opt-in timestamp, IP at time of opt-in | You — when you subscribe |
| Account data (clients) | Name, work email, billing details, project communications | You and authorised colleagues during an engagement |
| Technical / usage data | IP address, browser, device type, pages viewed, referrer | Automatically collected via cookies and server logs |
4. Why we use it (lawful bases)
Under UK GDPR Article 6, we rely on the following lawful bases:
- Contract — to respond to enquiries, prepare proposals, and deliver work for clients.
- Legitimate interests — to operate, secure and improve our website and services, prevent fraud, and analyse usage in aggregate.
- Consent — for the newsletter and for non-essential cookies. You can withdraw consent at any time.
- Legal obligation — to comply with tax, accounting, anti-money-laundering and other UK laws.
5. Sharing & processors
We do not sell personal data. We share it only with carefully selected service providers ("processors") under written agreements that bind them to UK GDPR-equivalent obligations. Current processors include:
- Cloudflare — CDN, DDoS protection (logs, IPs)
- Cloudinary — image and asset hosting
- Anthropic — AI text generation for the blog (prompts only, no personal data)
- ElevenLabs — AI text-to-speech for blog narration (no personal data)
- Resend / Postmark — transactional & newsletter email delivery
- Calendly — demo bookings (governed by Calendly's privacy policy)
- Google Fonts — web font delivery
- Hetzner / DigitalOcean — EU-region application hosting
6. International transfers
Where data leaves the UK or EEA (for example to providers based in the US), we rely on UK Government adequacy regulations, the UK International Data Transfer Addendum to the EU Standard Contractual Clauses, or other approved safeguards. We can provide a copy of these on request.
7. How long we keep data
- Lead enquiries: up to 24 months after last contact, then deleted.
- Newsletter subscribers: until you unsubscribe; we keep proof of consent for 6 years.
- Client records: 7 years after the engagement ends, in line with UK accounting rules.
- Server logs: rotated within 90 days unless required for security investigation.
8. Your rights
Under UK GDPR you have the right to:
- Access the personal data we hold about you (subject access request).
- Have inaccurate data corrected.
- Have your data erased ("right to be forgotten") where applicable.
- Restrict or object to processing.
- Receive a copy of your data in a portable format.
- Withdraw consent at any time, where processing is based on consent.
- Lodge a complaint with the UK Information Commissioner's Office — ico.org.uk — if you believe we have mishandled your data.
To exercise any of these rights, email [email protected]. We will respond within one month.
9. Security
We use TLS for all data in transit, encryption at rest for sensitive systems, role-based access control, and industry-standard application security practices. Despite our efforts, no internet transmission is 100% secure; we will notify you and the ICO without undue delay in the event of a personal-data breach affecting you.
10. Cookies
We use a small number of strictly necessary, performance and (only with your consent) marketing cookies. See our Cookies Policy for the full list and how to manage them.
11. Children
Our services are not directed at people under 16. We do not knowingly collect personal data from children. If you believe we have, contact us and we will delete it.
12. Changes to this policy
We may update this policy from time to time. The "effective date" at the top reflects the most recent change. For material changes affecting your rights, we will notify subscribers and clients by email.
13. Contact
Questions or requests about this policy:
Julio Alonso, Data Protection contact
Facturama Limited, 16 Blanchington Road, BN3 3YN, United Kingdom
[email protected]