Your privacy matters to us. This policy explains what data we collect, why we collect it, and how it is used. We keep it simple — we don't sell your data, we don't spam you, and we only collect what we need.
Overview
spoti.bar ("we", "us", "our") is a web design studio based in the United Kingdom. This Privacy Policy describes how we handle personal data collected through our website (spoti.bar), via email, or in the course of providing our services.
This policy applies to all individuals who interact with spoti.bar, including prospective clients, current clients, and website visitors. We are committed to handling your data in accordance with UK GDPR and the Data Protection Act 2018.
Data We Collect
We collect personal data only when necessary. The types of data we may collect include:
- Contact data — your name and email address when you reach out to us
- Project data — information you provide about your project requirements
- Communication data — records of our email and message correspondence
- Payment data — billing information processed through our payment provider (we do not store card details directly)
- Technical data — basic analytics such as page views (if analytics are enabled), IP address, browser type, and device type
We do not collect sensitive personal data (e.g. health, biometric, or financial account data) and we do not knowingly collect data from children under the age of 13.
How We Use Your Data
Your data is used solely for the purpose it was collected. Specifically:
- To respond to your enquiries and provide our services
- To manage and deliver your project
- To process payments and send invoices
- To communicate project updates and relevant information
- To comply with legal obligations
We do not use your data for unsolicited marketing. If we wish to contact you about future services, we will ask for your explicit consent first.
Data Sharing
We do not sell, rent, or share your personal data with third parties for marketing purposes. We may share limited data with trusted service providers who assist in delivering our services, including:
- Payment processors (e.g. Stripe, PayPal) — for billing purposes only
- Email service providers — for project communication
- Hosting providers — for website delivery
All third-party providers are contractually obligated to handle your data securely and in accordance with applicable data protection law. We may also disclose data if required to do so by law or by a regulatory authority.
Cookies
Our website may use essential cookies to ensure it functions correctly. We do not currently use tracking, advertising, or analytics cookies beyond those strictly necessary for operation.
You can control cookie behaviour through your browser settings. Disabling cookies may affect certain features of the site.
Data Retention
We retain your personal data only for as long as is necessary:
- Client project data is retained for 3 years after project completion
- Invoice and payment records are retained for 7 years to comply with HMRC requirements
- Enquiry data from non-clients is deleted after 12 months if no project is commenced
After retention periods expire, data is securely deleted or anonymised.
Your Rights
Depending on where you are located, different data protection laws may apply to you. The rights available to you are set out by region below. To exercise any of these rights, contact us at contact@spoti.bar — we will respond within 30 days.
If you are based in the United Kingdom, your rights are governed by the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.
If you are based in the European Union or European Economic Area, your rights are governed by the EU General Data Protection Regulation (GDPR). Your rights are substantially the same as those listed above for UK residents, including access, rectification, erasure, restriction, portability, and the right to object.
In addition, where we process your data on the basis of consent, you have the right to withdraw that consent at any time without affecting the lawfulness of processing carried out before withdrawal.
You have the right to lodge a complaint with your local supervisory authority. A full list of EU data protection authorities is available at edpb.europa.eu.
As a UK-based business, any transfer of EU personal data outside the EEA is handled in accordance with applicable transfer mechanisms under GDPR.
If you are a resident of California or another US state with applicable privacy legislation, the following additional rights may apply to you.
California (CCPA / CPRA): California residents have the right to know what personal information is collected about them, to delete that information, to opt out of the sale of personal information, and to non-discrimination for exercising these rights. We do not sell personal information.
- Right to know what personal data we collect and how it is used
- Right to delete your personal data (subject to certain exceptions)
- Right to opt out of the sale or sharing of personal data — we do not sell data
- Right to correct inaccurate personal information
- Right to limit use of sensitive personal information
- Right to non-discrimination for exercising your privacy rights
Other states: Residents of Virginia (VCDPA), Colorado (CPA), Connecticut (CTDPA), Texas, and other states with enacted privacy laws hold similar rights including access, correction, deletion, and portability. We honour these rights upon verified request regardless of state.
To submit a request, contact us at contact@spoti.bar. We will verify your identity before processing any request.
Regardless of where you are located, we are committed to handling your personal data responsibly. If you are based outside the UK, EU, or US, the following general principles apply:
- We collect only the data necessary to provide our services
- We do not sell your data to third parties
- We will respond to reasonable requests to access, correct, or delete your data
- We apply appropriate security measures to protect your information
Some notable regional frameworks we acknowledge:
- Canada (PIPEDA / Law 25) — we comply with principles of consent, accountability, and access
- Australia (Privacy Act 1988) — we follow the Australian Privacy Principles where applicable
- Brazil (LGPD) — we respect data subject rights under Lei Geral de Proteção de Dados
If your country has specific data protection requirements and you have a concern, please contact us directly at contact@spoti.bar and we will do our best to accommodate your request.
Security
We take the security of your data seriously. We implement appropriate technical and organisational measures to protect personal data against accidental loss, unauthorised access, and disclosure. These measures include secure email communication, encrypted storage where applicable, and limited access to personal data.
No transmission of data over the internet is 100% secure. While we take all reasonable steps to protect your data, we cannot guarantee its absolute security.
Third-Party Links
Our website may contain links to third-party websites. These sites operate independently and have their own privacy policies. We are not responsible for the privacy practices or content of any third-party sites, and we encourage you to review their policies before providing any personal data.
Changes to This Policy
We may update this Privacy Policy from time to time. Any changes will be published on this page with an updated "last updated" date. We encourage you to review this page periodically. Continued use of our services after changes are published constitutes your acceptance of the revised policy.
Contact
For any questions, requests, or concerns regarding this Privacy Policy or how we handle your data, please contact us:
- Email: contact@spoti.bar
- Website: spoti.bar