Skip to main content
LEGAL

Privacy Policy

Last updated: March 2026

1. Who We Are

Lustre Digital is a web design and development agency based in East Sussex, United Kingdom. We design, build, and maintain websites for small and medium-sized businesses across the UK and Ireland.

For the purposes of the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018, Lustre Digital is the data controller. If you have any questions about how we handle your personal data, you can contact us at hello@lustredigital.co.uk.

2. What Data We Collect

We collect personal data that you voluntarily provide to us when you enquire about our services or engage us for a project. This may include:

  • Your full name
  • Email address
  • Phone number
  • Business name
  • Website address
  • Project details and requirements
  • Budget information
  • How you heard about us

We also collect certain technical data automatically when you visit our website, including your IP address, browser type, operating system, referring URL, pages visited, and time spent on each page. This data is collected through cookies and similar technologies (see Section 7 below).

3. How We Use Your Data

We use the personal data you provide to us for the following purposes:

  • To respond to your enquiry and provide information about our services
  • To prepare and send you a quotation or proposal
  • To deliver the services you have engaged us to provide
  • To communicate with you about your project
  • To send you invoices and process payments
  • To improve our website and services based on aggregated, anonymised analytics data

We will never sell your personal data to third parties. We will not use your data for marketing purposes unless you have given us explicit consent to do so.

4. Legal Basis for Processing

Under the UK GDPR, we rely on the following lawful bases to process your personal data:

  • Legitimate interest: When you submit an enquiry through our contact form, we process your data on the basis of our legitimate interest in responding to prospective clients and managing our business. We have assessed that this processing is necessary and that your rights do not override our legitimate interest.
  • Contractual necessity: When you engage us for a project, we process your data as necessary for the performance of our contract with you, including delivering the agreed services, managing the project, and processing payments.
  • Consent: Where we use cookies for analytics purposes, we do so on the basis of your consent, which you can withdraw at any time.

5. How We Store Your Data

We take the security of your personal data seriously. Your data is stored securely using industry-standard measures, including encrypted connections (SSL/TLS) and secure server infrastructure.

We retain your personal data only for as long as is necessary for the purposes set out in this policy. Enquiry data is retained for up to 12 months after the last communication. Client project data is retained for up to 6 years after the completion of a project, in accordance with our legal and accounting obligations.

We do not share your personal data with third parties except where necessary for the delivery of our services to you, and only with providers who are bound by appropriate data protection agreements.

6. Third-Party Services

We use the following third-party services in the operation of our website and business:

  • SendGrid: We use SendGrid (a Twilio company) to deliver email communications, including contact form submissions and project correspondence. SendGrid processes your email address and message content on our behalf. SendGrid’s privacy policy is available at twilio.com/legal/privacy.
  • Google Analytics: We use Google Analytics to understand how visitors use our website. This service collects anonymised data about page views, session duration, and traffic sources. We have configured Google Analytics to anonymise IP addresses. Google’s privacy policy is available at policies.google.com/privacy.

All third-party processors are based in countries that provide adequate data protection or are covered by appropriate safeguards such as Standard Contractual Clauses.

7. Cookies

Our website uses cookies to ensure it functions correctly and to help us understand how visitors use the site. The types of cookies we use are:

  • Essential cookies: These are strictly necessary for the website to function and cannot be switched off. They include cookies that remember your cookie consent preferences.
  • Analytics cookies: These help us understand how visitors interact with our website by collecting anonymised information. Analytics cookies are only placed with your consent.

We do not use advertising or tracking cookies. You can manage your cookie preferences at any time through your browser settings. Please note that disabling essential cookies may affect the functionality of the website.

8. Your Rights

Under the UK GDPR, you have the following rights in relation to your personal data:

  • Right of access: You have the right to request a copy of the personal data we hold about you.
  • Right to rectification: You have the right to request that we correct any inaccurate or incomplete personal data.
  • Right to erasure: You have the right to request that we delete your personal data, subject to certain legal exceptions.
  • Right to restriction of processing: You have the right to request that we restrict the processing of your personal data in certain circumstances.
  • Right to data portability: You have the right to receive your personal data in a structured, commonly used, and machine-readable format.
  • Right to object: You have the right to object to the processing of your personal data where we are relying on legitimate interest as our legal basis.
  • Rights relating to automated decision-making: We do not use automated decision-making or profiling in relation to your personal data.

To exercise any of these rights, please contact us using the details in Section 9 below. We will respond to your request within one month. There is no fee for making a request, although we may charge a reasonable fee if your request is clearly unfounded or excessive.

If you are not satisfied with how we handle your request, you have the right to lodge a complaint with the Information Commissioner’s Office (ICO). You can contact the ICO at ico.org.uk or by calling 0303 123 1113.

9. How to Contact Us About Your Data

If you have any questions about this privacy policy, or if you wish to exercise any of your rights, please contact us at:

Lustre Digital
Email: hello@lustredigital.co.uk

We aim to respond to all data protection enquiries within 48 hours.

10. Changes to This Policy

We may update this privacy policy from time to time to reflect changes in our practices, technology, or legal requirements. Any changes will be posted on this page with an updated revision date. We encourage you to review this policy periodically.

If we make any significant changes that affect your rights, we will make reasonable efforts to notify you, for example by placing a prominent notice on our website.