Privacy Policy

Last Updated: April 2026
ICO Registration Number: ZB204614

1. Who We Are
Our website address is: https://www.sarahkick.uk.
Data Controller: Sarah Kick
Company: Sarah Kick Web Services
Email: [email protected]
Address: Dereham, Norfolk

2. What Personal Data We Collect & Why

  • Contact Information: When you use our contact form or engage our services, we collect your name, email, address, and telephone number to fulfill our contract with you and communicate regarding orders.
  • Usage Data: We automatically collect IP addresses, browser types, and device identifiers to maintain server security and troubleshoot technical issues.
  • Media & Comments: If you leave a comment or upload media, we collect the data shown in the form, plus your IP address and browser user agent string to assist in spam detection.

3. Cookies & Tracking
We use essential cookies to ensure our website functions correctly. Persistent cookies remain on your device to remember preferences, while session cookies are deleted when you close your browser. For full details, please see our Cookie Policy.

4. Who We Share Your Data With (Sub-processors)
To provide managed hosting and redundant backups, we share data with the following professional third-party providers:

  • IONOS (UK): For VPS infrastructure and email hosting.
  • Cloudflare (Global): For web application firewall (WAF) and security monitoring.
  • Acronis (UK): For server-level encrypted disaster recovery backups.
  • Google (Global): For secondary encrypted backups stored in Google Cloud.
  • UpdraftPlus (UK): For managing application-level WordPress backups.

5. How Long We Retain Your Data

  • Tax/Accounting: Order and billing information is kept for 6 years as required by UK tax law.
  • Technical Backups: We maintain a rolling redundant backup policy. Primary server backups are kept for 4 weeks before being overwritten.
  • General Inquiries: Contact form submissions are kept for as long as necessary to resolve your inquiry.

6. Where Your Data is Sent
Your data is primarily stored on servers located in the United Kingdom. For security and cloud redundancy (Cloudflare/Google), data may be processed globally. We ensure all providers meet UK GDPR adequacy standards.

7. Your Rights Over Your Data
Under UK GDPR, you have the right to:

  • Request an exported file of the personal data we hold about you.
  • Request that we erase any personal data (excluding data we must keep for legal, administrative, or security purposes).
  • Withdraw consent for cookie tracking at any time.

8. Security Measures
As a Managed Service Provider, we employ industry-standard security backups, Plesk security partitioning, and Full (Strict) SSL encryption via Cloudflare to protect data in transit.