1. Data controller
The data controller responsible for your personal data is Purgewipe, W Ogwell Barton, West Ogwell, Newton Abbot TQ12 6EW, United Kingdom.
Contact: feedback@purgewipe.world | +44 1626 333613
2. Applicable law
This policy is prepared in accordance with the UK General Data Protection Regulation (UK GDPR) as retained in UK law, the Data Protection Act 2018, and the Privacy and Electronic Communications Regulations 2003 (PECR) where relevant to cookies and electronic marketing.
3. Personal data we collect
- Identity data: name and job title when voluntarily provided
- Contact data: email address, telephone number, and organisation name
- Communication data: messages submitted through our contact form
- Technical data: IP address, browser type, device information, and pages visited
- Preference data: cookie consent choices stored in your browser
- Service data: session attendance and scheduling information for client organisations
4. How we use your data and lawful bases
| Purpose | Lawful basis (UK GDPR Art. 6) |
|---|---|
| Responding to enquiries | Consent (contact form tick box) / Legitimate interests |
| Delivering session services | Contract / Legitimate interests |
| Analytics cookies | Consent |
| Marketing cookies | Consent |
| Legal and accounting records | Legal obligation / Legitimate interests |
5. Data retention
- Contact form enquiries: twelve months, unless a client relationship is established
- Client service records: duration of engagement plus six years (statutory limitation period)
- Session attendance logs: twenty-four months
- Cookie preferences: until cleared from browser localStorage
- Analytics data: fourteen months, then anonymised or deleted
6. Data sharing and processors
We do not sell personal data. We may share data with:
- Hosting and email service providers acting as data processors under written agreements
- Session facilitators engaged to deliver services to your organisation
- Authorities where required by law
7. International transfers
Where data is transferred outside the United Kingdom, we ensure appropriate safeguards are in place, including UK International Data Transfer Agreements or adequacy regulations approved by the Secretary of State.
8. Security
We implement appropriate technical and organisational measures including TLS encryption, access controls, and staff confidentiality obligations. No method of transmission over the internet is completely secure; we cannot guarantee absolute security.
9. Your rights under UK GDPR
You have the right to:
- Request access to your personal data (Subject Access Request)
- Request rectification of inaccurate data
- Request erasure in certain circumstances ("right to be forgotten")
- Restrict or object to processing in certain circumstances
- Data portability where processing is based on consent or contract
- Withdraw consent at any time without affecting the lawfulness of prior processing
- Lodge a complaint with the Information Commissioner's Office (ICO): ico.org.uk or 0303 123 1113
To exercise your rights, contact us using the details in Section 1. We respond within one calendar month, extendable by two further months for complex requests.
10. Children's data
Our services are directed at organisations and adults. We do not knowingly collect personal data from anyone under sixteen without parental or organisational consent.
11. Automated decision-making
We do not use automated decision-making or profiling that produces legal or similarly significant effects.
12. Changes
We may update this policy periodically. Material changes will be reflected by updating the date above. Continued use of our website after changes constitutes acknowledgement of the updated policy.