b:web Limited are committed to providing our customers, prospective customers and the users of our website  with an open and honest experience.  Everyone loves reading a good Privacy Policy (don’t they?) – so here’s ours…

Under the new GDPR rules we have to provide you with a copy of our Privacy Policy. Our Privacy Policy details how and what data we process though our website. b:web Limited are responsible for your personal data and for the purposes of GDPR are the data controller.

Please also refer to our Cookie Policy.


Personal data refers to any data that is capable of identifying you. Our website doesn’t really request very much personal data at all – here’s the low down:

Enquiry Data. You will generally only hand over information to us if you would like to make an enquiry about working with b:web on your next web project or one of our other services. The legal grounds for us processing this data is legitimate interests. The web enquiry forms on our website collect your name, email address, phone number (optional) and your enquiry message.  This data is transmitted securely by email to our sales team and also stored on our website in a bespoke client portal which includes a secure database (we love writing bespoke client portals – do get in touch if you’d like one for your own business!).

Personal Information Data. When we say personal, it’s not going to be that personal – but we will need some information about your business and details of how to invoice you. The legal grounds for our processing this data is legitimate interest in the fulfillment of our contractual obligation with you or the creation of a future contract with you. The only time we will request any personal data from you will be during the consultation period if you choose to initiate an enquiry and later if you decide to work with us.

Note – Not strictly related to GDPR but many of our clients ask us to sign a NDA which confirms that any confidential business type information remains private – we are always very happy to do this and can also provide an NDA if you wish.

Other. Under GDPR your IP address now constitutes personal data because it could be used to identify you in whole or in part.  We love a good IP address so we may record these! The legal grounds for us processing your IP is legitimate interest since this helps to keep our website safe. We process your IP address for security reasons to protect our website for malicious attacks and hacks.  We may cross reference your IP with the IPs of blacklisted users and if a match is found we may add your IP to the blacklist and prevent further access to you.


Non personal data data refers to anonymised data.

Statistical Data. Statistical data is collected so that we may provide a fully functioning website that helps our business to communicate core messages to relevant persons. Our legal grounds for us processing this data is legitimate interest. The statistical data that we collect is aggregated and compiled by third-party products like Google Analytics, Google Webmaster and Hotjar. It’s all the data that shows us trends and averages of how our visitors use our website.

The truth is, however, that generally our marketing team is so busy crunching the numbers and statistics of our clients websites (in order to help them be totally awesome) that we don’t often check our own data.  Cobblers shoes and all that…


We are totally rubbish with our own marketing.  We spend most of our time crafting beautiful communications and campaigns for our clients but often forget our own. However, if in the future we get our act together and do start to remember to promote ourselves we have covered this in our Privacy Policy.

Email marketing. We may send you marketing communications from us:

1.If you have previously purchased from us.
2. If you requested to receive marketing communications (opted in).  At the time of writing this we don’t even offer a sign-up to our own newsletter/marketing on our website!

You will always receive a marketing message with an option to opt out of future marketing messages. If you are a limited company, we may send you marketing emails without your consent. However you can still opt out of receiving marketing emails from us at any time.

Our lawful ground of processing your personal data to send you marketing communications is either your consent or our legitimate interest (namely to grow our business).

Display Advertisements. We advise our customers to include a section in their Privacy Policy to cover display adverts – Facebook ads and such-like. But actually, as mentioned previously, we don’t do very much in the way of marketing our own company.  Our clients tend to come to us via word of mouth and having been in business for circa 15 years we are lucky enough to have lots of very lovely clients. We do use Facebook and Instagram advertising from time to time, usually to test a campaign strategy that we are likely to deploy for one of our clients.  When we do use display advertisement we don’t use any information gathered from our websites, it’s usually just using the demographics and data that Facebook themselves own.


We don’t use freelancers or temporary staff to work on any of our projects (we have an awesome in-house team of professionals) and therefore would never provide a person with access to your data without an employment or service contract. We may have to share your personal data with some organisations and these include: our hosting companies, our accountants, insurance companies and we would also have to comply with any Government or legal body that had a right to see our data.

We audit all third-parties for compliance with the law and select providers who are trustworthy and who align with our Privacy Policy.


We will only retain your personal data for as long as necessary to fulfill the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. The law requires us to keep basic information about our customers (including Contact, Identity, Financial and Transaction Data) for six years after they stop being customers. We would like to make sure that the data we hold about you is accurate and up to date. Please let us know if at any time your personal information changes.


Under data protection laws you have rights in relation to your personal data that include the right to request access, correction, erasure, restriction, transfer, to object to processing, to portability of data and (where the lawful ground of processing is consent) to withdraw consent.

You can see more about these rights at:

b:web Limited |

b:web, 67 Hyde Park Road, Plymouth, Devon, PL3 4JN

Remember to check this Privacy Policy regularly as it may change from time to time.


If you have read this far you are probably either really really really interested in GDPR or you may be thinking of copy/pasting our Privacy Policy for your own use.  Please don’t copy it!

If you are a customer of ours and would like some help with your Privacy Policy then please do get in touch. If you are thinking of becoming a customer (I can highly recommend us!) then we will help you with all aspects of GDPR compliance as part of our work with you.