Legal

Privacy Policy

This policy explains how Neckskeleton collects, uses, and protects your personal data in accordance with the UK GDPR and the Data Protection Act 2018.

Last updated:

1. Data Controller

The data controller responsible for your personal data is:

Neckskeleton
Splatts House, The Splatts, Heddington, Calne SN11 0PE, United Kingdom
Phone: +44 1380 850238
Email: team@neckskeleton.world

2. Legal Framework

We process personal data in accordance with the UK General Data Protection Regulation (UK GDPR) as incorporated into UK law by the Data Protection Act 2018, and with the Privacy and Electronic Communications (EC Directive) Regulations 2003 (PECR) where applicable to cookies and electronic communications.

This Privacy Policy is intended to meet the transparency requirements set out in Articles 13 and 14 of the UK GDPR.

3. Data We Collect

We may collect and process the following categories of personal data:

  • Contact data: name and email address submitted through the contact form.
  • Message content: the text of any enquiry submitted through the contact form.
  • Technical data: IP address, browser type and version, time zone, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access this website.
  • Usage data: information about how you use this website, including pages visited and time spent on pages, collected only if you have consented to analytics cookies.
  • Cookie preference data: your cookie consent choices stored locally in your browser via localStorage.

We do not collect sensitive personal data (special category data) as defined under Article 9 of the UK GDPR.

We do not knowingly collect personal data from children under 16. If you believe a child has submitted personal data through our contact form, please contact us and we will delete it promptly.

4. Whether You Must Provide Data

You are not legally required to provide personal data to use this website. However, if you wish to submit a contact enquiry, you must provide your name, email address, and message, and confirm your agreement to this Privacy Policy. Without this information, we cannot respond to your enquiry.

5. Legal Bases for Processing

We process your personal data on the following legal bases:

  • Contractual necessity (Article 6(1)(b)): where processing is necessary to take steps at your request prior to entering an agreement, for example, when you submit a contact form enquiry.
  • Legitimate interests (Article 6(1)(f)): to operate and improve this website, to respond to enquiries, and to ensure site security, provided these interests are not overridden by your rights and freedoms.
  • Consent (Article 6(1)(a)): where you have given clear consent, for example for the placement of analytics or marketing cookies. You may withdraw consent at any time by adjusting your cookie preferences.
  • Legal obligation (Article 6(1)(c)): where we are required to process data to comply with applicable law.

6. How We Use Your Data

We use the data we collect for the following purposes:

  • To respond to enquiries submitted through the contact form.
  • To maintain and improve the functionality of the website.
  • To analyse website usage in aggregate form (analytics cookies, with consent only).
  • To fulfil legal and regulatory obligations.
  • To protect the security and integrity of the website.

We do not use your data for automated decision-making or profiling that produces legal or similarly significant effects.

7. Data Retention

We retain personal data only for as long as necessary to fulfil the purpose for which it was collected, or as required by law:

  • Contact form submissions: retained for up to 12 months from the date of submission, unless a longer period is required to resolve an ongoing enquiry.
  • Technical and usage data: retained for up to 26 months in aggregated or anonymised form when collected via analytics tools.
  • Cookie consent preferences: stored in your browser's localStorage and retained until you clear your browser data or withdraw consent.

8. Data Sharing and Third Parties

We do not sell, rent, or trade your personal data to third parties. We may share data with the following categories of recipients only as necessary:

  • Hosting and infrastructure providers: who provide the servers and infrastructure on which this website operates, under data processing agreements.
  • Analytics providers: only if you have consented to analytics cookies, and only in aggregated or anonymised form where possible.
  • Legal and regulatory authorities: where we are required to disclose data by law, court order, or regulatory authority.

Any third-party processors are bound by data processing agreements requiring them to implement appropriate technical and organisational measures to protect your data.

9. International Transfers

Where personal data is transferred outside the United Kingdom or the European Economic Area, we ensure that appropriate safeguards are in place, such as the use of UK International Data Transfer Agreements (IDTAs) or equivalent mechanisms, as required by applicable data protection law.

10. Your Rights

Under the UK GDPR, you have the following rights in relation to your personal data:

  • Right of access (Article 15): to request a copy of the personal data we hold about you.
  • Right to rectification (Article 16): to request correction of inaccurate or incomplete data.
  • Right to erasure (Article 17): to request deletion of your personal data where there is no compelling reason for its continued processing.
  • Right to restrict processing (Article 18): to request that we limit how we use your data in certain circumstances.
  • Right to data portability (Article 20): to receive your personal data in a structured, commonly used, machine-readable format.
  • Right to object (Article 21): to object to processing based on legitimate interests, including direct marketing.
  • Right to withdraw consent: where processing is based on consent, to withdraw that consent at any time without affecting the lawfulness of processing before withdrawal.

We may ask you for proof of identity before responding to a rights request, where reasonably necessary to protect your data from unauthorised disclosure.

There is no fee for exercising your rights unless your request is manifestly unfounded or excessive, in which case we may charge a reasonable administrative fee or refuse the request as permitted by law.

To exercise any of these rights, please contact us at team@neckskeleton.world. We will respond within one calendar month of receiving your request.

11. Direct Marketing

We do not send promotional emails unless you have explicitly opted in to receive them. Contact form submissions are used only to respond to your enquiry. You may object at any time to the use of your contact details for direct marketing by contacting us using the details in Section 18.

12. Data Breaches

If we become aware of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the Information Commissioner's Office (ICO) within 72 hours where required by law, and will contact affected individuals without undue delay where the breach is likely to result in a high risk to them.

13. Right to Complain

If you believe your data protection rights have been infringed, you have the right to lodge a complaint with the Information Commissioner's Office (ICO), the supervisory authority for data protection in the United Kingdom:

Information Commissioner's Office
Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF
Website: ico.org.uk
Helpline: 0303 123 1113

14. Data Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, accidental loss, alteration, or disclosure. These measures include the use of HTTPS encryption for all data transmitted to and from this website, restricted access controls, and regular security reviews. However, no method of transmission over the internet is completely secure, and we cannot guarantee absolute security.

15. Cookies

This website uses cookies and similar technologies. For full details of the cookies we use, their purposes, and how to manage your preferences, please see our Cookie Policy.

16. Links to Third-Party Sites

This website may contain links to third-party websites. We are not responsible for the privacy practices or content of those sites. We encourage you to read the privacy policy of every website you visit.

17. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable law. The date of the most recent revision is shown at the top of this page. We encourage you to review this policy periodically.

18. Contact

For any questions or requests relating to this Privacy Policy or your personal data, please contact us:

Neckskeleton
Splatts House, The Splatts, Heddington, Calne SN11 0PE, United Kingdom
Phone: +44 1380 850238
Email: team@neckskeleton.world