CODE & GROWTH LTD

PRIVACY POLICY



Data Controller:  CODE & GROWTH LTD
Company Number: 17194164
Registered Address:  Sessions House Market Place, Lincolnshire, Boston, United Kingdom, PE21 6DY
Website:  codegrowth.uk
Privacy Contact:  info@codegrowth.uk
Director: Alexandros Antoniou

1.  About This Policy
This Privacy Policy explains how Code & Growth Ltd ("we", "us", "our") collects, uses, stores, and shares your personal data when you visit our website at codegrowth.uk or engage our services.
We are committed to protecting your privacy and handling your personal data in compliance with the UK General Data Protection Regulation ("UK GDPR") and the Data Protection Act 2018.
Please read this policy carefully. By submitting your details through our contact form or otherwise engaging with us, you acknowledge that you have read and understood this policy.

2.  Data Controller
The data controller responsible for your personal data is:

Code & Growth Ltd
Company Number: 17194164
Registered in England and Wales
Registered Office: Sessions House Market Place, Lincolnshire, Boston, United Kingdom, PE21 6DY
Email: info@codegrowth.uk
Website: codegrowth.uk

As data controller, we determine the purposes and means of processing your personal data and are responsible for ensuring that processing is lawful.

3.  What Personal Data We Collect
3.1  Data You Provide Directly
When you complete the consultation request form on our website, we collect the following personal data:

Data Field

Purpose

Full name

To address you correctly and identify your enquiry

Phone number

To contact you in relation to your enquiry or project

Email address

To send responses, proposals, and project communications


You are not required to provide this data, but without it we cannot respond to your enquiry.

3.2  Data Collected Automatically
When you visit our website, we and our third-party analytics and advertising partners may collect the following data automatically through cookies and similar technologies:
  • IP address and approximate geographic location
  • Browser type, version, and device type
  • Operating system
  • Pages visited and time spent on each page
  • Referring URL (the page you visited before arriving at our website)
  • Date and time of your visit

Please see Section 8 (Cookies and Analytics Tools) for details of the specific tools we use.

3.3  Data We Do Not Collect
We do not knowingly collect special category personal data (such as data about health, ethnicity, religion, or biometric data) through our website. We do not knowingly collect personal data from children under the age of 16.

4.  Purposes of Processing and Legal Basis
Under UK GDPR, we must have a lawful basis for processing your personal data. The table below sets out the purposes for which we process personal data and the corresponding lawful basis.

Purpose

Lawful Basis (UK GDPR Article 6)

Responding to your enquiry submitted via the contact form

Article 6(1)(b) — Necessary for steps prior to entering a contract at your request

Delivering services under a client agreement

Article 6(1)(b) — Necessary for the performance of a contract

Sending service-related communications (project updates, invoices, proposals)

Article 6(1)(b) — Necessary for the performance of a contract

Sending marketing communications about our services (if you have consented)

Article 6(1)(a) — Consent

Improving our website and measuring traffic via analytics

Article 6(1)(f) — Legitimate interests (understanding how our website is used)

Complying with legal obligations (e.g. tax records, court orders)

Article 6(1)(c) — Compliance with a legal obligation

Protecting our legal rights and preventing fraud

Article 6(1)(f) — Legitimate interests


Where we rely on our legitimate interests, we have assessed that those interests are not overridden by your rights and freedoms. You may request further information about this balancing test by contacting us at info@codegrowth.uk.

Where we rely on consent (for example, for marketing emails), you have the right to withdraw your consent at any time. Withdrawal of consent will not affect the lawfulness of processing carried out before withdrawal.

5.  Data Retention
We retain personal data only for as long as is necessary to fulfil the purposes for which it was collected, or as required by law.

Category of Data

Retention Period

Enquiry form data (name, phone, email) where no contract follows

12 months from the date of the enquiry

Client personal data (name, email, phone) during an active engagement

Duration of the contract plus 6 years after completion (in line with the Limitation Act 1980)

Financial and invoicing records

6 years from the end of the relevant tax year (HMRC requirement)

Marketing consent records

Until consent is withdrawn, then deleted within 30 days

Website analytics data

As configured per tool — typically 26 months (Google Analytics default)


At the end of the applicable retention period, personal data is securely deleted or anonymised.

6.  Sharing Your Data
6.1  Data Processors
We engage carefully selected third-party service providers ("processors") who process personal data on our behalf and under our instructions. We ensure that all processors have adequate data protection safeguards in place. Our current processors include:

Processor / Category

Purpose

Tilda Publishing (website platform)

Hosting our website and contact form submissions

Google LLC (Google Analytics, Google Ads)

Website analytics and advertising campaign management

Meta Platforms Ireland Ltd (Meta Ads)

Advertising campaign management and audience analytics

Email and communication tools (e.g. Gmail / Google Workspace)

Client and prospect communications

Project management and CRM tools

Managing client relationships and project delivery

Accounting software / cloud storage

Financial records and document management


6.2  Other Disclosures
We may also share your personal data with:
  • Professional advisers (lawyers, accountants) where necessary to obtain professional advice or to defend legal claims
  • Law enforcement or regulatory authorities where required by law, court order, or other legal process
  • Any successor entity in the event of a merger, acquisition, or sale of our business

We do not sell your personal data to third parties for their own marketing purposes.

7.  International Transfers of Personal Data
Some of our third-party processors (including Google LLC and Meta Platforms) are based in the United States or operate infrastructure in countries outside the UK and European Economic Area ("EEA"). Transfers of your personal data to these countries may take place.
Where we transfer personal data outside the UK, we ensure that an appropriate safeguard is in place, including:
  • UK Adequacy Regulations — transfers to countries the UK has determined provide an adequate level of protection
  • UK International Data Transfer Agreements (IDTAs) or UK Addendum to EU Standard Contractual Clauses, as approved by the Information Commissioner's Office (ICO)
  • Binding Corporate Rules approved by the ICO

You may request further information about the specific safeguards applied to international transfers by contacting us at info@codegrowth.uk.

8.  Cookies and Analytics Tools
8.1  What Are Cookies
Cookies are small text files placed on your device when you visit a website. We use cookies and similar tracking technologies to make our website work correctly and to understand how it is used.

8.2  Cookies We Use

Cookie / Tool

Type & Purpose

Tilda CMS (session cookies)

Strictly necessary — required for the website and form to function correctly

Google Analytics (GA4)

Analytics — tracks pages visited, session duration, and device information to help us understand website traffic

Google Ads / Google Tag Manager

Marketing — measures ad campaign performance and attribution

Meta Pixel

Marketing — measures the effectiveness of Meta advertising campaigns


Strictly necessary cookies do not require your consent. For analytics and marketing cookies, we seek your consent where required by applicable law.

8.3  Managing Cookies
You can manage or disable cookies through your browser settings. Disabling certain cookies may affect the functionality of our website. You may also opt out of Google Analytics tracking via the Google Analytics Opt-out Browser Add-on available at tools.google.com/dlpage/gaoptout.

9.  Your Rights Under UK GDPR
As a data subject, you have the following rights under the UK GDPR. We will respond to all valid requests within one calendar month of receipt (which may be extended by a further two months for complex or numerous requests).

Right

What It Means

Right of Access (Article 15)

You have the right to request a copy of the personal data we hold about you, along with information about how we use it (a 'Subject Access Request').

Right to Rectification (Article 16)

You have the right to request that we correct inaccurate or incomplete personal data we hold about you.

Right to Erasure (Article 17)

You have the right to request that we delete your personal data in certain circumstances (e.g. where it is no longer necessary for the original purpose).

Right to Restriction of Processing (Article 18)

You have the right to request that we restrict processing of your personal data in certain circumstances (e.g. while you contest the accuracy of the data).

Right to Data Portability (Article 20)

Where we process your data on the basis of consent or contract, and by automated means, you have the right to receive your data in a structured, commonly used, machine-readable format.

Right to Object (Article 21)

You have the right to object to processing based on our legitimate interests. We will stop processing unless we can demonstrate compelling legitimate grounds that override your interests.

Right to Withdraw Consent (Article 7(3))

Where processing is based on your consent, you may withdraw that consent at any time. This does not affect the lawfulness of processing before withdrawal.

Right Not to be Subject to Automated Decision-Making (Article 22)

You have the right not to be subject to a decision based solely on automated processing (including profiling) that produces legal or similarly significant effects. We do not currently carry out such processing.


To exercise any of these rights, please contact us at info@codegrowth.uk. We may need to verify your identity before processing your request. There is generally no fee for exercising your rights, although we may charge a reasonable fee for manifestly unfounded or excessive requests.

10.  Right to Lodge a Complaint with the ICO
If you are unhappy with how we handle your personal data, we encourage you to contact us first at info@codegrowth.uk so that we can attempt to resolve the matter.

You also have the right to lodge a complaint with the Information Commissioner's Office (ICO), the UK's independent supervisory authority for data protection:

Information Commissioner's Office (ICO)
 Website:  ico.org.uk
 Helpline:  0303 123 1113
 Address:  Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF

11.  Security of Your Personal Data
We implement appropriate technical and organisational measures to protect your personal data against accidental loss, unauthorised access, alteration, or disclosure. These measures include:
  • Use of HTTPS/TLS encryption for data in transit
  • Access controls limiting who can view personal data within our organisation
  • Password protection and multi-factor authentication on key systems
  • Regular review of our data security practices

While we take these precautions, no method of electronic transmission or storage is completely secure. We cannot guarantee the absolute security of your personal data.
In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify you and the ICO in accordance with our obligations under UK GDPR.

12.  Children's Privacy
Our website and services are directed at businesses and adults. We do not knowingly collect personal data from individuals under the age of 16. If we become aware that we have inadvertently collected personal data from a child under 16, we will delete that data as soon as reasonably practicable.

13.  Third-Party Links
Our website may contain links to third-party websites, including ad platforms and case study partners. We are not responsible for the privacy practices of those websites and encourage you to read their privacy policies before providing any personal data.

14.  Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our processing activities, legal obligations, or regulatory guidance. When we make material changes, we will update the "Last Updated" date at the top of this document and, where appropriate, notify you by email.
We encourage you to review this policy periodically. Continued use of our website after changes are posted constitutes acceptance of the updated policy.

15.  Contact Us
For any questions, requests, or concerns relating to this Privacy Policy or our data protection practices, please contact:

Code & Growth Ltd
Sessions House Market Place, Lincolnshire, Boston, United Kingdom, PE21 6DY
Email:  info@codegrowth.uk
Website:  codegrowth.uk
Director: Alexandros Antoniou

© 2026 Code & Growth Ltd. All rights reserved.