Privacy Policy
← Back to Home1. Introduction
1.1 This Privacy Policy explains how Solis Digital ("we", "us", "our") collects, uses, stores, and protects your personal data when you visit our website at solisdigital.co.uk, use our services, or otherwise interact with us.
1.2 Solis Digital is a marketing agency based in London, United Kingdom. For the purposes of the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018, we are the data controller of the personal data we collect through our website and services.
1.3 We are committed to protecting your privacy and handling your personal data in an open and transparent manner. We process personal data only in accordance with the UK GDPR, the Data Protection Act 2018, and the Privacy and Electronic Communications Regulations 2003 (PECR).
1.4 If you have any questions about this policy or our data practices, please contact us at info@solisdigital.co.uk.
2. Data Controller Information
2.1 The data controller responsible for your personal data is:
- Company: Solis Digital
- Location: London, United Kingdom
- Email: info@solisdigital.co.uk
- Website: www.solisdigital.co.uk
- Founded by: Zain and Alex
3. Personal Data We Collect
3.1 We collect and process the following categories of personal data:
3.1 Data You Provide Directly
- Contact form submissions: Your name, email address, phone number (if provided), business name, and the content of your message.
- Website audit tool: Your website URL, email address, and any business information you submit through our free audit tool.
- Email correspondence: Any information you provide when you email us directly.
- Client onboarding: Business name, contact details, brand assets, website login credentials (where necessary for service delivery), and any other information provided during the onboarding process.
3.2 Data Collected Automatically
- Device and browser information: IP address, browser type and version, operating system, screen resolution, and device type.
- Usage data: Pages visited, time spent on pages, click patterns, referring URL, and navigation paths through our website.
- Cookie data: Information collected through cookies and similar tracking technologies (see Section 9 below).
- Live chat data: Conversation transcripts and metadata from our live chat service (powered by Tawk.to), including your name and email if voluntarily provided during the chat.
3.3 Data from Third Parties
- Analytics data: Aggregated and pseudonymised usage data from Google Analytics.
- Publicly available data: Information from your existing website that we analyse as part of our audit and service delivery processes.
4. Lawful Bases for Processing
4.1 Under the UK GDPR, we must have a lawful basis for processing your personal data. We rely on the following bases:
| Purpose | Lawful Basis |
|---|---|
| Responding to your enquiries via contact forms or email | Legitimate interest (Article 6(1)(f)) — it is in our legitimate interest to respond to prospective clients |
| Providing our website audit tool results | Consent (Article 6(1)(a)) — you actively submit your details to receive an audit |
| Delivering our marketing and web design services | Contract (Article 6(1)(b)) — processing is necessary to perform our contract with you |
| Sending follow-up communications about our services | Legitimate interest (Article 6(1)(f)) — limited, relevant follow-ups to enquiries |
| Website analytics and performance monitoring | Legitimate interest (Article 6(1)(f)) — to improve our website and services |
| Live chat support | Legitimate interest (Article 6(1)(f)) — to provide real-time support to visitors |
| Complying with legal obligations | Legal obligation (Article 6(1)(c)) |
4.2 Where we rely on legitimate interest, we have conducted a Legitimate Interest Assessment (LIA) to ensure that our interests do not override your fundamental rights and freedoms.
4.3 Where we rely on consent, you have the right to withdraw that consent at any time by contacting us at info@solisdigital.co.uk. Withdrawal of consent does not affect the lawfulness of processing carried out before the withdrawal.
5. How We Use Your Data
5.1 We use your personal data for the following purposes:
- To respond to your enquiries and provide you with information about our services.
- To deliver website audit results and associated recommendations.
- To perform our contractual obligations, including web design, SEO, digital marketing, and AI automation services.
- To manage client accounts, projects, and communications.
- To improve our website, services, and user experience through analytics.
- To provide live chat support and respond to real-time enquiries.
- To detect, prevent, and address technical issues or security threats.
- To comply with applicable laws and regulations.
6. Use of Artificial Intelligence
6.1 As an AI-powered marketing agency, we use artificial intelligence tools in the delivery of our services. This includes but is not limited to:
- Content generation: AI tools may be used to draft website copy, marketing materials, and campaign content for clients.
- Website auditing: Our audit tool uses automated analysis to evaluate website performance, SEO, and other technical factors.
- Marketing automation: AI-driven tools may be used to optimise advertising campaigns, email sequences, and other marketing activities.
- Data analysis: AI may be used to analyse aggregated, anonymised usage patterns to improve our services.
6.2 We do not use AI to make solely automated decisions that produce legal effects or similarly significant effects concerning you without human oversight, in accordance with Article 22 of the UK GDPR.
6.3 Where AI tools are used as part of our service delivery, client data may be processed by the AI tool provider. We ensure that all such providers have appropriate data processing agreements in place and maintain adequate levels of data protection.
6.4 We do not feed identifiable personal data of website visitors into AI training models. Any data used for AI-assisted analysis is aggregated or anonymised wherever possible.
7. Data Processors and Third-Party Services
7.1 We share your personal data with the following categories of third-party service providers (data processors), who process data on our behalf and in accordance with our instructions:
| Service Provider | Purpose | Data Processed | Location |
|---|---|---|---|
| Supabase | Database hosting and backend infrastructure — stores contact form submissions, audit requests, and client data | Name, email, phone, business details, form submissions | EU/US (with appropriate safeguards) |
| Google Analytics | Website analytics and performance measurement | Pseudonymised browsing data, IP address (anonymised), device and usage data | US (EU-US Data Privacy Framework) |
| Tawk.to | Live chat functionality on our website | Chat transcripts, name and email (if voluntarily provided), IP address | US/Canada (with appropriate safeguards) |
| Framer | Website builder used for building client websites | Website content and assets provided by clients; visitor analytics on Framer-hosted sites | EU/US (with appropriate safeguards) |
| Vercel | Website hosting and deployment | Server logs, IP addresses | US (with appropriate safeguards) |
7.2 All third-party data processors are bound by data processing agreements (DPAs) that comply with Article 28 of the UK GDPR, requiring them to:
- Process personal data only on our documented instructions.
- Ensure that persons authorised to process personal data have committed themselves to confidentiality.
- Implement appropriate technical and organisational security measures.
- Assist us in fulfilling our obligations regarding data subject rights.
- Delete or return all personal data to us at the end of the service relationship.
- Make available all information necessary to demonstrate compliance.
7.3 We do not sell, rent, or trade your personal data to any third party for their marketing purposes.
8. International Data Transfers
8.1 Some of our third-party service providers are located outside the United Kingdom. Where personal data is transferred to countries that are not covered by a UK adequacy decision, we ensure that appropriate safeguards are in place, including:
- UK International Data Transfer Agreement (IDTA) or UK Addendum to the EU Standard Contractual Clauses with the relevant data processor.
- Reliance on the EU-US Data Privacy Framework (where the recipient is a certified participant) as recognised by the UK extension.
- Binding corporate rules or other approved mechanisms where applicable.
8.2 You may request a copy of the safeguards we have in place by contacting us at info@solisdigital.co.uk.
9. Cookies and Tracking Technologies
9.1 Our website uses cookies and similar tracking technologies. A cookie is a small text file placed on your device when you visit our website.
9.2 Types of Cookies We Use
| Cookie Type | Purpose | Duration |
|---|---|---|
| Strictly Necessary | Essential for the website to function correctly (e.g., security, load balancing). These cannot be disabled. | Session / up to 1 year |
| Analytics | Google Analytics cookies that help us understand how visitors interact with our website (e.g., _ga, _gid). | Up to 2 years |
| Functional | Tawk.to cookies that enable live chat functionality and remember your chat preferences. | Session / up to 6 months |
9.3 In accordance with PECR and UK GDPR, we obtain your consent before placing non-essential cookies on your device. You can manage your cookie preferences at any time through your browser settings.
9.4 To opt out of Google Analytics tracking specifically, you can install the Google Analytics Opt-out Browser Add-on.
9.5 Most web browsers allow you to control cookies through their settings. Please note that disabling certain cookies may affect the functionality of our website.
10. Client Data Handling
10.1 When you engage us to provide marketing, web design, or other services, we may process additional personal data as part of our service delivery. This may include:
- Website login credentials and hosting account details (shared securely and used solely for service delivery).
- Business contact information for your team members involved in the project.
- Brand assets, images, and content you provide for use on your website or marketing materials.
- Analytics data from your existing website, advertising accounts, or social media profiles.
- Customer data that may be present within your existing systems (where access is required for migration or integration).
10.2 Where we process personal data on your behalf (for example, data collected through a website we build and host for you), we act as a data processor and will enter into a separate Data Processing Agreement with you as required by Article 28 of the UK GDPR.
10.3 For client websites built using Framer, please note that Framer may collect its own analytics and usage data from visitors to your site. We recommend that clients include their own privacy policy on their Framer-hosted websites. We will assist you in implementing appropriate privacy notices and cookie consent mechanisms.
10.4 We store client credentials securely using encrypted storage and access them only as needed for active service delivery. Credentials are deleted or returned upon completion of the engagement or upon your request.
11. Data Retention
11.1 We retain your personal data only for as long as is necessary for the purposes for which it was collected:
- Contact form and audit submissions: Retained for up to 24 months from the date of submission, unless you become a client (in which case client retention periods apply).
- Client project data: Retained for the duration of the client relationship and for up to 6 years thereafter (to comply with HMRC record-keeping requirements and for the establishment, exercise, or defence of legal claims).
- Analytics data: Google Analytics data retention is set to 14 months. Aggregated, non-identifiable analytics data may be retained indefinitely.
- Live chat transcripts: Retained for up to 12 months.
- Email correspondence: Retained for up to 24 months from the last communication, unless part of an ongoing client relationship.
11.2 When personal data is no longer required, it is securely deleted or anonymised.
12. Your Rights Under UK GDPR
12.1 Under the UK GDPR, you have the following rights in relation to your personal data:
- Right of access (Article 15): You have the right to request a copy of the personal data we hold about you (a Subject Access Request).
- Right to rectification (Article 16): You have the right to request that we correct any inaccurate or incomplete personal data.
- Right to erasure (Article 17): You have the right to request that we delete your personal data where there is no compelling reason for its continued processing.
- Right to restriction of processing (Article 18): You have the right to request that we restrict the processing of your personal data in certain circumstances.
- Right to data portability (Article 20): You have the right to receive your personal data in a structured, commonly used, and machine-readable format.
- Right to object (Article 21): You have the right to object to processing based on legitimate interests or direct marketing at any time.
- Right to withdraw consent: Where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of prior processing.
- Rights related to automated decision-making (Article 22): You have the right not to be subject to a decision based solely on automated processing that produces legal or similarly significant effects.
12.2 To exercise any of these rights, please contact us at info@solisdigital.co.uk. We will respond to your request within one month. In complex cases, we may extend this by a further two months, and we will inform you if this is necessary.
12.3 There is no fee for exercising your rights in most cases. However, we may charge a reasonable fee if your request is clearly unfounded, repetitive, or excessive. We may also refuse to comply with such requests.
12.4 We may need to verify your identity before processing your request to ensure data security.
13. Data Security
13.1 We take the security of your personal data seriously and implement appropriate technical and organisational measures to protect it against unauthorised access, alteration, disclosure, or destruction. These measures include:
- Encryption of data in transit using TLS/SSL.
- Encryption of sensitive data at rest within our database (Supabase).
- Access controls and authentication mechanisms to restrict data access to authorised personnel only.
- Regular review and updating of our security practices.
- Use of secure, reputable third-party service providers with their own robust security measures.
- Secure handling and storage of client credentials.
13.2 In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the Information Commissioner's Office (ICO) within 72 hours and, where required, notify you without undue delay.
14. Children's Data
14.1 Our website and services are not directed at individuals under the age of 18. We do not knowingly collect personal data from children. If you believe we have inadvertently collected data from a child, please contact us immediately at info@solisdigital.co.uk and we will take steps to delete it.
15. Links to Third-Party Websites
15.1 Our website may contain links to third-party websites. We are not responsible for the privacy practices or content of those websites. We encourage you to read the privacy policies of any third-party sites you visit.
16. Complaints
16.1 If you are unhappy with how we have handled your personal data, we encourage you to contact us first at info@solisdigital.co.uk so that we can try to resolve the issue.
16.2 You also have the right to lodge a complaint with the UK supervisory authority:
- Information Commissioner's Office (ICO)
- Website: ico.org.uk
- Telephone: 0303 123 1113
- Address: Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
17. Changes to This Policy
17.1 We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. Any changes will be posted on this page with an updated "Last updated" date.
17.2 Where changes are significant, we will make reasonable efforts to notify you (for example, by email if you are an existing client, or by a prominent notice on our website).
17.3 We recommend that you review this policy periodically to stay informed about how we protect your data.
18. Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy or our handling of your personal data, please contact us:
- Email: info@solisdigital.co.uk
- Website: www.solisdigital.co.uk
This Privacy Policy was last updated on 24 March 2026.