Privacy notice
Penby sells marketing that is compliant by design, so it would be odd to run a website that wasn’t. This one sets no cookies, runs no analytics, and carries no advertising or tracking. The only personal data we hold is what you choose to send us.
Who we are
Penby Ltd is the data controller for this website and for enquiries you send us. We are registered in England & Wales (company no. 09686420), registered office 9 Chapel Street, Mumbles, Swansea, Wales, SA3 4NH, and registered with the Information Commissioner’s Office (ICO) under reference ZB582527. You can reach us at hello@penby.co.uk.
The short version
- This site sets no cookies of its own and uses no analytics, advertising or tracking pixels.
- We only process personal data you actively send us — for example, by emailing us.
- We don’t sell your data, and we don’t share it except with the service providers that help us run the site and our email.
What we collect, and why
When you contact us
If you email us (at hello@penby.co.uk, or directly to Andy or Ola), we process your name, email address and whatever you put in your message, so we can reply and, where relevant, discuss working together. Our lawful basis is our legitimate interests in responding to enquiries and, where you’re asking about our services, taking steps at your request before entering into a contract.
Hosting and security
The site is hosted on Cloudflare Pages. To deliver and protect it, Cloudflare processes limited technical data on our behalf — such as your IP address and basic request information — and may set strictly-necessary security cookies. This is standard infrastructure logging for delivery and security; it is not analytics, and we don’t use it to build any profile of you.
The Cyber Essentials badge
Our footer shows our Cyber Essentials certificate, displayed via a badge served by Blockmark (registry.blockmarktech.com). Loading that badge sends a request to Blockmark, which may record standard technical data such as your IP address. It is the only third-party request the site makes.
Links to other sites
We link to profiles on LinkedIn and similar services. Those are run by other organisations with their own privacy practices; this notice doesn’t cover them.
Who we share data with
We don’t sell personal data. We share it only with the providers that help us operate — our website host (Cloudflare) and our email provider — who act as our processors under contract and only on our instructions. Where any of these involve transfers of data outside the UK, we rely on the appropriate safeguards required by UK data-protection law.
How long we keep it
We keep enquiry correspondence for as long as we need it for the conversation or relationship it relates to, and a reasonable period afterwards, then delete it. We don’t keep personal data longer than we need to.
Your rights
Under UK GDPR you have rights to access your data, to have it corrected or erased, to restrict or object to its processing, and to data portability. To exercise any of these, email hello@penby.co.uk and we’ll respond within the statutory time limit. If you’re unhappy with how we’ve handled your data, you can complain to the ICO at ico.org.uk, though we’d appreciate the chance to put things right first.
Changes to this notice
We may update this notice from time to time. The date at the top shows when it last changed.