Privacy Policy

Last updated: 27 May 2026

This Privacy Policy explains how CMS Web Solutions Ltd (“we”, “us”, “our”) collects, uses, and protects personal data through this website (cms-web.solutions) and during our work with you.

We take your privacy seriously. We do not run third-party analytics or advertising on this site, we do not sell or share personal data with marketing partners, and we collect only the minimum information needed to do good work for you.

Who we are

CMS Web Solutions Ltd is the data controller for personal data collected through this website.

  • Company name: CMS Web Solutions Ltd
  • Registered office: 1 Corunna Place, Bridge of Don, Aberdeen AB23 8DA, Scotland
  • Company number: SC406390 (registered in Scotland)
  • VAT registration number: GB 157 9547 60
  • ICO registration number: ZA408903
  • Contact email: adrian@cms-web.solutions
  • Contact phone: +44 7814 730093

The data-protection contact is Adrian Robbins, director.

What information we collect

When you submit the enquiry form

When you contact us through the enquiry form on this site, we collect:

  • Your name
  • Your email address
  • Your company name (if you choose to provide it)
  • The contents of your message

You give us this information voluntarily by completing the form.

When you accept or reject cookies

When you respond to the cookie consent banner, we store your choice in your browser’s local storage. We do not collect any personal data through this — only a binary “accepted” or “rejected” value.

Server logs

Our web server records standard request information for security, troubleshooting, and abuse prevention. This includes your IP address, the pages you visited and when, your browser type and operating system, and the referring page (if any). These logs are not used to build user profiles and are retained for a limited period (see Retention below).

Direct correspondence

If you contact us by email or phone, we will hold a record of the correspondence and any contact details you provide.

How we use your information

We process your personal data for the following purposes:

  • Enquiry form submissions — to reply to your enquiry and discuss possible work. Legal basis: legitimate interests (responding to an enquiry you initiated), with pre-contract steps where relevant.
  • Direct correspondence — to carry on the conversation you started, or to perform our work for you. Legal basis: legitimate interests, or contract performance if we are working together.
  • Cookie consent choice — to remember your preference and not show the consent banner repeatedly. Legal basis: consent (UK PECR) and necessary for the operation of the consent mechanism itself.
  • Server logs — to keep the site secure, diagnose problems, and meet our hosting obligations. Legal basis: legitimate interests (site security and operation).

We do not use your data for profiling, automated decision-making, behavioural advertising, or sale to third parties.

Cookies

This site uses only essential cookies and a local-storage entry that records your cookie consent choice. We do not use analytics, advertising, or tracking cookies. Full details are in our Cookie Policy.

Who we share your data with

We do not sell, rent, or share your personal data with third parties for marketing.

We may share your personal data with:

  • Our hosting infrastructure — the dedicated server hosting cms-web.solutions and its supporting infrastructure. Data stays on UK infrastructure.
  • Professional advisers (accountants, lawyers) — only if necessary, only in connection with our legitimate business operations, and only the minimum required.
  • Law enforcement or regulators — if legally required.

If we ever introduce a third-party tool that processes personal data on our behalf (for example, a CRM or analytics tool), this policy will be updated and, where required by law, we will ask for fresh consent.

Where your data is stored

All personal data collected through this website is stored on our own UK-based dedicated server infrastructure. We do not transfer personal data outside the United Kingdom in the normal course of our work. If we ever need to transfer your data outside the UK or EEA, we will tell you and ensure appropriate safeguards are in place.

How long we keep your data

  • Enquiry form data and correspondence: kept for as long as the conversation is active, then for up to 24 months after our last contact in case you re-engage. We may keep records longer where legally required (for example, financial records linked to invoices).
  • Server logs: typically kept for up to 30 days for security and operational diagnostics, then rotated or deleted.
  • Cookie consent choice: stored in your browser indefinitely (we cannot delete entries in your browser) — you can clear it any time through your browser settings.

Your rights

Under UK GDPR you have the right to:

  • Access — ask for a copy of the personal data we hold about you.
  • Rectification — ask us to correct inaccurate or incomplete personal data.
  • Erasure (“right to be forgotten”) — ask us to delete personal data we hold about you, where the legal basis no longer applies.
  • Restriction — ask us to limit how we process your data while a concern is being resolved.
  • Portability — ask for a copy of the personal data you provided to us, in a structured machine-readable format.
  • Objection — object to our processing of your data based on legitimate interests.
  • Withdraw consent — where we rely on consent, you may withdraw it at any time (without affecting processing already carried out).

To exercise any of these rights, contact us at adrian@cms-web.solutions. We will respond within one month.

Complaints

If you have concerns about how we are handling your personal data and we are unable to resolve them with you directly, you have the right to lodge a complaint with the UK Information Commissioner’s Office (ICO), under whom we are registered (registration number ZA408903):

Security

We take reasonable technical and organisational measures to protect personal data against accidental loss, unauthorised access, or disclosure. These include encrypted connections (HTTPS), restricted server access, regular software updates, and limiting who within the business can access personal data. No system is perfectly secure; if a breach affecting your personal data ever occurs, we will notify you and the ICO as required by law.

Changes to this policy

We may update this policy from time to time. The current version is always available at this URL, and the “Last updated” date at the top reflects the most recent change. If we make material changes that affect how we use your personal data, we will notify you by the most appropriate means.

Contact

  • Email: adrian@cms-web.solutions
  • Phone: +44 7814 730093
  • Post: CMS Web Solutions Ltd, 1 Corunna Place, Bridge of Don, Aberdeen AB23 8DA, Scotland