Privacy Policy

Last Updated: June 4, 2025

Who we are

Our website address is: https://pk4design.co.uk. Pk4design.co.uk is operated by PK4 Design, with contact email: [email protected]. We are the Data Controller responsible for the personal data collected through this website.

Our Commitment to Your Privacy

At pk4design.co.uk, we are committed to protecting your privacy and personal data. This Privacy Policy explains how we collect, use, store, and share your personal data, and outlines your rights under the General Data Protection Regulation (GDPR) and other applicable data protection laws.

1. Data We Collect and Why We Collect It (Purpose and Legal Basis)

We collect different types of personal data for specific purposes, each with a defined legal basis under GDPR:

  • Comments
    • Data Collected: When visitors leave comments on the site, we collect the data shown in the comments form (your name, email address, website, and comment content), as well as your IP address and browser user agent string.
    • Purpose: This data is collected to:
      • Display your comment on the website.
      • Help us detect and prevent spam.
      • Legal Basis:
        • For displaying your comment: Consent, which you provide by submitting your comment.
        • For spam detection and website security: Our legitimate interest in protecting our website from malicious activity and maintaining its integrity.
      • Gravatar Service: An anonymized string created from your email address (also called a hash) may be provided to the Gravatar service to see if you are using it. The Gravatar service privacy policy is available here: https://automattic.com/privacy/. After approval of your comment, your profile picture from Gravatar is visible to the public in the context of your comment. This sharing is based on our legitimate interest in enhancing user experience by displaying profile pictures, and your consent to use Gravatar if you have linked your email to their service.
  • Media
    • Data Collected: If you upload images to the website, these images may contain embedded location data (EXIF GPS).
    • Purpose: For displaying the image on the website.
    • Important Note: Visitors to the website can download and extract any location data from images on the website. We advise against uploading images with embedded location data if you are concerned about this. We do not actively process or use this location data.
    • Legal Basis: Your consent by uploading the image.
  • Cookies
    • Data Collected: Cookies are small text files placed on your device. We use cookies for various purposes:
      • Comment Cookies: If you leave a comment on our site, you may opt-in to saving your name, email address, and website in cookies for your convenience. These cookies are set for one year.
      • Login Cookies: If you visit our login page, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser. When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.
      • Article Editing/Publishing Cookies: If you edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 1 day.
    • Purpose: To enhance your user experience, remember your preferences, and facilitate website functionality.
    • Legal Basis:
      • For cookies that are strictly necessary for the website’s basic functionality (e.g., temporary login cookie): Our legitimate interest in providing a functional website.
      • For preference and convenience cookies (e.g., comment saving, “Remember Me” for login): Your explicit consent, which you provide via our cookie consent banner. You have the right to withdraw this consent at any time.
  • Embedded content from other websites
    • Data Collected: Articles on this site may include embedded content (e.g., videos, images, articles, etc.) from other websites.
    • Purpose: To provide richer content and integrate relevant external resources.
    • Important Note: Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website directly. These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracking your interaction with the embedded content if you have an account and are logged in to that website. We have no control over the data collected by these third-party websites. Please refer to their respective privacy policies for details.
    • Legal Basis: Our legitimate interest in providing comprehensive and engaging content, and your consent to load such content if required by specific third-party providers.
  • Password Reset Requests
    • Data Collected: If you request a password reset, your IP address will be included in the reset email.
    • Purpose: To enhance security and prevent fraudulent password reset attempts.
    • Legal Basis: Our legitimate interest in maintaining the security of user accounts and preventing unauthorised access.
  • User Registration Data (if applicable)
    • Data Collected: For users that register on our website (if registration is enabled), we store the personal information they provide in their user profile. This typically includes username, email address, and any other information you choose to provide in your profile.
    • Purpose: To create and manage your user account, allow you to access specific website features (e.g., leaving comments without re-entering details, publishing articles), and provide administrative support.
    • Legal Basis:
      • Contractual necessity to provide you with the services associated with a user account.
      • Your consent for any optional profile information you choose to provide.

2. Who we share your data with

We only share your data with third parties when necessary for the purposes outlined above, or when legally required. These third parties include:

  • Gravatar Service: As described in the “Comments” section, for displaying profile pictures.
  • Automated Spam Detection Service: Visitor comments may be checked through an automated spam detection service (e.g., Akismet). This service receives the comment content, commenter’s name, email, IP address, and user agent string.
    • Purpose: To protect our website from spam.
    • Legal Basis: Our legitimate interest in maintaining website security and usability.
  • Other Third-Party Service Providers (e.g., hosting, analytics): We may use other third-party service providers to help us operate our website and provide our services. These providers may have access to personal data only as necessary to perform their functions and are obligated to maintain the confidentiality and security of your data. We ensure that any such third parties are GDPR compliant or provide adequate safeguards.
  • Legal and Regulatory Authorities: We may disclose your personal data if required to do so by law or in response to valid requests by public authorities (e.g., a court or government agency).
    • Legal Basis: Legal obligation.

3. International Data Transfers

Some of our third-party service providers (e.g., Gravatar, potentially Google Analytics if servers are outside the UK/EEA) may process data outside of the UK or European Economic Area (EEA).

When such transfers occur, we ensure that appropriate safeguards are in place to protect your personal data, in line with GDPR requirements. These safeguards may include:

  • Adequacy Decisions: Transfers to countries deemed by the European Commission or the UK government to provide an adequate level of data protection.
  • Standard Contractual Clauses (SCCs): We use specific contracts approved by the European Commission or the UK Information Commissioner’s Office (ICO) that impose data protection obligations on the recipient of the data.
  • Binding Corporate Rules (BCRs): For transfers within a group of companies.

By using our website, you acknowledge that your data may be transferred to and processed in these countries.

4. How long we retain your data

We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, including for the purposes of satisfying any legal, accounting, or reporting requirements.

  • Comments: If you leave a comment, the comment and its metadata are retained indefinitely. This is so we can recognize and approve any follow-up comments automatically instead of holding them in a moderation queue.
  • Registered User Data: For users that register on our website, we store the personal information they provide in their user profile for as long as their account is active. If an account remains inactive for 1 year, we may send a reminder and subsequently delete the account and associated personal data if no action is taken.
  • Cookies: Retention periods for cookies are detailed in the “Cookies” section above.
  • Other Data: Data collected for specific, one-off purposes (e.g., password reset requests) will be retained only for the period necessary to complete that purpose and for a reasonable period thereafter for security and audit logs.

5. How We Protect Your Data

We implement appropriate technical and organisational measures to protect your personal data from unauthorised access, alteration, disclosure, or destruction. These measures include:

  • SSL/TLS encryption for data in transit (indicated by “https://” in our website address).
  • Regular security updates and patches for our website software and plugins.
  • Access controls to personal data for authorised personnel only.
  • Regular backups of our website data.

While we strive to protect your personal data, no method of transmission over the Internet or method of electronic storage is 100% secure. Therefore, we cannot guarantee its absolute security.

6. What rights you have over your data

Under GDPR, you have the following rights regarding your personal data:

  • The Right to be Informed: You have the right to be informed about the collection and use of your personal data. This Privacy Policy serves to fulfil that right.
  • The Right to Access (Article 15 GDPR): You have the right to request a copy of the personal data we hold about you.
  • The Right to Rectification (Article 16 GDPR): You have the right to request that we correct any information you believe is inaccurate or complete information you believe is incomplete.
  • The Right to Erasure (“Right to be Forgotten”) (Article 17 GDPR): You have the right to request that we erase your personal data, under certain conditions. This does not include any data we are obliged to keep for administrative, legal, or security purposes.
  • The Right to Restrict Processing (Article 18 GDPR): You have the right to request that we restrict the processing of your personal data, under certain conditions.
  • The Right to Data Portability (Article 20 GDPR): You have the right to request that we transfer the data that we have collected to another organisation, or directly to you, under certain conditions.
  • The Right to Object (Article 21 GDPR): You have the right to object to our processing of your personal data, under certain conditions, particularly where the processing is based on legitimate interests or for direct marketing purposes.
  • Rights in relation to automated decision-making and profiling (Article 22 GDPR): You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. (Note: We do not currently use automated decision-making or profiling that produces legal effects.)

How to Exercise Your Rights:

To exercise any of these rights, please contact us at: [email protected]. We will respond to your request within one month. We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it.

7. Where your data is sent

As mentioned above, visitor comments may be checked through an automated spam detection service. We also use third-party service providers for website hosting and other operational needs. Your data is sent to these processors only when necessary for the provision of our services, and always under strict data protection agreements.

8. Changes to this Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or for other operational, legal, or regulatory reasons. We will notify you of any significant changes by posting the new Privacy Policy on this page and updating the “Last Updated” date at the top. We encourage you to review this Privacy Policy periodically.

9. How to Contact Us

If you have any questions about this Privacy Policy, our data practices, or if you wish to exercise any of your rights, please contact us:

Email: [email protected]

10. Right to Lodge a Complaint

If you are not satisfied with our response or believe we are processing your personal data unlawfully, you have the right to lodge a complaint with the relevant supervisory authority. In the UK, this is the Information Commissioner’s Office (ICO):

Information Commissioner’s Office (ICO) Wycliffe House Water Lane Wilmslow Cheshire SK9 5AF Helpline number: 0303 123 1113 ICO website: https://www.ico.org.uk