Privacy Policy

Effective Date: 26 June 2025
Reviewed By: Celf Creative Design Ltd

Celf Creative Design Ltd (“we”, “our”, or “us”) is committed to protecting your privacy. This Privacy Policy explains how we collect, use, and safeguard your personal data when you visit our website: https://celfcreative.com (“our site”).

By accessing or using our site, you agree to the practices described in this policy. If you do not agree with any part of this policy, please stop using our site immediately.

1. Who We Are

Company Name: Celf Creative Design Ltd
Company Number: 04050417
Registered Address: 58 Mount Stuart Square, Cardiff Bay, Cardiff, CF10 5LR
VAT Number: 762219337

Contact:

  • Email: [email protected]
  • Phone: 02920 496262
  • Post: 58 Mount Stuart Square, Cardiff Bay, Cardiff, CF10 5LR

2. What This Policy Covers

This Privacy Policy applies solely to your use of our site. Our site may contain links to other websites. We are not responsible for the content, policies, or practices of such third-party websites, and recommend you review their privacy policies before providing any data.

3. Your Rights Under Data Protection Law

As a data subject under UK GDPR and the Data Protection Act 2018, you have the right to:

  • Be informed about the collection and use of your personal data
  • Access the personal data we hold about you
  • Request rectification of inaccurate or incomplete data
  • Request erasure of your personal data (“the right to be forgotten”)
  • Restrict or object to processing in certain circumstances
  • Data portability (receive your data in a commonly used format)
  • Lodge a complaint with the Information Commissioner’s Office (ICO)

For more information, visit www.ico.org.uk.

4. What Personal Data We Collect

Depending on how you interact with us, we may collect:

  • Name
  • Email address
  • IP address
  • Any personal information provided via contact forms or correspondence

We do not intentionally collect sensitive personal data through our site.

5. How We Use Your Data

We only use your data when the law allows us to. Most commonly, we use it to:

  • Respond to your enquiries or correspondence
  • Provide services you’ve requested
  • Send marketing communications (with your consent)
  • Improve and secure our website

Our legal basis for processing may be:

  • Consent (e.g. subscribing to marketing)
  • Contractual necessity
  • Legitimate interests (e.g. security, analytics)
  • Legal obligations

6. Marketing Communications

We may send marketing emails about our services or updates — but only if you’ve opted in. You can withdraw consent or unsubscribe at any time by:

We do not sell or rent your data to third parties for marketing purposes.

7. Data Retention

We keep your personal data only as long as necessary for the purposes set out in this policy. This generally means:

  • Clients: We may retain records for up to 7 years from last interaction, for service continuity
  • Enquiries (no engagement): Retained for 12 months
  • Newsletter subscribers: Until you unsubscribe

We review and securely dispose of data no longer required.

8. Data Storage and Security

We store data securely within the UK. We implement appropriate technical and organisational measures to protect your information, including:

  • Role-based access control
  • Secure infrastructure and encrypted storage
  • Encrypted email and document handling
  • Regular security reviews and staff training

9. Sharing Your Data

We only share personal data:

  • When required by law or court order
  • With service providers acting on our behalf (e.g. email platforms, cloud hosting)
  • Under confidentiality and data processing agreements

Where our clients operate in regulated healthcare environments (such as the United States), we support their compliance with relevant laws including the Health Insurance Portability and Accountability Act (HIPAA). We are mindful of the privacy, confidentiality, and technical safeguards our clients may require. Where applicable, we follow industry best practices for data security and collaborate with clients who are responsible for any regulatory obligations under US healthcare law.

We never sell your data.

10. International Data Transfers

We store and process all data in the UK. Where international transfers are necessary (e.g. third-party services), we ensure appropriate safeguards such as standard contractual clauses (SCCs) are in place.

11. Your Control Over Your Data

You may:

  • Access and update your data at any time
  • Withdraw consent (where consent is the lawful basis)
  • Opt out of marketing
  • Request deletion or restrict processing

To exercise your rights, contact [email protected] or write to our address (see Section 1).

12. Cookies

What are cookies?

Cookies are small text files placed on your device when you visit our site. They help us provide a better experience and analyse how our site is used.

Types of cookies we use:

  • Functional cookies: Ensure website functionality (e.g., spam filters on contact forms)
  • Analytical cookies: Help us understand usage patterns (e.g. browser type, time on site). Data is anonymised.

You can manage your cookie preferences via your browser settings or the cookie banner.

13. Accessing Your Data

You have the right to request a copy of the personal data we hold about you. To make a data subject access request (DSAR), contact us via:

We will respond within 30 days in accordance with data protection law.

14. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in law or practice. Updates will be posted on this page and the date of the latest revision will be shown at the top.

Wish to discuss your next project?
Get in touch...