Last Updated: 29 December 2025
Website: shmowebsites.com
Business email: [email protected]
Business phone: +44 7508 199860
This Privacy Policy explains how Shmo Websites ("we", "us", "our") collects, uses, shares, stores, and protects personal information when you visit shmowebsites.com, contact us, request a consultation/meeting, or use our website design, development, redesign, management, maintenance, and related services.
We primarily operate under UK law but also serve customers in the EU/EEA and the United States. This policy is written to align with the UK GDPR and Data Protection Act 2018, the EU GDPR where it applies, and relevant US privacy requirements where applicable.
For most personal data described in this policy, Shmo Websites is the data controller (we decide how and why your personal data is processed).
We do not publish a business address on our website. If a regulator or lawful process requires a service address, we will provide it through appropriate channels.
We collect full names, phone numbers, emails, and meeting/project details so we can manually arrange a consultation and provide web services.
We do not use third-party automated booking tools; meetings are arranged via email/phone.
We do not sell your personal data.
We share data only with service providers who help us run our business (e.g., email, hosting, security, invoicing), and only as needed.
You have rights over your data (access, deletion, correction, objection, etc.), which you can exercise by emailing us.
We collect information in three ways: (A) you give it to us, (B) we collect it automatically, and (C) we get it from third parties (limited).
Because we arrange consultations manually, we may request and process:
This may include any details you provide to help us understand and quote your project, such as:
When you communicate with us by email, phone, website form, or social media:
Call recording: We will only record calls if we clearly inform you (where lawful) and explain why.
If you engage us for services, we may process:
If you purchase services, we may collect:
Card details: typically handled by payment processors; we do not intentionally store full card details on our own systems.
To build/manage a website, you may provide credentials or grant access to:
When you visit our website, we may automatically collect:
IP address, device type and identifiers
Browser type/version, operating system
Approximate location (city/region from IP)
Pages visited, time spent, clicks, referrals
Date/time stamps
Security and server logs (including error logs)
We may use cookies and similar technologies to make the site work and (if enabled) for analytics/marketing. See Section 11.
We do not intentionally collect sensitive data (e.g., health, religion, biometrics). Please avoid sending it unless we explicitly request it and a lawful basis applies.
Our services are not aimed at children, and we do not knowingly collect children's personal data.
We process personal data for the following purposes:
To respond to your enquiry, confirm your identity/contact details, manually arrange and confirm a consultation/meeting, and send meeting-related communications and reasonable follow-ups.
To understand requirements, prepare estimates and proposals, and assess feasibility, timelines, and scope.
To design, develop, redesign, manage, host (if offered), maintain, and support websites. To implement requested features, integrations, and content updates, and provide troubleshooting and support.
To manage records, workflow, quality control, training, and internal reporting. To protect our business from fraud, abuse, and security risks.
To send updates or offers where permitted by law (and where you can opt out). To measure interest in our services (where appropriate).
To meet legal obligations (accounting/tax), enforce agreements, and defend legal claims.
We rely on one or more of the following legal bases depending on the situation:
If you do not provide the information needed to contact you (typically full name, email address, and phone number) and enough context to schedule a meeting, we may be unable to:
We do not buy bulk personal data lists for outreach.
We do not sell your personal data.
We share data only when necessary and typically with:
We use Outlook for business email. This means messages you send us and our replies may be processed and stored in Microsoft's email infrastructure, subject to their security and data handling practices.
To operate our website and deliver services, we may use providers such as:
If you pay for services, payments may be processed by a third-party payment provider; invoicing/accounting may involve third-party systems.
Accountants, solicitors, insurers, consultants (only as needed).
We may disclose information if required by law, court order, or to protect rights, safety, and security.
If we merge, sell, or restructure, data may be transferred as part of the transaction with appropriate safeguards.
Vendor standards: Where required, we use contracts and confidentiality obligations to protect personal data and restrict processing to our instructions.
Because we serve EU/US customers and may use providers with global infrastructure, your data may be transferred and stored internationally.
Where laws restrict transfers (e.g., UK/EU personal data going outside the UK/EEA), we use appropriate safeguards such as:
We keep personal data only as long as needed for the purposes described, then delete or anonymise it.
If a dispute arises, we may retain relevant information for longer while the matter is ongoing.
Our website uses cookies and similar tracking technologies. A cookie is a small text file stored on your device that helps us provide and improve our services.
Cookie Consent: When you first visit our website, you'll see a cookie banner asking for your consent. We will not use non-essential cookies unless you accept them. You can change your preferences at any time by clicking the "Cookie Settings" button in our website footer, which allows you to review and update your cookie choices.
These cookies are essential for the website to function properly. They enable core functionality such as security, network management, and accessibility. You cannot opt-out of these cookies.
Examples: Session management, security tokens, cookie consent preferences, abuse prevention.
These cookies help us understand how visitors interact with our website by collecting and reporting information anonymously. This helps us improve our website and services.
Examples: Google Analytics, visitor statistics, page views, traffic sources, user behaviour patterns.
Duration: Up to 24 months
These cookies track your online activity to help advertisers deliver more relevant advertising or to limit how many times you see an ad. We may share this information with third parties.
Examples: Facebook Pixel, Google Ads, retargeting cookies, conversion tracking.
Duration: Up to 12 months
These cookies enable enhanced functionality and personalization, such as remembering your preferences, language settings, or previous interactions.
Examples: Language preferences, accessibility settings, saved form data.
Duration: Up to 12 months
Some cookies may be set by third-party services that appear on our pages. We do not control these cookies. You should check the third-party websites for more information about these cookies.
You have several options to manage or disable cookies:
Accept or reject non-essential cookies when you first visit our site. You can change your preferences at any time by clicking the "Cookie Settings" link in our website footer.
Most browsers allow you to control cookies through their settings:
You can opt out of interest-based advertising via:
Please note: Disabling all cookies may affect your ability to use certain features of our website. Strictly necessary cookies will still be used to ensure the site functions properly.
We use reasonable technical and organisational measures to protect personal data, which may include:
Secure data transmission for our website
Least-privilege permissions
Where available for added security
If used for data protection
Abuse and threat detection
Confidentiality requirements
No method of transmission/storage is completely secure, but we work to protect your information.
In the unlikely event of a data breach that poses a risk to your rights and freedoms, we will:
Report the breach to the ICO (Information Commissioner's Office) within 72 hours of becoming aware of it, as required by UK GDPR and EU GDPR.
Contact you directly without undue delay if the breach is likely to result in a high risk to your rights and freedoms. We'll use the email address or phone number you've provided.
Explain what happened, what data was affected, the potential consequences, and the measures we've taken or plan to take to address the breach and minimize harm.
Advise you on steps you can take to protect yourself, such as changing passwords, monitoring accounts, or being alert for phishing attempts.
Our Commitment: We take data security seriously and maintain incident response procedures to handle any potential breaches swiftly and transparently. You will be kept informed throughout the process.
Depending on your location and applicable law, you may have rights to:
Request a copy of data we hold
Update or fix incorrect information
Request erasure in certain circumstances
Limit how we use your data
Especially marketing and some legitimate interests
Receive data in portable format (where applicable)
Where processing is based on consent
Email [email protected] with "Privacy Request" and describe what you want. We may ask for verification to protect your data.
We encourage you to contact us first so we can try to resolve concerns quickly.
If you are a resident of certain US states (e.g., California, Colorado, Connecticut, Virginia, Utah, etc.), you may have additional rights depending on whether the law applies to our business based on legal thresholds.
We do not sell personal information. If we ever engage in "sharing" for cross-context behavioural advertising, we will provide an opt-out mechanism where required.
Email [email protected] with "US Privacy Request".
Human Review Only: We do not use automated decision-making or profiling that produces legal or similarly significant effects. All quotes, consultations, and business decisions are made manually by our team members.
When you submit an enquiry or request a quote:
This ensures personalized service and gives you the opportunity to discuss your needs directly with our team.
Age Restriction: Our services are intended for business use and individuals aged 16 or older (13 or older in some jurisdictions). We do not knowingly collect personal information from children under these age limits.
If you believe we have inadvertently collected information from a child:
Email us at [email protected] with the subject line "Child Privacy Concern" and we will:
Parents and Guardians: If you believe your child has provided us with personal information without your consent, please contact us as outlined above.
Our website may link to third-party websites (e.g., client sites, tools). Their privacy practices are their own. Review their policies before submitting personal data to them.
When we build or manage a website for a client:
We may update this policy to reflect legal, operational, or technology changes. Updates will be posted on this page with a new "Last updated" date.
If you have any questions, concerns, or requests regarding this Privacy Policy, please contact us:
We aim to respond to all privacy-related inquiries within 30 days. For urgent matters, please call us directly.
If you are located in the UK or EEA and have concerns about how we process your personal data, you have the right to lodge a complaint with your local data protection authority:
UK: Information Commissioner's Office (ICO)
Website:
ico.org.uk
Phone: 0303 123 1113
Thank you for taking the time to read our Privacy Policy. Your privacy and trust are important to us.