Last updated: 29 November 2025

Privacy Policy

This Privacy Policy explains how Sobota Limited (“we”, “us”, “our”) collects, uses, and protects personal data when you visit our website, communicate with us, or use our services.

We are committed to handling personal data lawfully, transparently, and securely in accordance with the General Data Protection Regulation (GDPR), the UK GDPR, and other applicable data-protection laws.

If you have questions, you can contact us at: nick@sobota.design

1. What Personal Data We Collect

We only collect information that is necessary, relevant, and proportionate.

1.1. Data you provide voluntarily

  • Name
  • Email address
  • Company name
  • Project details or messages submitted through forms
  • Billing information (if you become a client)

1.2. Data collected automatically

  • IP address
  • Browser type and version
  • Device information
  • Usage data (pages viewed, time spent, referring URL)
  • Cookies (essential, analytics – only if consented)

1.3. Third-party data

We may receive limited data from:

  • Payment providers (e.g., Stripe)
  • Analytics platforms (if you consent)
  • Project management or communication tools you choose to use

We do not purchase or trade personal data.

2. How We Use Personal Data

We process data only when we have a lawful basis.

We use your data to:

  • Communicate with you
  • Respond to enquiries
  • Provide proposals, services, or project updates
  • Improve our website
  • Maintain business records and comply with legal obligations
  • Conduct minimal analytics (only if you consent)

We will never:

  • Sell your data
  • Share your data with advertisers
  • Use your data for automated decision-making or profiling

3. Legal Basis for Processing (GDPR Article 6)

We rely on:

  • Contractual necessity – when we discuss or deliver work
  • Consent – for analytics, cookies, or newsletters
  • Legitimate interests – business operations, security, fraud prevention
  • Legal obligation – accounting, tax, regulatory requirements

Where consent is used, you may withdraw it at any time.

4. Cookies & Tracking Technologies

We use minimal cookies.

Essential cookies

Required for site functionality. Cannot be disabled.

Analytics cookies (optional)

Used to understand how visitors use the site.
These load only if you consent.

You can manage or revoke consent at any time via your browser settings or our on-site cookie banner.

5. How Long We Keep Data (Retention)

We retain personal data only for as long as necessary, following GDPR principles.

  • Enquiry messages: 12 months
  • Client project data: 7 years (legal/accounting requirement)
  • Analytics data: up to 26 months (if consented)
  • Cookie preferences: 6–12 months

When data is no longer needed, we securely delete or anonymise it.

6. How We Share Data

We share data only with trusted third parties who help us operate our business. These include:

  • Email service providers
  • Cloud storage and hosting providers
  • Analytics providers (optional)
  • Payment processors
  • Legal and accounting advisers

All processors act under written agreements, follow GDPR rules, and cannot use your data for their own purposes.

We never sell or trade personal data.

7. International Data Transfers

Some service providers may be located outside the UK/EU.

Where this occurs, we ensure safeguards such as:

  • EU Standard Contractual Clauses (SCCs)
  • UK International Data Transfer Addendum
  • Providers certified under approved frameworks

We only work with vendors that meet GDPR-level standards.

8. Your Rights Under GDPR

You have the right to:

  • Access your personal data
  • Correct inaccurate data
  • Request deletion (“right to be forgotten”)
  • Restrict processing
  • Object to processing
  • Withdraw consent at any time
  • Receive your data in a portable format
  • Lodge a complaint with a supervisory authority (ICO in the UK or your local EU DPA)

To exercise any right, email: hello@sobota.design

We respond within 30 days.

9. Security

We use appropriate technical and organisational measures to protect personal data, including:

  • Encrypted storage
  • Limited access controls
  • Secure hosting
  • Regular updates and security checks
  • Use of GDPR-compliant vendors

No online system is 100% secure, but we take reasonable steps to minimise risk.

10. Third-Party Links

Our website may contain links to external sites.
We are not responsible for the privacy practices of those websites.

11. Children

Our website and services are not intended for children under 16.
We do not knowingly collect data from minors.

12. Updates to This Policy

We may update this Privacy Policy to reflect changes in law or business practices.
The “Last Updated” date will always show the current version.

13. Contact Us

If you have questions or concerns, email:
hello@sobota.design

Sobota®

Harnessing Vision, Unleashing Change since 2022.

Terms & ConditionsPrivacy Policy