ServicesProcessWhy UsPricingContact
Get a Quote
Syntax Link/Legal

Privacy Policy

Last updated: May 2026

1. Who we are

This Privacy Policy applies to Syntax Link Limited (“Syntax Link”, “we”, “us”, “our”), a private limited company registered in England and Wales (Companies House No. 12533836). Our registered and correspondence address is 4 Blenheim Court, Peppercorn Close, Peterborough, PE1 2DU, United Kingdom.

We can be contacted at hello@syntax-link.co.uk.

We are the data controller for the personal data described in this policy. We are registered with the Information Commissioner's Office (ICO) — our ICO registration number will be provided once registration is complete.

2. What data we collect

We may collect and process the following categories of personal data:

  • Identity data: name, job title, company name.
  • Contact data: email address, telephone number, postal address.
  • Project and commercial data: project briefs, requirements, budget information, and related correspondence.
  • Financial data: invoicing details, payment records. We do not store card numbers — payment processing is handled by Stripe (see sub-processors below).
  • Technical data: IP address, browser type and version, time zone, browser plug-in types, operating system — collected via analytics tools.
  • Usage data: how you use our website, including pages visited, time spent, and referring URLs.
  • Communications data: content of emails, contact form submissions, or other messages you send to us.

We do not knowingly collect special category data or data relating to children under 13.

3. How we collect your data

  • Directly from you via our contact form, email, telephone, or in-person meetings.
  • Automatically via cookies and similar technologies when you visit our website (see our Cookie Policy).
  • From third parties, such as referral partners or publicly available business directories.

4. How we use your data

We process your personal data under the following lawful bases:

  • Contract performance: to provide our services, issue invoices, and manage your project.
  • Legitimate interests: to respond to enquiries, improve our website, and maintain business records — where our interests are not overridden by your rights.
  • Legal obligation: to comply with applicable law including tax, accounting, and anti-money laundering obligations.
  • Consent: to send you marketing communications if you have opted in. You can withdraw consent at any time.

5. Sub-processors and data sharing

We use the following third-party service providers who may process personal data on our behalf:

  • Stripe, Inc. — payment processing (USA; covered by SCCs and Privacy Shield successor frameworks).
  • Vercel, Inc. — website hosting and deployment infrastructure (USA; covered by SCCs).
  • Google LLC — analytics (Google Analytics 4) and email (Google Workspace) (USA; covered by SCCs).
  • Notion Labs, Inc. — internal project management (USA; covered by SCCs).
  • GitHub, Inc. — code hosting and version control (USA; covered by SCCs).

We do not sell your personal data to third parties. We will not share your data with any other organisation for their own marketing purposes.

We may disclose data to law enforcement or regulatory authorities if required by law or to protect our legal rights.

6. International transfers

Some sub-processors operate outside the UK/EEA. Where personal data is transferred internationally, we ensure appropriate safeguards are in place — typically Standard Contractual Clauses (SCCs) approved under UK GDPR.

7. Data retention

  • Client and project records: 7 years from the end of the contract (HMRC requirement).
  • Enquiry / pre-contract data: 2 years from the date of enquiry if no contract is formed.
  • Marketing consent records: until consent is withdrawn, then deleted within 30 days.
  • Website analytics: 26 months (Google Analytics default, reduced to minimum practical).

8. Your rights under UK GDPR

You have the right to:

  • Access your personal data (Subject Access Request).
  • Rectification of inaccurate data.
  • Erasure (“right to be forgotten”) — subject to legal retention obligations.
  • Restriction of processing.
  • Data portability.
  • Object to processing based on legitimate interests.
  • Not be subject to solely automated decision-making.

To exercise any of these rights, contact us at hello@syntax-link.co.uk. We will respond within 30 days.

If you are not satisfied with our response, you have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.

9. Security

We implement appropriate technical and organisational security measures to protect your personal data against accidental loss, destruction, alteration, or unauthorised access. Access to personal data is restricted to authorised personnel on a need-to-know basis.

Despite these measures, no data transmission over the internet is completely secure. If you have reason to believe your interaction with us is no longer secure, please notify us immediately.

10. Cookies

We use cookies and similar tracking technologies on our website. Please refer to our Cookie Policy for full details.

11. Changes to this policy

We may update this Privacy Policy from time to time. The “last updated” date at the top of this page will always reflect the most recent version. Continued use of our website or services constitutes acceptance of the updated policy.