Privacy Policy | We Evolve

Created 5th November 2025

Introduction and Scope

We Evolve is a small company operating in the service sector with no direct employees. We Evolve is committed to protecting the privacy and personal data of our website visitors.
This Privacy Policy explains how We Evolve collects, uses, stores, and protects personal information obtained through our website located at weevolve.uk.com.
We are committed to compliance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
This policy applies to all personal data processing activities conducted by We Evolve in connection with our website and related services.
By using our website, you acknowledge that you have read and understood this Privacy Policy and how we process your personal information.
We Evolve founder, Esther Hall acts as the data controller for all personal data collected through our website and related business activities.

Terms
1. Company means We Evolve, a company operating in service sector with its principal place of business at Greenacres, Main Street, Sawdon, Scarborough YO13 9DY.
2. Data Controller means the natural or legal person which determines the purposes and means of the processing of personal data, being We Evolve in relation to this Privacy Policy.
3. Data Processor means a natural or legal person who processes personal data on behalf of the Data Controller.
4. Data Subject means any identified or identifiable natural person whose personal data is processed by us.
5. Personal Data means any information relating to an identified or identifiable natural person as defined under UK GDPR.
6. Processing means any operation performed on personal data, including collection, recording, organisation, structuring, storage, adaptation, retrieval, consultation, use, disclosure, dissemination, restriction, erasure or destruction.
7. Website means the website operated by We Evolve at weevolve.uk.com and any associated subdomains.
8. Cookies means small text files placed on your device by our Website to store certain information about your preferences and actions.
9. Third Parties means any natural or legal person other than the Data Subject, the Data Controller, the Data Processor and persons authorised to process personal data.
10. UK GDPR means the General Data Protection Regulation as it forms part of the law of England and Wales by virtue of section 3 of the European Union (Withdrawal) Act 2018.
11. Consent means any freely given, specific, informed and unambiguous indication of the Data Subject's wishes by which they signify agreement to the processing of personal data.
12. Legal Basis means the lawful ground for processing personal data as set out in Article 6 of UK GDPR.

Information We Collect
1. We collect Personal Data that you provide to us directly when you interact with our Website, including when you:
  1. Submit a contact form or inquiry, providing information such as your name, email address, phone number, and message content;
  2. Sign up for our newsletter or marketing communications, providing your email address and any optional information you choose to share;
  3. Create an account or register for our services, providing registration details as required;
  4. Participate in surveys, feedback forms, or other interactive features on our Website.
2. We automatically collect certain information when you visit our Website, including:
  1. Technical information such as your IP address, browser type and version, operating system, and device information;
  2. Usage information including pages visited, time spent on pages, click-through rates, and navigation patterns;
  3. Referral information showing which website or search engine directed you to our Website.
3. We use Cookies and similar tracking technologies to collect information about your browsing behavior and preferences, including:
  1. Essential cookies necessary for Website functionality and security;
  2. Analytics cookies to understand how visitors use our Website and improve user experience;
  3. Marketing cookies to deliver relevant advertisements and measure campaign effectiveness.
4. We may collect additional Personal Data from publicly available sources or Third Parties where necessary for our legitimate business interests and in accordance with applicable data protection laws.
5. We do not intentionally collect Personal Data from children under the age of 13, and our Website is not directed at children under this age.

How We Use Your Information
1. We process your Personal Data for various purposes based on different Legal Basis under UK GDPR, as detailed in the following clauses.
2. Communication and Customer Service: We use your Personal Data to respond to your inquiries, provide customer support, and communicate with you regarding our services.
  1. When you submit a contact form, we use your name and email address to respond to your inquiry.
  2. We may use your contact details to follow up on customer service requests or feedback.
3. Marketing and Promotional Activities: Subject to obtaining appropriate Consent or relying on legitimate interests, we use your Personal Data for marketing purposes.
  1. We use email addresses to send newsletters, updates about our services, and promotional materials.
  2. We may contact you about products or services that may be of interest to you, where permitted by law.
4. Website Functionality and Improvement: We use Personal Data to operate, maintain, and improve our Website and user experience.
  1. We use IP addresses and browser information to analyse website traffic and usage patterns.
  2. We process technical data to ensure Website security and prevent fraud or unauthorized access.
  3. We use Cookies and similar technologies to enhance website functionality and user experience.
5. Legal Compliance and Business Operations: We process Personal Data to comply with legal obligations and conduct legitimate business activities.
  1. We may process data to comply with legal requirements, court orders, or regulatory requests.
  2. We use Personal Data for internal record keeping and administrative purposes.
  3. We may process data to establish, exercise, or defend legal claims.
6. Consent Basis: Where we rely on your Consent as the Legal Basis for Processing, you have the right to withdraw such consent at any time.
7. Legitimate Interests: Where we rely on legitimate interests as our Legal Basis, we have assessed that our interests do not override your fundamental rights and freedoms.

Legal Basis for Processing
1. We process Personal Data only where we have a valid Legal Basis under UK GDPR Article 6.
2. Consent - We rely on your explicit Consent when:
  1. You subscribe to our newsletter or marketing communications.
  2. You submit contact forms requesting information about our services.
  3. You agree to non-essential Cookies through our cookie banner.
3. Legitimate Interests - We rely on our legitimate business interests when:
  1. Analysing Website traffic and user behaviour to improve our services and Website functionality.
  2. Preventing fraud, security threats, and ensuring Website security.
  3. Responding to general inquiries and providing customer support.
  4. Maintaining business records and conducting internal administration.
4. Contract - We process Personal Data to perform contractual obligations when:
  1. You engage our services and we need to fulfil our contractual duties.
  2. Processing is necessary for pre-contractual steps at your request.
5. Legal Obligation - We process Personal Data to comply with legal requirements including:
  1. Responding to lawful requests from public authorities.
  2. Compliance with accounting and tax obligations.
  3. Compliance with court orders or legal proceedings.
6. Where we rely on Legitimate Interests, we have conducted balancing tests to ensure our interests do not override your fundamental rights and freedoms.
7. You have the right to withdraw Consent at any time where Processing is based on Consent, without affecting the lawfulness of Processing based on Consent before its withdrawal.

Data Sharing and Third Parties
1. We Evolve does not sell, rent, or trade your Personal Data to third parties for their own marketing purposes.
2. We may share your Personal Data with Third Parties in the following circumstances:
  1. Service Providers: We engage third-party service providers to support our Website operations and business activities, including web hosting services, email marketing platforms, analytics providers, and payment processors.
  2. Legal Compliance: We may disclose your Personal Data when required by law, court order, or government regulation, or to protect our legal rights and interests.
  3. Business Transfers: In the event of a merger, acquisition, or sale of all or part of our business, your Personal Data may be transferred to the acquiring entity.
3. All Third Parties with whom we share Personal Data are required to:
  1. Process your Personal Data only for the specified purposes and in accordance with our instructions.
  2. Implement appropriate technical and organisational security measures to protect your Personal Data.
  3. Enter into written data processing agreements that comply with UK GDPR requirements.
4. Examples of Third Parties we may work with include:
  1. Website hosting providers such as AWS or similar cloud services.
  2. Email marketing services such as Mailchimp or Constant Contact.
  3. Analytics services such as Google Analytics for website performance monitoring.
  4. Payment processors such as Stripe or PayPal for transaction processing.
5. We ensure that any international transfers of Personal Data are conducted in accordance with UK GDPR requirements, including the use of adequacy decisions or appropriate safeguards such as Standard Contractual Clauses.
6. You have the right to object to certain types of data sharing and may withdraw your Consent where it serves as the Legal Basis for sharing your Personal Data.

Data Security Measures
1. We implement appropriate technical and organisational measures to protect your Personal Data against unauthorised access, alteration, disclosure, or destruction in accordance with UK GDPR requirements.
2. Technical Security Measures include:
  1. SSL encryption technology to secure data transmission between your browser and our Website.
  2. Secure server infrastructure with regular security updates and patches.
  3. Firewall protection and intrusion detection systems.
  4. Regular automated backups of data stored on secure, encrypted servers.
3. Organisational Security Measures include:
  1. Strict access controls limiting access to Personal Data on a need-to-know basis.
  2. Regular training on data protection principles and security procedures.
  3. Confidentiality agreements for all contractors with access to Personal Data.
  4. Clear procedures for handling and storing Personal Data.
4. We conduct regular security assessments and reviews to identify and address potential vulnerabilities in our systems and processes.
5. In the event of a personal data breach, we will notify the Information Commissioner's Office and affected individuals in accordance with UK GDPR requirements where legally required to do so.
6. While we implement robust security measures, no method of electronic transmission or storage is completely secure, and we cannot guarantee absolute security of your Personal Data.

Data Retention
1. The Company retains Personal Data only for as long as necessary to fulfil the purposes for which it was collected, unless a longer retention period is required or permitted by law.
2. We apply the following retention periods for different categories of Personal Data:
  1. Contact form inquiries and customer communications: retained for 3 years from the date of last contact to maintain business records and respond to follow-up inquiries.
  2. Newsletter subscribers: retained until the Data Subject withdraws Consent or until 2 years of inactivity, whichever occurs first.
  3. Website analytics data and Cookies: retained for a maximum of 26 months in accordance with standard analytics practices.
  4. Technical logs and security data: retained for 12 months for system maintenance and security purposes.
3. The Company determines appropriate retention periods based on:
  1. The nature and sensitivity of the Personal Data.
  2. The potential risk of harm from unauthorised use or disclosure.
  3. The purposes for which we Process the Personal Data and whether we can achieve those purposes through other means.
  4. Legal, regulatory, tax, accounting or other requirements that mandate retention of certain records.
4. Upon expiry of the applicable retention period, Personal Data will be securely deleted or anonymised unless retention is required by law.
5. The Company conducts periodic reviews of retained Personal Data to ensure compliance with these retention periods and to identify data eligible for deletion.
6. Where Personal Data is retained for legal compliance purposes beyond the standard retention periods, such data will be stored separately and access will be restricted to authorised personnel only.

Your Rights Under UK GDPR
1. As a Data Subject, you have the following rights under the UK GDPR regarding your Personal Data:
  1. Right of Access - You have the right to request confirmation of whether we are Processing your Personal Data and, if so, to obtain a copy of that data and information about how it is being processed.
  2. Right to Rectification - You have the right to request correction of inaccurate Personal Data and to have incomplete Personal Data completed.
  3. Right to Erasure - You have the right to request deletion of your Personal Data in certain circumstances, including where the data is no longer necessary for the original purpose or where you withdraw Consent.
  4. Right to Restrict Processing - You have the right to request restriction of Processing in certain circumstances, such as when you contest the accuracy of the data or object to Processing.
  5. Right to Data Portability - Where Processing is based on Consent or contract and carried out by automated means, you have the right to receive your Personal Data in a structured, commonly used format and to transmit it to another Data Controller.
  6. Right to Object - You have the right to object to Processing based on legitimate interests, direct marketing, or Processing for research purposes.
  7. Rights Related to Automated Decision-Making - You have the right not to be subject to decisions based solely on automated Processing, including profiling, which produce legal effects or significantly affect you.
2. Exercising Your Rights:
  1. To exercise any of these rights, please contact us using the details provided in section 13 of this Privacy Policy.
  2. We will respond to your request within one month of receipt, though this may be extended by two months for complex requests.
  3. We may request additional information to verify your identity before processing your request.
  4. In most cases, exercising your rights will be free of charge, though we may charge a reasonable fee for excessive or repetitive requests.
3. Withdrawal of Consent:
  1. Where Processing is based on your Consent, you have the right to withdraw that Consent at any time.
  2. Withdrawal of Consent will not affect the lawfulness of Processing carried out before withdrawal.
4. Right to Complain:
  1. You have the right to lodge a complaint with the Information Commissioner's Office (ICO) if you believe your data protection rights have been breached.
  2. You can contact the ICO at ico.org.uk or by telephone on 0303 123 1113.

Cookies and Tracking Technologies
1. Cookies are small text files that are placed on your device when you visit our Website. We use Cookies to enhance your browsing experience, analyse website traffic, and provide personalized content.
2. We use the following types of Cookies on our Website:
  1. Essential Cookies: Necessary for the Website to function properly, including security features and basic functionality.
  2. Analytics Cookies: Used to collect information about how visitors use our Website, including pages visited, time spent, and traffic sources.
  3. Functional Cookies: Enable enhanced functionality and personalization, such as remembering your preferences and settings.
  4. Marketing Cookies: Used to track visitors across websites to display relevant advertisements and measure campaign effectiveness.
3. Our Cookies may be:
  1. Session Cookies: Temporary cookies that expire when you close your browser.
  2. Persistent Cookies: Cookies that remain on your device for a predetermined period or until manually deleted.
4. We may use Third Party services that place their own Cookies on your device, including Google Analytics, social media platforms, and advertising networks.
5. You can control and manage Cookies through:
  1. Your browser settings to accept, reject, or delete Cookies.
  2. Our cookie consent banner displayed when you first visit our Website.
  3. Adjusting your preferences through third-party opt-out mechanisms where available.
6. Disabling certain Cookies may affect the functionality and performance of our Website.
7. For more information about Cookies and how to manage them, visit www.allaboutcookies.org or www.youronlinechoices.eu.

International Data Transfers
1. We may transfer your Personal Data to countries outside the United Kingdom where our Third Parties or service providers are located.
2. Where we transfer Personal Data to a country outside the UK, we will ensure that such transfers are made in accordance with UK GDPR requirements and one of the following safeguards applies:
  1. The transfer is to a country that has been granted an adequacy decision by the UK Government, meaning it provides an adequate level of data protection.
  2. We have implemented appropriate safeguards such as Standard Contractual Clauses approved by the UK Government or binding corporate rules.
  3. The transfer is necessary for the performance of a contract between us and you, or for pre-contractual measures taken at your request.
3. Countries with adequacy decisions currently include members of the European Economic Area, and we may transfer data to service providers located in these jurisdictions.
4. Where we use Third Parties that may transfer data internationally, such as website analytics providers, email marketing platforms, or cloud storage services, we ensure they provide adequate safeguards for your Personal Data.
5. You have the right to request information about the safeguards we have in place for international transfers of your Personal Data by contacting us using the details provided in this Privacy Policy.
6. We will not transfer your Personal Data to any country or organisation unless we are satisfied that adequate levels of protection are in place to protect the integrity and security of your Personal Data.

Children's Privacy
1. The Company does not knowingly collect Personal Data from children under the age of 13 years without appropriate parental or guardian Consent.
2. Where the Company provides information society services directly to children, we require verifiable parental Consent for the Processing of Personal Data of children under the age of 16 years, except where such Processing is necessary for the performance of a contract or for compliance with a legal obligation.
3. If we become aware that we have inadvertently collected Personal Data from a child under the applicable age threshold without proper Consent, we will take immediate steps to delete such information from our systems.
4. Parents and guardians have the right to:
  1. Request access to their child's Personal Data held by the Company;
  2. Request rectification or deletion of their child's Personal Data;
  3. Withdraw Consent for the Processing of their child's Personal Data at any time;
  4. Object to the Processing of their child's Personal Data for direct marketing purposes.
5. When collecting Personal Data from children with appropriate Consent, the Company will:
  1. Use clear, plain language appropriate to the child's age;
  2. Collect only the minimum Personal Data necessary for the specified purpose;
  3. Implement enhanced security measures to protect children's Personal Data;
  4. Not use children's Personal Data for profiling or automated decision-making.
6. The Company will retain records of parental Consent and make such records available to parents upon request.
Policy Updates
1. The Company reserves the right to update, modify, or replace this Privacy Policy at any time at its sole discretion to reflect changes in our business practices, legal requirements, or regulatory guidance.
2. We will notify you of any material changes to this Privacy Policy through one or more of the following methods:
  1. Posting a prominent notice on our Website indicating that the Privacy Policy has been updated.
  2. Sending an email notification to users who have provided their email address to us, where we have a lawful basis to do so.
  3. Displaying a pop-up notification or banner on our Website upon your next visit.
3. Material changes include, but are not limited to:
  1. Changes to the types of Personal Data we collect or the purposes for which we Process such data.
  2. Changes to our data sharing practices with Third Parties.
  3. Changes to your rights regarding your Personal Data.
  4. Changes to our data retention practices.
4. Non-material changes, such as clarifications, formatting updates, or contact information changes, may be made without prior notice.
5. Updated versions of this Privacy Policy will take effect immediately upon posting on our Website, unless otherwise specified in the updated policy.
6. Your continued use of our Website after any changes to this Privacy Policy constitutes your acceptance of such changes.
7. If you do not agree with any changes made to this Privacy Policy, you should discontinue use of our Website and contact us to exercise your rights regarding your Personal Data.
8. We encourage you to review this Privacy Policy periodically to stay informed about how we collect, use, and protect your Personal Data.
9. The date of the most recent update to this Privacy Policy will be clearly displayed at the top of this document.

Governing Law
1. This Privacy Policy and all matters relating to your privacy and the processing of your Personal Data shall be governed by and construed in accordance with the laws of England and Wales.
2. Any disputes arising out of or in connection with this Privacy Policy, including disputes relating to data protection rights or the processing of Personal Data, shall be subject to the exclusive jurisdiction of the courts of England and Wales.
3. This Privacy Policy is designed to comply with the UK GDPR, the Data Protection Act 2018, and other applicable data protection legislation in force in England and Wales.
4. Where any provision of this Privacy Policy conflicts with mandatory provisions of applicable data protection law, the requirements of such data protection law shall prevail.
5. References to statutory provisions shall be construed as references to those provisions as amended, re-enacted, or replaced from time to time.
6. If any court or competent authority finds any provision of this Privacy Policy to be invalid or unenforceable, the remainder of this Privacy Policy shall continue in full force and effect. This Privacy Policy has been approved and adopted by We Evolve on 5th November 2025 and represents our binding commitment to protect your personal data in accordance with UK data protection laws.

Company Representative:

We Evolve

By: Esther Hall

Title: Founder

Date: 5th November 2025

This Privacy Policy shall remain in effect until superseded by an updated version, with any material changes communicated to users through our website or other appropriate means.