Privacy Policy
Last updated: 22 June 2026
1. Who We Are
Ruth Gaunt Ltd is a UK-based Squarespace web design business helping small and solo business owners launch beautiful, functional websites. We operate at www.ruthgaunt.co.uk and are based in London, UK. We are the data controller for the personal data collected through this website, meaning we decide how and why your data is used. This is in line with our obligations under the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and the Data (Use and Access) Act 2025 (DUAA). If you have any questions about this policy or how we handle your data, you can reach us at:
Email: ruth@ruthgaunt.co.uk
ICO Registration: ZA803897
2. What Personal Data We Collect
Contact form
When you get in touch via our website contact form (powered by Dubsado), we collect your name, email address, and the details you include in your message. We use this information to respond to your enquiry.
Call bookings
If you book a free discovery call via our booking link, we collect your name, email address, and any other details you provide during the scheduling process. Bookings are handled by Dubsado.
Analytics
We use Google Analytics (via Google Tag Manager) to understand how visitors use our website. This includes information such as which pages you visit, how long you stay, where you came from, and general details about your device and browser. This data is collected in an aggregated, anonymised form and does not directly identify you.
Cookies
We use cookies on this website. Please see Section 5 for full details.
Social media
We have an Instagram feed embedded on our website. Instagram (Meta) may independently collect data when you interact with or view embedded content. We also link to our LinkedIn and Pinterest profiles, but these platforms only collect data if you visit them directly.
3. How We Use Your Personal Data
We use the personal data we collect for the following purposes:
Responding to enquiries you send via our contact form Scheduling and managing discovery calls
Providing the web design services you've requested
Sending proposals, onboarding documents, and project communications
Analysing how people use our website so we can improve it
Keeping records of client work for legal and accounting purposes
4. Our Legal Basis for Processing
Under UK GDPR and the DUAA, we must have a lawful basis for processing your personal data. Here's what we rely on:
Legitimate interests
We use this basis for responding to enquiries and using analytics to improve our website. We have assessed that our interest in doing so does not override your rights and freedoms.
Contract
Once you become a client, we process your data to fulfil our contractual obligations, including delivering your website and providing post-launch support.
Consent
We rely on your consent for any non-essential cookies. You can withdraw your consent at any time by clearing your browser cookies and declining them on your next visit.
Legal obligation
We may retain certain financial and business records to comply with UK law (such as HMRC requirements). The DUAA introduced a new category of "recognised legitimate interests" which provides a clearer legal basis for certain types of processing. Where any of our processing falls within these recognised categories, we will document this appropriately.
5. Cookies
We use the following types of cookies on this website:
Under the DUAA, certain low-risk analytics cookies (used only to collect statistical data to improve website performance) no longer require prior consent, provided users are given clear information and a prominent opt-out. We still give you the option to decline analytics cookies via our cookie banner.
You can update your cookie preferences at any time by clearing your browser cookies and revisiting our site.
6. Third Parties We Share Data With
We do not sell your personal data to third parties. However, some of the tools we use to run this website and our business involve third parties processing your data on our behalf:
Squarespace
Our website is hosted and built on Squarespace. They process data related to your visit in line with their own privacy policy: squarespace.com/privacy
We use Google Analytics and Google Tag Manager to understand website traffic. Data may be processed outside the UK under standard contractual clauses. Google's privacy policy: policies.google.com/privacy
Dubsado
We use Dubsado for contact forms, proposals, and discovery call scheduling. Your enquiry details are stored within Dubsado's platform. Dubsado's privacy policy: dubsado.com/privacy
Instagram (Meta)
Our embedded Instagram feed means Meta may process data when you view or interact with that content. Meta's privacy policy: privacycenter.fb.com
We may also share your data if required to do so by law, or to protect the rights, property, or safety of our business, our clients, or others.
7. How Long We Keep Your Data
We only hold your data for as long as necessary:
Enquiries that don't proceed to a project: We keep your contact details and message for up to 2 years, in case you get back in touch.
Client records: We keep records of completed projects and related communications for 6 years, in line with standard UK business practice and our legal obligations.
Google Analytics data: Retained for 26 months (Google Analytics 4 default retention period).
Cookies: Session cookies are deleted when you close your browser. Persistent cookies expire in line with the timescales set by each provider.
8. Your Rights
Under UK GDPR and the DUAA, you have the following rights in relation to your personal data:
Right of access — You can request a copy of the personal data we hold about you.
Right to rectification — You can ask us to correct any inaccurate or incomplete data.
Right to erasure — You can ask us to delete your personal data in certain circumstances.
Right to restriction — You can ask us to limit how we use your data while a dispute is resolved.
Right to data portability — You can ask us to provide your data in a structured, commonly used format.
Right to object — You can object to processing based on legitimate interests, including direct marketing.
Rights related to automated decision-making — We do not make any automated decisions about you that would have a legal or significant effect. No profiling is used to make such decisions.
Right to withdraw consent — Where we rely on consent, you can withdraw it at any time.
Right to complain to us directly — The DUAA introduced a new right for you to raise a data protection complaint directly with us as the data controller. We are required to acknowledge and investigate your complaint without undue delay and keep you informed of the outcome. To make a complaint, please email us at ruth@ruthgaunt.co.uk with the subject line "Data Protection Complaint". We will acknowledge your complaint within 30 days.
Right to complain to the ICO — If you are not satisfied with how we handle your complaint, or you prefer to go directly to the regulator, you can contact the Information Commissioner's Office (ICO):
Website: ico.org.uk
Phone: 0303 123 1113
We will respond to any data subject rights request within one month of receiving it. We may need to verify your identity before we can action your request, and in some cases we may need to pause the response period while we gather the information needed. We will always let you know if this is the case.
9. Data Security
We take the security of your personal data seriously. Our website is hosted on Squarespace, which provides industry-standard security measures including HTTPS encryption. We use secure tools and limit access to your data to those who genuinely need it.
That said, no method of transmitting data over the internet is completely secure. While we do our best to protect your personal data, we cannot guarantee its absolute security.
If you suspect a data breach involving your personal information, please contact us at ruth@ruthgaunt.co.uk as soon as possible.
10. International Data Transfers
Some of the third-party tools we use (including Google and Dubsado) may transfer and process your data outside the UK. Where this happens, we make sure appropriate safeguards are in place, such as standard contractual clauses.
The DUAA updated the framework for international data transfers, replacing the previous "essentially equivalent" test with a new data protection test. This ensures that where data is transferred internationally, the level of protection is not materially lower than under UK GDPR. We review our transfer arrangements to ensure they meet these updated standards.
The European Commission renewed the UK's adequacy decision in December 2025, confirming that the UK continues to provide an adequate level of data protection for transfers from the EU.
11. Children's Privacy
Our services are not directed at children under the age of 13, and we do not knowingly collect personal data from children. Under the DUAA, online services that are likely to be accessed by children must give particular consideration to how they protect and support younger users. While our website is aimed at small business owners, if you believe a child has provided us with personal data, please contact us at ruth@ruthgaunt.co.uk and we will take steps to delete it promptly.
12. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in how we operate or in the law. When we do, we will update the date at the top of this page. We encourage you to check back occasionally, especially if you are an existing client.
13. Contact Us
If you have any questions about this Privacy Policy or how we handle your data, please get in touch:
Ruth Gaunt Ltd
Email: ruth@ruthgaunt.co.uk
Website: www.ruthgaunt.co.uk
ICO Registration: ZA803897