Privacy Policy

This Privacy Policy explains how Laylent collects, uses, stores, shares, and protects personal information.

For the purposes of UK data protection law, including the UK General Data Protection Regulation and the Data Protection Act 2018, the data controller is:

In this Privacy Policy, "Laylent", "we", "us", and "our" means the business identified above.

"You", "your", "client", "customer", or "user" means any person who visits our website, contacts us, purchases our services, uses our website services, submits information to us, or interacts with us.

We are committed to protecting your privacy and handling personal information lawfully, fairly, and transparently.

1. Purpose of this Privacy Policy

This Privacy Policy explains:

1. what personal information we collect;
2. how we collect it;
3. why we use it;
4. the lawful bases we rely on;
5. who we share it with;
6. how long we keep it;
7. how we protect it;
8. your legal rights;
9. how to contact us;
10. how to complain.

The ICO says privacy information should explain what personal data is used, why it is used, lawful bases, retention, sharing, rights, and how people can complain.

2. Personal Information We Collect

We may collect and process the following types of personal information.

2.1 Identity and contact information

This may include:

1. name;
2. business name;
3. trading name;
4. job title or role;
5. email address;
6. phone number;
7. business address;
8. billing address;
9. delivery or service address, where relevant;
10. social media profile links, if provided.

2.2 Business information

This may include:

1. business type;
2. website requirements;
3. current website details;
4. domain name;
5. business opening hours;
6. services offered;
7. business images, logos, and branding;
8. customer-facing business information;
9. information needed to build or maintain your website.

2.3 Payment and billing information

This may include:

1. payment status;
2. invoices;
3. transaction references;
4. Stripe customer ID;
5. subscription status;
6. billing history;
7. payment method type;
8. chargeback or dispute information;
9. tax or VAT details, where applicable.

We do not directly store full card numbers. Card payments are processed by Stripe or another payment provider.

2.4 Communication information

This may include:

1. emails you send us;
2. WhatsApp messages;
3. SMS messages;
4. call notes;
5. support requests;
6. onboarding information;
7. feedback;
8. cancellation requests;
9. complaints;
10. correspondence relating to your website or service.

2.5 Website and technical information

When you visit our website, we may collect:

1. IP address;
2. browser type;
3. device type;
4. operating system;
5. pages visited;
6. time and date of visit;
7. referral source;
8. approximate location;
9. website usage data;
10. cookie and tracking preferences.

2.6 Client website information

If we build, host, manage, or maintain a website for you, we may process information connected to that website, including:

1. website admin details;
2. login credentials or access tokens, where provided;
3. domain and DNS information;
4. hosting account details;
5. contact form submissions, where we manage or access them;
6. analytics information;
7. website content;
8. technical logs;
9. support history;
10. security or maintenance information.

2.7 Lead and prospect information

If we contact businesses about our services, we may process business contact information, including:

1. business name;
2. public website or directory details;
3. publicly available phone number;
4. publicly available email address;
5. social media profile;
6. business category;
7. notes about whether the business has a website;
8. outreach history;
9. response status.

3. How We Collect Personal Information

We may collect personal information when:

1. you visit our website;
2. you submit a contact form;
3. you book a call;
4. you message us by email, WhatsApp, SMS, social media, or phone;
5. you purchase through Stripe;
6. you complete onboarding;
7. you provide website content;
8. you give us access to a domain, hosting account, or website platform;
9. you ask for support;
10. you cancel or change your service;
11. we receive information from public business directories, websites, search engines, or social media;
12. third-party tools provide information to us as part of our service.

4. How We Use Personal Information

We may use personal information to:

1. respond to enquiries;
2. provide quotes;
3. create website previews;
4. onboard clients;
5. process payments;
6. set up subscriptions;
7. create invoices;
8. build, host, manage, and maintain websites;
9. connect domains;
10. provide customer support;
11. send service updates;
12. manage cancellations;
13. handle disputes, chargebacks, and complaints;
14. improve our services;
15. manage business records;
16. comply with legal, tax, accounting, and regulatory obligations;
17. prevent fraud, abuse, and misuse;
18. protect our legal rights;
19. contact businesses about our services where permitted by law;
20. send marketing communications where permitted or where consent has been given.

5. Lawful Bases for Using Personal Information

We only use personal information where we have a lawful basis under UK data protection law.

Depending on the situation, we may rely on the following lawful bases.

5.1 Contract

We use personal information where necessary to enter into or perform a contract with you.

Examples include:

1. setting up your account;
2. building your website;
3. providing maintenance;
4. processing your order;
5. managing your subscription;
6. communicating about the service;
7. handling cancellation.

5.2 Legitimate interests

We may use personal information where it is necessary for our legitimate business interests, provided your rights do not override those interests.

Examples include:

1. responding to business enquiries;
2. keeping business records;
3. improving our website and services;
4. preventing fraud;
5. managing client relationships;
6. sending relevant business-to-business communications;
7. creating previews for potential business clients;
8. protecting our legal and commercial interests.

5.3 Legal obligation

We may use personal information where necessary to comply with legal obligations.

Examples include:

1. tax records;
2. accounting records;
3. company records;
4. responding to lawful requests;
5. data protection compliance;
6. fraud prevention;
7. legal claims.

5.4 Consent

We may rely on consent where required, including for certain marketing communications or non-essential cookies.

Where we rely on consent, you can withdraw it at any time.

Your privacy notice should tell people about their rights, including the right to withdraw consent where consent is the lawful basis.

6. Business-to-Business Marketing

We may contact businesses about our services using business contact details where permitted by law.

We may use publicly available business information to identify businesses that may benefit from our website services.

You can ask us to stop contacting you at any time by emailing support@laylent.com.

If you opt out, we may keep limited information to make sure we do not contact you again.

7. Cookies and Similar Technologies

Our website may use cookies and similar technologies.

Cookies are small files placed on your device that help websites function, remember preferences, measure performance, or support marketing.

We may use:

1. essential cookies;
2. security cookies;
3. analytics cookies;
4. performance cookies;
5. advertising or tracking cookies, if enabled;
6. embedded third-party service cookies.

Essential cookies may be used because they are necessary for the website to work.

Non-essential cookies, such as analytics, advertising, or tracking cookies, may require consent before being placed on your device.

The ICO states that consent for cookies must be freely given, specific, informed, and involve a clear positive action; it is not enough to hide cookie information only in a privacy policy.

If we use non-essential cookies, we will provide a cookie banner or cookie preference tool where required.

You can also control cookies through your browser settings.

8. Analytics

We may use analytics tools to understand how visitors use our website.

Analytics may collect information such as:

1. pages visited;
2. time on site;
3. referral sources;
4. device type;
5. approximate location;
6. browser type;
7. interactions with our website.

Where required, we will ask for consent before using non-essential analytics cookies.

Analytics data helps us improve our website, services, marketing, and user experience.

9. Payment Processing

We use Stripe or another payment provider to process payments.

Payment providers may process your personal information, including name, email address, billing address, payment method, transaction details, fraud checks, and subscription status.

We do not directly store full debit or credit card numbers.

Your payment provider will process your information under its own privacy policy and legal obligations.

10. Third-Party Service Providers

We may share personal information with trusted third-party providers where necessary to operate our business and provide services.

These may include:

1. payment processors, such as Stripe;
2. website hosting providers;
3. website builders;
4. domain registrars;
5. email providers;
6. CRM tools;
7. analytics providers;
8. accounting software;
9. cloud storage providers;
10. communication tools;
11. automation tools;
12. security providers;
13. professional advisers;
14. legal, tax, or accounting providers.

We only share personal information where necessary and where we have a lawful basis to do so.

11. International Transfers

Some of our service providers may process personal information outside the United Kingdom.

Where personal information is transferred outside the UK, we will take reasonable steps to ensure appropriate safeguards are in place.

These safeguards may include:

1. adequacy regulations;
2. standard contractual clauses;
3. international data transfer agreements;
4. transfer risk assessments;
5. equivalent contractual protections.

12. How Long We Keep Personal Information

We keep personal information only for as long as reasonably necessary.

Retention periods may depend on the type of data, the reason we collected it, legal requirements, accounting requirements, tax obligations, dispute risk, and business needs.

As a general guide:

1. enquiry data may be kept for up to 24 months;
2. client account records may be kept for the duration of the client relationship;
3. contract, invoice, tax, and payment records may be kept for up to 6 years after the end of the relevant financial year;
4. support communications may be kept for up to 6 years where needed for legal or business records;
5. marketing suppression records may be kept indefinitely to ensure we do not contact people who have opted out;
6. website analytics data may be kept according to the analytics provider's retention settings;
7. login credentials or access details should be deleted or returned when no longer needed, unless retention is required for legal or security reasons.

We may keep information for longer if required for legal claims, fraud prevention, regulatory compliance, debt recovery, or dispute resolution.

13. How We Protect Personal Information

We take reasonable steps to protect personal information from unauthorised access, loss, misuse, alteration, or disclosure.

Security measures may include:

1. password protection;
2. access controls;
3. two-factor authentication where available;
4. secure payment providers;
5. restricted account access;
6. encrypted services where available;
7. staff or contractor confidentiality obligations;
8. secure storage systems;
9. regular review of access;
10. deletion of unnecessary data.

No system can be guaranteed completely secure. You are responsible for keeping your own passwords and access details secure.

14. Client Website Data

Where we build, host, manage, or maintain a client website, we may access or process data connected to that website.

This may include contact form enquiries, technical logs, visitor analytics, website content, or admin access.

The client is responsible for ensuring that their own website users are given appropriate privacy information and cookie information.

Where we process personal information only on a client's instructions, we may act as a processor. The client will usually be the controller of personal information collected through their own business website.

15. Children's Data

Our services are intended for businesses and adults.

We do not knowingly collect personal information from children.

If you believe a child has provided us with personal information, please contact us and we will take appropriate steps.

16. Your Legal Rights

Under UK data protection law, you may have the following rights:

1. the right to be informed about how your data is used;
2. the right of access to your personal information;
3. the right to rectification of inaccurate personal information;
4. the right to erasure;
5. the right to restrict processing;
6. the right to object to processing;
7. the right to data portability;
8. rights relating to automated decision-making and profiling;
9. the right to withdraw consent where processing is based on consent;
10. the right to complain to the ICO.

The ICO lists individual rights including access, rectification, erasure, restriction, objection, and other rights that should be explained in privacy information.

17. How to Exercise Your Rights

To exercise your rights, contact us at support@laylent.com.

We may need to verify your identity before responding.

We will usually respond within one month, unless the request is complex or numerous, in which case the law may allow us more time.

There is usually no fee, but we may charge a reasonable fee or refuse a request where legally permitted, such as where a request is manifestly unfounded or excessive.

18. Marketing Opt-Out

You can opt out of marketing communications at any time by:

1. clicking an unsubscribe link where provided;
2. replying "STOP" where applicable;
3. emailing us at support@laylent.com.

If you opt out, we may still send you non-marketing service messages, such as payment, contract, support, maintenance, or security updates.

19. Complaints

If you have concerns about how we use your personal information, please contact us first so we can try to resolve the issue.

Email: support@laylent.com

You also have the right to complain to the UK Information Commissioner's Office.

ICO website: https://ico.org.uk

ICO helpline: 0303 123 1113

20. ICO Registration and Data Protection Fee

Some organisations that process personal information must pay a data protection fee to the ICO unless an exemption applies.

For many micro organisations, the ICO fee is currently listed as £52, with higher tiers for larger organisations. GOV.UK also states that most organisations, including small and medium-sized businesses, pay £52 or £78 depending on their size and circumstances.

Laylent will assess whether it is required to pay the ICO data protection fee and will maintain registration where required.

21. Automated Decision-Making

We do not currently make decisions about individuals based solely on automated processing that produce legal or similarly significant effects.

If this changes, we will update this Privacy Policy.

22. Links to Other Websites

Our website or client websites may contain links to third-party websites.

We are not responsible for the privacy practices, security, or content of third-party websites.

You should read the privacy policy of any third-party website you visit.

23. Changes to This Privacy Policy

We may update this Privacy Policy from time to time.

The latest version will be posted on our website.

Where changes are significant, we may notify clients by email or another appropriate method.

24. Contact Details

For privacy questions, data requests, or complaints, contact: