Privacy Policy

1. Introduction and Who We Are

Welcome to the Privacy Policy for Skip Booker. We respect your privacy and are committed to protecting your personal data. This policy outlines how we handle your personal data, your privacy rights, and how the law protects you.

This privacy policy is issued on behalf of The Website Hub Ltd, trading as Skip Booker. When we mention “we”, “us”, or “our” in this policy, we are referring to The Website Hub Ltd. We are a registered company in England and Wales with our registered office at 71-75 Shelton Street, London, Greater London, United Kingdom, WC2H 9JQ.

We are a B2B digital agency operating exclusively within the waste management sector, providing bespoke website design, e-commerce booking systems, local SEO, and Google Ads management. If you have any questions about this privacy policy, please contact us at [email protected].

Changes to your data: It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal or business data changes during your relationship with us.

2. Our Roles Under the UK GDPR: Data Controller vs. Data Processor

Because of the nature of our digital agency services, our responsibilities under the UK General Data Protection Regulation (UK GDPR) depend on the data being processed. We operate in two distinct capacities:

• As a Data Controller: When you interact directly with us as a business prospect, sole trader, company director, or paying client (e.g., visiting our website, requesting a free website review, or engaging us for services), we act as the Data Controller. We determine the purposes and means of processing your personal and business data to deliver our services to you.
• As a Data Processor: We build, host, and maintain e-commerce booking websites for our clients. The general public (your customers) use these websites to book skips and clearance services, entering their personal data (names, home addresses, postcodes, and payment information) into the system. While we have backend access to this data to provide technical support, API integrations, and maintenance, we act strictly as a Data Processor. We only process this end-user data on the documented instructions of you, our client, who remains the Data Controller.

3. The Data We Collect

We may collect, use, store, and transfer different kinds of personal data depending on our relationship with you:

• Identity Data: Includes first name, last name, username or similar identifier, and title.
• Contact Data: Includes billing address, business address, direct email address, and mobile or telephone numbers.
• Financial and Transaction Data: Includes details about payments to and from you, and other details of services or monthly subscriptions you have purchased from us. We use secure third-party payment processors (such as Stripe) for our monthly retainers. We do not store raw credit or debit card data on our own servers.
• Technical Data: Includes internet protocol (IP) address, browser type and version, time zone setting, browser plug-in types, operating system, and platform technology on the devices you use to access our website.
• Client-Customer Data (Processor Role): As a Data Processor, we have backend access to the data your customers input into the booking systems we build and maintain for you. This includes names, addresses, service dates, and transaction records.
• Marketing and Communications Data: Includes your preferences in receiving marketing from us and your communication preferences.

4. How We Collect Data

We use different methods to collect data from and about you, including:

• Direct Interactions: You may give us your Identity, Contact, and Financial Data by filling in forms on our website, signing up for a monthly subscription package, requesting a website audit, or corresponding with us by email or phone.
• Automated Technologies: As you interact with our website, we may automatically collect Technical Data about your equipment, browsing actions, and patterns.

5. How We Use the Data and Our Lawful Bases

Under the UK GDPR, we will only use your personal data when the law allows us to. We rely on the following lawful bases for processing your data:

• Performance of a Contract: Processing your Identity, Contact, and Financial Data to register you as a new client, process your one-off project fees, manage your monthly subscription packages (hosting, maintenance, marketing), and deliver our digital services.
• Legitimate Interests: Processing your Technical, Contact, and Marketing Data to manage our relationship with you, provide you with B2B marketing communications and industry insights (especially where you have requested a free service like a website review), administer and protect our business, and use data analytics to improve our services. We ensure our business interests do not override your fundamental rights.
• Legal Obligation: Processing your Contact and Financial Data to comply with our regulatory and statutory obligations, such as maintaining accurate accounting and tax records for HMRC.

6. Marketing

We strive to provide you with choices regarding certain personal data uses, particularly around marketing and advertising.

Promotional Offers from Us: We may use your Identity, Contact, and Technical Data to form a view on what we think you may want or need, or what may be of interest to you. This is how we decide which services and offers may be relevant.

You will receive marketing communications from us if you have requested information from us (such as a free website review or audit) or purchased services from us and you have not opted out of receiving that marketing. This is known as a “soft opt-in” and applies to our B2B communications.

Third-Party Marketing: We will get your express opt-in consent before we share your personal data with any third party for their own marketing purposes.

Opting Out: You can ask us to stop sending you marketing messages at any time by following the unsubscribe link in any marketing message sent to you or by contacting us at [email protected].

7. Data Sharing and Third Parties

We do not sell your personal data. We only share your data with trusted third parties to fulfil our contractual obligations and run our business securely. These third parties include:

• Secure cloud hosting providers where our systems and your websites are stored.
• Customer Relationship Management (CRM) and email marketing platforms (such as Brevo) to store contact data securely and deliver our communications.
• Transactional email delivery services (such as Postmark) to reliably route and deliver critical system emails, booking confirmations, and alerts.
• Third-party payment gateways (such as Stripe) to process one-off builds and ongoing monthly retainers securely.
• Analytics and search engine providers (such as Google Analytics) that assist us in the improvement and optimisation of our website.
• Professional advisers, including accountants, lawyers, and insurers, who provide consultancy, banking, legal, insurance, and accounting services.

8. International Data Transfers

Many of our external third-party software providers (such as Google, Stripe, Postmark, and Brevo) are based outside the UK, so their processing of your personal data will involve a transfer of data outside the UK.

Whenever we transfer your personal data out of the UK, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:

• We will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data.
• Where we use certain service providers, we may use specific contracts approved for use in the UK (such as the International Data Transfer Agreement or standard contractual clauses) which give personal data the same protection it has in the UK.

9. Data Security and Retention

We have put in place robust security measures to prevent your personal data from being accidentally lost, used, accessed in an unauthorised way, altered, or disclosed. We limit access to your personal data—and the backend Client-Customer Data we maintain as a Processor—to those employees, agents, and contractors who have a strict business need to know. They will only process data on our instructions and are subject to a duty of confidentiality.

We will only retain your personal data for as long as reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting, or reporting requirements. By law, we are required to keep basic information about our clients (including Contact, Identity, Financial, and Transaction Data) for six years after they cease being clients for tax and HMRC purposes.

10. Cookies

Our website uses cookies to distinguish you from other users, provide a better experience, and improve our site; for full details, please refer to our separate Cookie Policy.

11. Your Legal Rights

Under the UK GDPR, you have rights relating to your personal data. You have the right to:

• Request Access: Receive a copy of the personal data we hold about you.
• Request Rectification: Have any incomplete or inaccurate data we hold about you corrected.
• Request Erasure: Ask us to delete or remove personal data where there is no good reason for us continuing to process it.
• Object to Processing: Object where we are relying on a legitimate interest and there is something about your particular situation which makes you want to object to processing on this ground.
• Request Restriction: Ask us to suspend the processing of your personal data in certain scenarios.
• Request Portability: Request the transfer of your personal data to you or to a third party.
• Withdraw Consent: Withdraw consent at any time where we are relying on consent to process your personal data.

If you wish to exercise any of the rights set out above, please contact us at [email protected]. You will not have to pay a fee to access your personal data (or to exercise any of the other rights). You also have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues. However, we would appreciate the chance to deal with your concerns before you approach the ICO, so please contact us in the first instance.