Last updated: 17 February 2026
1. Introduction
Welcome to Webnex (trading as A B S (UK) T/A Webnex), a UK-based provider of professional website development, secure hosting, ongoing maintenance and related digital services.
We are committed to protecting your privacy and handling your personal data in a transparent, secure and lawful manner in accordance with:
- the UK General Data Protection Regulation (UK GDPR)
- the Data Protection Act 2018
- the Privacy and Electronic Communications Regulations (PECR) 2003 (as amended)
Registered office: Southampton, United Kingdom
Email:[email protected]
ICO registration: [insert your ICO number if registered]
2. What personal data we collect and why
2.1 When you browse our website
- IP address, browser type/version, operating system, referring page, pages visited, time/date of visit, time spent on pages
- Purpose: analysing site performance, security, debugging, improving user experience
- Lawful basis: Legitimate interests (Art. 6(1)(f) UK GDPR)
2.2 When you submit a contact form or send us an email
- Name, email address, telephone number (optional), message content
- Purpose: answering your enquiry, providing a quote, entering into a contract
- Lawful basis: steps prior to contract (Art. 6(1)(b)) or legitimate interests
2.3 When you create / manage a client or student preview link
- Name (client/student), secret access code, preview URL
- Purpose: allowing secure access to your personalised preview site
- Lawful basis: contract / pre-contractual steps
2.4 When you subscribe to our newsletter
- Email address
- Purpose: sending marketing updates, tips, special offers (only with consent)
- Lawful basis: Consent – you can unsubscribe anytime
2.5 When you make a payment / become a customer
- Name, billing address, email, payment metadata (Stripe handles full card details – we never see them)
- Purpose: processing payment, issuing invoices, providing services, fraud prevention
- Lawful basis: contract + legitimate interests (fraud prevention)
2.6 When you log in to your customer dashboard
- Email address, usage metadata, subscription status
- Purpose: authenticating you, showing invoices/subscription, personalised support
- Lawful basis: contract
3. Third-party processors we use (2026 snapshot)
| Service | Purpose | Location | Privacy link |
|---|---|---|---|
| Stripe | Secure payments & subscriptions | USA / EU (adequacy decision & DPF certified) | stripe.com/privacy |
| Firebase / Google Analytics | Usage analytics, performance, crash reporting | USA (DPF certified + SCCs) | policies.google.com/privacy |
| DashNex platform | Website hosting, instant pages, backend | EU / USA (SCCs) | DashNex Privacy Policy (linked in footer) |
All third parties are contractually bound to process data only for the purposes we instruct and in line with UK GDPR.
4. Your UK GDPR rights
You have the right to:
- Access your data (free copy)
- Rectify inaccurate data
- Erase your data (“right to be forgotten”)
- Restrict processing
- Data portability
- Object (especially to marketing)
- Not be subject to automated decisions with legal effect (we do not do this)
To exercise any right, email [email protected] with “Data Rights Request” in the subject. We normally reply within one month.
5. How long we keep your data
- Website analytics → up to 26 months
- Contact/enquiry data → 6 years (contract limitation period)
- Customer/billing records → 7 years after relationship ends (HMRC)
- Newsletter subscribers → until unsubscribe
- Preview codes → deleted on request or after 24 months inactivity
6. International transfers
Some processors (Stripe, Google, DashNex) are based in the USA. We only transfer data where:
- adequacy decision exists, or
- appropriate safeguards are in place (UK IDTA, EU-US DPF, SCCs)
Email us for copies of safeguards.
Questions about this policy?
We’re happy to answer any questions or help you exercise your rights. Just fill in the form below — we usually reply within 24–48 hours.