Data Protection Policy

Victoria James Trading Limited t/a Rework Digital

Introduction

Victoria James Trading Limited, trading as Rework Digital ("we", "our", "us"), is committed to protecting personal data and ensuring compliance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

This policy explains how we handle personal data in the delivery of our web development, hosting, and digital services.

Scope

  • This policy applies to all employees, contractors, and third parties working with us.
  • It applies to all personal data processed by the company.
  • It applies to all infrastructure, systems, and platforms used in our services.

Data Controller

Victoria James Trading Limited is the data controller for personal data processed as part of our business operations.

Registered Office: Mains House, 143 Front St, Chester-le-Street DH3 3AU
Contact Email: [email protected]

Data Protection Principles

  • Lawfulness, fairness, and transparency.
  • Purpose limitation.
  • Data minimisation.
  • Accuracy.
  • Storage limitation.
  • Integrity and confidentiality.
  • Accountability.

Categories of Personal Data

  • Client and prospect contact details, including names, email addresses, and phone numbers.
  • Business and project-related data.
  • Website visitor data, including analytics data, IP addresses, and usage data.
  • Support and communication records.
  • Employee and contractor data.

We do not intentionally process special category data unless explicitly required.

Lawful Bases for Processing

  • Contractual necessity – delivering services to clients.
  • Legitimate interests – operating, improving, and securing our services.
  • Legal obligations – complying with applicable laws.
  • Consent – marketing communications and non-essential cookies.

Use of Personal Data

  • Delivering web development, hosting, and maintenance services.
  • Managing infrastructure and client environments.
  • Communicating with clients and stakeholders.
  • Monitoring performance, security, and usage.
  • Complying with legal and regulatory obligations.

Infrastructure and Data Processing Systems

We use a range of third-party infrastructure providers to deliver our services. These providers may process personal data on our behalf as data processors.

  • Amazon Web Services (AWS) – application hosting, databases, storage, and compute infrastructure.
  • DigitalOcean – cloud hosting and application infrastructure.
  • Hetzner Cloud – database hosting and infrastructure services.
  • Cloudflare – content delivery network, DNS, caching, and security services.
  • Google Analytics – website analytics and user behaviour tracking.

These providers may process data such as IP addresses, logs, usage data, and client-hosted content.

  • We ensure processors provide sufficient guarantees of GDPR compliance.
  • We require appropriate Data Processing Agreements where applicable.
  • We require appropriate technical and organisational security measures.

International Data Transfers

Some of our providers, including AWS, Cloudflare, and Google, may transfer personal data outside the UK.

  • UK International Data Transfer Agreements.
  • Standard Contractual Clauses.
  • Transfers to countries with adequacy decisions.

Data Security Measures

  • Network-level protections and CDN shielding via Cloudflare.
  • Encrypted data transmission using HTTPS/TLS.
  • Role-based access controls and least-privilege access.
  • Secure authentication practices, including MFA where applicable.
  • Server hardening and regular patching.
  • Monitoring and logging of infrastructure.
  • Regular backups and disaster recovery procedures.

Data Retention

  • Active client data is retained for the duration of the contract.
  • Project data is retained for operational and support purposes.
  • Logs and analytics data are retained according to provider configurations.
  • Financial and legal records are retained in accordance with statutory requirements.

Retention periods are reviewed periodically.

Data Subject Rights

  • Access to personal data.
  • Correction of inaccurate data.
  • Erasure where applicable.
  • Restriction of processing.
  • Data portability.
  • Objection to processing.

Requests can be submitted using the contact details set out in this policy.

Cookies and Tracking Technologies

We use cookies and similar technologies, including Google Analytics.

  • Non-essential cookies are only set with user consent.
  • Users can manage preferences via cookie banners.
  • IP anonymisation and privacy-focused settings are implemented where feasible.

Data Breach Management

  • We will investigate and assess risk promptly.
  • We will notify the ICO within 72 hours where required.
  • We will notify affected individuals where there is a high risk.
  • We will take corrective action to prevent recurrence.

Roles and Responsibilities

  • Management is responsible for ensuring GDPR compliance.
  • Staff must follow data protection procedures and security practices.
  • Any suspected data breach must be reported immediately.

Policy Review

This policy is reviewed annually or upon significant changes to systems, infrastructure, or legal requirements.

Contact

For data protection queries, please contact:

Victoria James Trading Limited t/a Rework Digital
Email: [email protected]

Additional Notes for Clients

Where we act as a data processor on behalf of clients, such as when hosting or maintaining client applications, the client remains the data controller.

  • We process data only on documented instructions.
  • Appropriate Data Processing Agreements are put in place.
  • Clients are responsible for defining lawful bases and privacy notices for their end users.

Let's level up your business, together

You can reach us via [email protected]