Privacy Policy

1. Introduction

NewCo Data (“we”, “us”, “our”) is committed to protecting your privacy and handling your data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. This policy explains what data we collect, why, and how we use it across all our services: NewCo Data (company incorporation data), NewCo Websites (website design and hosting), and NewCo Domains (domain registration and email setup).

2. Data Controller

NewCo Data is the data controller for personal data collected through our website and services. Contact: hello@newcodata.co.uk.

3. What We Collect

Data	Purpose	Legal Basis
Name and email address	Account creation and service delivery	Contract performance
Payment information	Subscription billing and one-off purchases (processed by Stripe)	Contract performance
Sector preferences	Filtering your daily data reports	Contract performance
Company name and brief details	Website design and domain registration (Websites/Domains products)	Contract performance
Usage data (pages visited, email opens)	Service improvement and analytics	Legitimate interest
IP address	Security and fraud prevention	Legitimate interest

4. Company Data We Process

Our service processes publicly available company data from Companies House, which is Crown Copyright published under the Open Government Licence v3.0. This includes:

• Company names, registration numbers, and SIC codes
• Director names (public record under the Companies Act 2006)
• Registered office addresses
• Incorporation dates and company types

We also enrich this data with publicly available contact information (websites, email addresses, phone numbers) obtained through automated web searches. This enrichment is conducted under our legitimate interest in providing a business intelligence service. The data processed relates to companies and their public-facing business contact details, not personal data of individuals in a private capacity.

5. How We Use Your Data

• To provide and deliver our subscription service, website builds, and domain registrations
• To process payments via Stripe
• To send your daily lead reports (Data product)
• To design, build, and host your website (Websites product)
• To register domains and configure email on your behalf (Domains product)
• To communicate service updates or changes
• To improve our service and user experience

We will never sell your personal data to third parties. We will not use your data for marketing purposes without your explicit consent.

6. Third-Party Processors

• Stripe — payment processing (Stripe Privacy Policy)
• SendGrid (Twilio) — email delivery (Twilio Privacy Policy)
• Netlify — website hosting (Netlify Privacy Policy)

All processors are bound by data processing agreements and comply with UK GDPR requirements.

7. Data Retention

• Subscriber data: retained for the duration of your subscription or service engagement plus 12 months, unless you request earlier deletion.
• Website and Domain customer data: retained for the duration of your hosting or domain registration period plus 12 months. Brief details and design assets are retained to facilitate future updates or renewals.
• Payment records: retained for 7 years as required by HMRC for tax purposes.
• Company data: retained indefinitely as it is public record data.

8. Your Rights

Under UK GDPR, you have the right to:

• Access — request a copy of the personal data we hold about you.
• Rectification — request correction of inaccurate data.
• Erasure — request deletion of your data ("right to be forgotten").
• Restriction — request we limit how we use your data.
• Portability — receive your data in a machine-readable format.
• Object — object to processing based on legitimate interest.

To exercise any of these rights, email hello@newcodata.co.uk. We will respond within 30 days.

9. Cookies

Our website uses only essential cookies required for the website to function. We do not use tracking cookies, advertising cookies, or third-party analytics cookies. No cookie consent banner is required as we only use strictly necessary cookies.

10. Data Security

We implement appropriate technical and organisational measures to protect your data, including:

• HTTPS encryption on all web traffic
• Secure payment processing via Stripe (PCI DSS compliant)
• Access controls on internal systems
• Regular security reviews

11. International Transfers

Some of our processors (Stripe, SendGrid, Netlify) may process data outside the UK. Where this occurs, appropriate safeguards are in place, including Standard Contractual Clauses or adequacy decisions.

12. Children

Our service is not directed at individuals under 18 years of age. We do not knowingly collect data from children.

13. Changes to This Policy

We may update this policy from time to time. Material changes will be communicated via email to active subscribers. The "last updated" date at the top reflects the most recent revision.

14. Complaints

If you are unhappy with how we handle your data, you have the right to lodge a complaint with the Information Commissioner's Office (ICO), the UK's supervisory authority for data protection.

15. Contact

For any privacy-related queries:

• Email: hello@newcodata.co.uk
• Website: newcodata.co.uk