dpowPrivacy Policy
Last updated: 27 May 2026 · Version 1.0
This policy explains what personal data we collect through www.dpow.co.uk, www.dpow.co.uk/cad and demo.dpow.co.uk, why we use it, and the rights you have under the UK GDPR and the Data Protection Act 2018.
1. Who we are (the data controller)
Pete Connolly, trading as dpow (a sole trader), is the controller responsible for your personal data.
| Trading name | dpow |
|---|---|
| Controller | Pete Connolly (sole trader) |
| Contact address | [BUSINESS CONTACT ADDRESS - to be added] |
| crane@dpow.co.uk | |
| Phone / WhatsApp | +44 7463 126106 |
| ICO registration | [ICO REGISTRATION NUMBER - registration pending] |
| VAT number | [VAT NUMBER - if registered] |
For any privacy question or to exercise your rights, contact us at crane@dpow.co.uk.
2. The personal data we collect
| When | Data | Source |
|---|---|---|
| You use the enquiry form, email or WhatsApp us | Name, company, email address, phone number (if you message us), and anything you choose to tell us about your project | You |
| You book a call | Name, email, booking time (handled by Cal.com) | You / Cal.com |
| We send you a personalised Datum demo link | Your first name, company name and email may appear in the demo link so it can greet you; this is read in your browser only and is not stored by us | Our CRM (HubSpot) |
| We contact business prospects | Business name, business email and role, from publicly available business sources, held in our CRM | HubSpot / public business sources |
| You visit any site | Standard server logs (IP address, browser type, pages requested) kept by our hosting provider for security and operation | Automatic |
For visitor numbers we use only privacy-friendly, cookieless analytics (Vercel Web Analytics / Speed Insights) - aggregate page views and performance, with no cookies, no cross-site tracking and no personal profiling. We do not use advertising pixels or session-recording tools (no Google Analytics, no Meta Pixel, no Hotjar/Clarity). We do not collect special-category data and do not ask for payment-card details on the sites.
3. How and why we use it (lawful bases)
| Purpose | Lawful basis (UK GDPR Art. 6) |
|---|---|
| Respond to your enquiry, give quotes, arrange and deliver our services | Steps prior to / performance of a contract (6(1)(b)); legitimate interests (6(1)(f)) for general enquiries |
| Business-to-business marketing emails to relevant organisations | Legitimate interests (6(1)(f)), subject to your right to object/opt out at any time (PECR "soft opt-in" / corporate-subscriber rules) |
| Sending you a marketing email after you ask us to / opt in | Consent (6(1)(a)) where required |
| Keeping records, invoicing, tax and legal compliance | Legal obligation (6(1)(c)); legitimate interests (6(1)(f)) |
| Operating, securing and maintaining the websites | Legitimate interests (6(1)(f)) |
Where we rely on legitimate interests, we have balanced those interests against your rights. You can ask us about this balancing test at any time.
4. Marketing & your choices
If you receive marketing email from us, every message includes an unsubscribe link and you can opt out at any time - we action opt-outs promptly and keep a suppression record so we don't contact you again. You can also email crane@dpow.co.uk to opt out. We do not sell or rent your data to anyone.
5. Who we share it with (processors)
We use a small number of trusted suppliers ("processors") to run our business. They process data only on our instructions, under contract.
| Supplier | Purpose | Location |
|---|---|---|
| Vercel | Website hosting, server logs & cookieless web analytics | USA (UK GDPR safeguards in place) |
| IONOS | Email hosting (crane@/dpow.co.uk mail) | EU / UK |
| HubSpot | CRM and email marketing | USA (UK GDPR safeguards in place) |
| Cal.com | Call/meeting booking | USA (UK GDPR safeguards in place) |
| Meta (WhatsApp) | Messaging, if you choose to message us on WhatsApp | USA (UK GDPR safeguards in place) |
| Clearbit (Logo) | On the Datum demo only, your company's website domain may be sent to fetch a company logo | USA (UK GDPR safeguards in place) |
We may also disclose data where required by law, or to professional advisers (e.g. accountant) under confidentiality.
6. International transfers
Some suppliers above are based in the USA, so your data may be transferred outside the UK. Where it is, the transfer is protected by an appropriate UK GDPR safeguard - the UK Extension to the EU–US Data Privacy Framework where the supplier is certified, and/or the International Data Transfer Agreement (IDTA) / UK Addendum to the EU Standard Contractual Clauses. You can ask us for details of the safeguard for any specific supplier.
7. How long we keep it (retention)
| Data | Retention |
|---|---|
| Enquiries that don't become clients | Up to 24 months from last contact, then deleted |
| Client records, contracts and project files | Duration of engagement plus 6 years (contract/limitation and tax records) |
| Marketing/CRM contacts | Until you opt out or we identify the data is no longer relevant; suppression records kept to honour opt-outs |
| Server logs | Short rolling period held by our host for security |
8. Your rights
Under UK data protection law you have the right to: be informed; access a copy of your data (a "Subject Access Request"); rectification; erasure ("right to be forgotten"); restrict or object to processing; data portability; and to withdraw consent where we rely on it. You also have rights regarding automated decision-making (see below).
To exercise any right, email crane@dpow.co.uk. We will respond within one month. There is normally no charge. We may need to verify your identity first.
9. Automated decision-making & AI
We do not carry out automated decision-making that produces legal or similarly significant effects about you, and we do not use AI chatbots that make decisions about you on the sites. The Datum demo personalises a greeting from a link we send you, but this is presentational only and involves no profiling or decision about you. We do not use your personal data to train AI models, and we do not put client or personal data into public AI tools.
10. Cookies & similar technologies
The sites use only strictly-necessary/functional storage by default; the only optional item is the Cal.com booking widget, which loads only with your consent. Full detail, categories and how to change your choice are in our Cookie Policy.
11. Security
The sites are served over HTTPS/TLS. We keep accounts protected with strong, unique passwords and multi-factor authentication where available, limit who can access data, and use reputable suppliers. No system is perfectly secure, but we take appropriate technical and organisational measures and review them.
12. Children
Our services and sites are aimed at businesses and professionals and are not directed at children. We do not knowingly collect data from anyone under 18. If you believe a child has provided us data, contact us and we will delete it.
13. Complaints
If you have a concern, please contact us first at crane@dpow.co.uk so we can help. You also have the right to complain to the UK regulator, the Information Commissioner's Office (ICO): ico.org.uk/make-a-complaint, helpline 0303 123 1113.
14. Changes
We may update this policy. The current version and date are shown at the top. Material changes affecting you will be highlighted where appropriate.