Privacy Policy

Last updated: 1 January 2026  ·  Lemley Design Ltd  ·  Registered in England & Wales

1. Who We Are

Lemley Design Ltd ("Lemley Design", "we", "us" or "our") is a brand strategy and visual identity agency incorporated and registered in England and Wales. Our registered office is located in London, United Kingdom. We operate the website available at lemleydesign.com (the "Site").

Lemley Design Ltd is the data controller for all personal data collected through this Site and through our business relationships. We are committed to protecting the privacy and security of your personal information in accordance with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and the Privacy and Electronic Communications Regulations (PECR).

If you have questions about this policy or how we handle your personal data, contact our data officer at: [email protected]

2. What Personal Data We Collect

We only collect personal data that is necessary for a specific, legitimate purpose. We collect data in the following circumstances:

2.1 Data You Provide Directly

When you contact us through our website contact form, send us an email, or engage us for professional services, we may collect:

  • Identity data: your first name, last name, job title and company name.
  • Contact data: your email address, telephone number and postal address.
  • Enquiry data: the content of your message, project brief, budget range and any other information you choose to provide.
  • Communications data: records of correspondence between us, including emails, call notes and meeting minutes.

2.2 Data Collected Automatically

When you visit our Site, certain technical data is collected automatically through cookies and server logs:

  • Technical data: your IP address, browser type and version, operating system, screen resolution and device type.
  • Usage data: pages visited, time spent on each page, links clicked, scroll depth, referring URL and exit pages.
  • Location data: approximate geographic location derived from your IP address (country and city level only — we do not collect precise geolocation).

2.3 Data from Third Parties

We may receive limited personal data about you from third-party sources, such as LinkedIn or other professional networks, if you have chosen to contact us or been referred by a mutual contact. We handle any such data with the same care and in accordance with this policy.

3. How We Use Your Personal Data

We use your personal data only for the specific purposes set out below and only where we have a valid legal basis to do so under UK GDPR:

  • To respond to your enquiries: Legal basis — Legitimate interests (Article 6(1)(f)). We have a legitimate interest in responding to potential clients and business contacts who have reached out to us.
  • To provide and manage our services: Legal basis — Contractual necessity (Article 6(1)(b)). Where we enter into a contract with you, processing your data is necessary to fulfil our obligations.
  • To improve our website and services: Legal basis — Legitimate interests (Article 6(1)(f)). We analyse usage data to understand how visitors interact with our Site and identify areas for improvement.
  • To comply with legal obligations: Legal basis — Legal obligation (Article 6(1)(c)). We may need to process your data to comply with applicable laws, regulations or court orders.
  • To send marketing communications: Legal basis — Consent (Article 6(1)(a)). We will only send you marketing emails if you have explicitly opted in. You may withdraw consent at any time.

4. Cookies and Tracking Technologies

We use cookies and similar technologies on our Site. For full details of what cookies we use, why we use them and how to control them, please read our Cookie Policy.

In summary, we use strictly necessary cookies (which cannot be disabled), and optional analytics cookies that are only activated with your consent via our cookie consent banner.

5. How We Share Your Personal Data

We do not sell, rent, trade or otherwise pass your personal data to third parties for their own marketing purposes. We may share your data only in the following limited circumstances:

  • Service providers: We may share data with carefully selected third-party service providers who assist us in operating our website and delivering our services (e.g. email hosting, CRM platforms, cloud storage). All such providers are contractually required to handle your data securely and only for the purposes we specify.
  • Professional advisers: We may disclose data to lawyers, accountants, insurers or auditors where necessary for legal or compliance purposes.
  • Regulatory or legal requirements: We may disclose data if required to do so by law, court order, or at the request of a regulatory authority.
  • Business transfers: If Lemley Design Ltd is involved in a merger, acquisition, or sale of assets, your personal data may be transferred. We will notify you before any such transfer takes place.

6. International Data Transfers

Our operations are based in the United Kingdom. Where any of our service providers are located outside the UK, we ensure that any transfer of your personal data is subject to appropriate safeguards as required by UK GDPR — for example, standard contractual clauses approved by the UK Information Commissioner's Office (ICO), or adequacy decisions.

7. Data Security

We take data security seriously and implement appropriate technical and organisational measures to protect your personal data against unauthorised access, accidental loss, destruction or disclosure. These measures include:

  • HTTPS encryption across all pages of our Site.
  • Access controls — personal data is only accessible by those who have a genuine need to see it.
  • Regular security reviews of our systems and processes.
  • Staff training on data protection obligations.

Despite our best efforts, no transmission of data over the internet can be guaranteed as completely secure. If you suspect any misuse or loss of your personal data, please contact us immediately at [email protected].

8. Data Retention

We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, or as required by applicable law:

  • Enquiry data (non-client): Retained for up to 24 months from your last contact, after which it is securely deleted unless you have become a client.
  • Client data: Retained for the duration of the engagement and for up to 6 years thereafter, in line with our legal and contractual obligations.
  • Website analytics data: Retained in aggregated, anonymised form. IP addresses are anonymised within 26 months.
  • Cookie consent records: Retained for 12 months.

9. Your Rights Under UK GDPR

As a data subject under UK GDPR, you have the following rights. To exercise any of them, please contact us at [email protected]. We will respond within one calendar month.

  • Right of access (Subject Access Request): You have the right to request a copy of the personal data we hold about you.
  • Right to rectification: You have the right to request correction of inaccurate or incomplete personal data.
  • Right to erasure ("right to be forgotten"): You may request deletion of your personal data where we no longer have a lawful reason to retain it.
  • Right to restriction of processing: You may request that we restrict processing of your personal data in certain circumstances.
  • Right to data portability: Where processing is based on consent or contractual necessity, you may request your data in a structured, machine-readable format.
  • Right to object: You have the right to object to processing carried out on the basis of legitimate interests, including profiling.
  • Right to withdraw consent: Where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of prior processing.

You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) — the UK supervisory authority for data protection — at ico.org.uk or by calling 0303 123 1113.

10. Children's Privacy

Our Site and services are directed at business professionals. We do not knowingly collect personal data from individuals under the age of 16. If you believe we have inadvertently collected data from a minor, please contact us immediately and we will delete it without delay.

11. Links to Third-Party Websites

Our Site may contain links to third-party websites, including clients' websites and professional networks. We are not responsible for the privacy practices of those websites and encourage you to review their privacy policies independently. Our Privacy Policy applies only to lemleydesign.com.

12. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements or other factors. We will update the "Last updated" date at the top of this page when we do so. Where changes are material, we may notify you directly by email if we hold your contact details. We encourage you to review this page periodically.

13. Contact Us

If you have any questions, concerns or requests regarding this Privacy Policy or how we handle your personal data, please get in touch: