Legal
Every policy in one place.
Procurement teams at clinics, schools and multi-site groups Google "legal" before they sign. So here's one URL with every document we publish — grouped by audience, each with a one-line summary, last-updated date, and rough read time. The five-minute version of "do they take this seriously?" answered up front.
For everyone using this site
If you visit ukwebmarketing.com, contact us, or read the blog — these are the documents that govern that.
Privacy Policy
What personal data we collect, why, what your rights are, and how to exercise them. UK GDPR + Data Protection Act 2018.
Cookie Policy
What cookies this site sets — currently none of our own — plus what Stripe sets during checkout. PECR companion to the Privacy Policy.
Terms & Conditions
The rules of using the service — what's included in each tier, what you and we are responsible for, and how things end if they end.
Accessibility Statement
Our WCAG 2.2 AAA commitment, what we test with, the known limitations, and how to report a barrier.
For clients on a subscription
If you've started a Foundation, Growth Engine, or Bespoke subscription — these define the working relationship and the data handling that goes with it.
Cancellation & Refund Policy
When you can cancel, when you're entitled to a refund, the statutory 14-day right for consumers, and the 12-month site-files commitment.
Data Processing Agreement
The UK GDPR Article 28 controller-processor instrument governing any personal data we handle on your behalf. Auto-applies to every subscription.
For security researchers
If you've found (or are looking for) a security issue — please follow these. We won't pursue legal action against good-faith research that stays in scope.
For procurement & suppliers
If you're a procurement team reviewing us against a DPA template, or a vendor we're evaluating — these are the canonical reference documents.
Sub-processor Disclosure
The canonical list of every third party we engage to process personal data — name, role, residency, data category, transfer safeguard. 30-day notice on changes.
EU-sovereign Compliance Posture
Why we host on UK/EU infrastructure by default, the per-tier sovereignty map, and the SOC 2 readiness assessment.
Questions about any of this?
Email hello@ukwebmarketing.com with the policy name in the subject. Procurement teams who need a signed paper copy of the DPA or specific sub-processor evidence — same address; we'll respond within 5 working days.