Privacy policy.

Last updated: 23 April 2026

Last updated: 23 April 2026

JC AdWorks ("we", "us", "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, store, and protect your personal information when you visit our website, contact us, or engage our services.

We are the data controller responsible for your personal data. If you have any questions about this policy or how we handle your data, please contact us at management@jcadworks.com.

1. Who we are

  • Business name: JC AdWorks
  • Location: Ipswich, Suffolk, United Kingdom
  • Contact email: management@jcadworks.com

2. Information we collect

We collect the following categories of personal data:

Information you provide directly

  • Contact form submissions: name, email address, phone number (optional), and any message or enquiry details you choose to share.
  • Free demo requests: name, email address, phone number (optional), business name, industry, website URL, and any additional information you provide.
  • Client engagement data: additional information shared during the course of working with us, including business details, access credentials for accounts you authorise us to work on, and project materials.

Information collected automatically

  • Technical data: IP address, browser type and version, device type, operating system, screen resolution, referring URL, and pages visited.
  • Usage data: pages viewed, time spent on the site, links clicked, and session information.
  • Cookie data: see Section 10 below for details on cookies.

3. How we collect your information

We collect personal data in the following ways:

  • Directly from you when you fill out forms on our website, email us, or engage our services.
  • Automatically when you browse the site, through cookies, analytics tools, and standard web server logs.
  • From third-party services we use (e.g., email service providers, analytics platforms), within the limits of their own privacy policies.

4. Legal basis for processing your data

Under UK GDPR, we only process your personal data where we have a lawful basis to do so. The lawful bases we rely on are:

  • Consent: where you have given clear consent for us to process your data for a specific purpose (e.g., opt-in to marketing emails, acceptance of non-essential cookies).
  • Contract: where processing is necessary to perform a contract with you, or to take steps at your request before entering into a contract (e.g., responding to a demo request, delivering services to a client).
  • Legitimate interests: where processing is necessary for our legitimate business interests and does not override your rights and freedoms (e.g., responding to enquiries, improving our website, fraud prevention).
  • Legal obligation: where we are required by law to process your data (e.g., accounting and tax records).

5. How we use your information

We use your personal data for the following purposes:

  • To respond to enquiries and fulfil demo requests
  • To deliver services to clients and manage client relationships
  • To improve our website, services, and client experience
  • To send service-related communications (operational messages, not marketing unless you've opted in)
  • To comply with legal, tax, and regulatory obligations
  • To prevent fraud, abuse, or unauthorised use of our systems
  • To maintain the security of our website and data

We will never sell your personal data to third parties.

6. Who we share your data with

We share your data only with trusted third-party service providers (data processors) who help us operate our business. All processors are bound by contract to protect your data and process it only on our instructions.

  • Resend — used to send and deliver transactional emails (e.g., notifications about form submissions). Resend is a US-based company and may process data outside the UK/EEA. Appropriate safeguards are in place (see Section 7).
  • Supabase — used to host our database and authentication systems. Depending on region settings, Supabase may store data within the EU, US, or other regions. Appropriate safeguards are in place.
  • Website hosting provider — provides the infrastructure that serves our website.
  • Google (Analytics, where used) — used to understand aggregate website usage patterns. IP addresses are anonymised where possible.
  • Professional advisors — such as accountants or legal advisors, where necessary for legitimate business purposes.
  • Law enforcement or regulators — where legally required to disclose data.

We may share anonymised or aggregated data (which does not identify you personally) for analytics and business reporting purposes.

7. International data transfers

Some of our data processors are based outside the United Kingdom and the European Economic Area (EEA), including the United States. Where we transfer your personal data outside the UK/EEA, we ensure that appropriate safeguards are in place, including:

  • Standard Contractual Clauses (SCCs) approved by the UK Information Commissioner's Office
  • Adequacy decisions where the destination country has been determined to provide adequate protection
  • Additional technical and organisational measures where required

If you would like more information about the safeguards we rely on for international transfers, please contact us at management@jcadworks.com.

8. How long we keep your data

We keep personal data only for as long as necessary for the purposes it was collected, and in accordance with legal and regulatory requirements:

  • Website enquiries and contact form submissions: up to 2 years from the date of submission, or longer if a client relationship develops.
  • Free demo requests: up to 1 year if no engagement follows, after which data is deleted or anonymised.
  • Client data and records: for the duration of our engagement, plus 6 years after the end of the engagement for accounting, tax, and legal purposes.
  • Analytics data: up to 26 months (default retention in most analytics platforms), after which it is aggregated or deleted.
  • Marketing consent records: retained for as long as you remain subscribed, plus evidence of consent for up to 2 years after you unsubscribe.

After the applicable retention period, data is securely deleted or anonymised.

9. Your rights under UK GDPR

You have the following rights regarding your personal data:

  • Right to be informed — about how we use your data (this policy).
  • Right of access — to request a copy of the personal data we hold about you.
  • Right to rectification — to correct any inaccurate or incomplete data.
  • Right to erasure ("right to be forgotten") — to request deletion of your data in certain circumstances.
  • Right to restrict processing — to ask us to limit how we use your data.
  • Right to data portability — to request a copy of your data in a machine-readable format.
  • Right to object — to processing based on legitimate interests or direct marketing.
  • Right to withdraw consent — at any time, where we rely on consent as our legal basis.
  • Right not to be subject to automated decision-making — including profiling that produces legal or similarly significant effects.

To exercise any of these rights, email us at management@jcadworks.com. We will respond within one month.

If you are unhappy with how we have handled your data, you have the right to lodge a complaint with the Information Commissioner's Office (ICO):

  • Website: ico.org.uk
  • Phone: 0303 123 1113
  • Address: Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF

10. Cookies

Our website uses cookies to function properly and to improve your experience. We use:

  • Essential cookies: required for basic site functionality (e.g., session management, authentication for the admin area, security features). These cannot be disabled.
  • Analytics cookies: help us understand how visitors use our site, so we can improve it. These are only set with your consent.
  • Functional cookies: remember your preferences (e.g., cookie consent choices).

We do not use advertising or third-party tracking cookies for marketing purposes without your explicit consent.

You can control cookies through your browser settings. Note that disabling essential cookies may prevent parts of the site from working properly.

11. Data security

We take the security of your personal data seriously and implement appropriate technical and organisational measures, including:

  • HTTPS encryption for all data transmitted to and from the website
  • Access controls limiting who can access personal data internally
  • Secure password storage using industry-standard hashing
  • Regular security reviews of our systems and processors
  • Incident response procedures in the event of a suspected data breach

While we take reasonable steps to protect your data, no method of transmission or storage is 100% secure. We cannot guarantee absolute security, but in the event of a breach that is likely to result in a high risk to your rights, we will notify you and the ICO without undue delay as required by law.

12. Children's data

Our website and services are not directed at children under the age of 16. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us at management@jcadworks.com and we will delete it promptly.

13. Third-party links

Our website may contain links to third-party websites. This Privacy Policy does not apply to those sites. We encourage you to review the privacy policies of any third-party sites you visit.

14. Changes to this Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or the services we provide. When we make material changes, we will update the "Last updated" date at the top of this page and, where appropriate, notify you by email or via a notice on our website.

Your continued use of our website after changes constitutes acceptance of the updated policy.

15. Contact us

If you have any questions, concerns, or requests regarding this Privacy Policy or how we handle your data, please contact us at:

Email: management@jcadworks.com

We aim to respond to all privacy-related enquiries within 5 working days, and within one month for formal requests made under UK GDPR.