Privacy policy

Your data,
handled responsibly.

This policy explains how Crown & Code collects, uses, stores, and protects personal data when you use this website or contact us.

Last updated: 4 March 2026

1. Who we are

Crown & Code is the data controller for personal data collected through this website.

Contact: help@crownandcode.co.uk07762450318

2. Personal data we collect

We collect only data needed to respond to enquiries, provide quotes, schedule calls, and protect the site.

  • Identity and contact data: name, email address, optional phone number, optional company name
  • Enquiry and booking data: project details, notes, quote selections, booking slot details
  • Technical and security data: IP address, user agent, request metadata, and anti-abuse checks

3. How we collect data

  • Directly from you when you submit forms (quote and booking requests)
  • Automatically from your browser and device when you visit the site
  • From security tooling used to detect spam, abuse, and malicious requests

4. Legal bases (UK GDPR)

  • Article 6(1)(b): to take steps at your request before entering into a contract and to provide requested services
  • Article 6(1)(f): legitimate interests in running, securing, and improving this website and service delivery
  • Article 6(1)(c): compliance with legal obligations where applicable
  • Article 6(1)(a): consent where consent is specifically requested

5. How we use your data

  • Respond to enquiries and quote requests
  • Schedule and manage discovery calls
  • Prepare proposals, scope, timelines, and delivery plans
  • Maintain operational and security logs to protect the site and API endpoints
  • Comply with legal, tax, and regulatory obligations where required

6. Sharing your data

We do not sell personal data. We may share data with trusted service providers who process data on our behalf (for example hosting/infrastructure and communication tools), and where required by law or to protect legal rights.

7. International data transfers

Where data is processed outside the UK, we take reasonable steps to ensure appropriate safeguards are in place in line with UK data protection requirements.

8. Data retention

We retain personal data only as long as necessary for enquiry handling, delivery, operational security, and legal/accounting obligations, then delete or anonymise it where appropriate.

9. Security

  • Form abuse protection, rate limiting, and request validation
  • Server-side input validation and controlled logging
  • Security headers and HTTPS controls where supported

10. Cookies and similar technologies

This site uses essential technical cookies only. In particular, we set cc_csrf to protect forms against cross-site request forgery (CSRF).

No marketing or advertising cookies are set by this site. Third-party infrastructure used to serve assets may receive technical request data such as IP address and user agent.

11. Your rights

Under UK data protection law, you may have rights to:

  • Access a copy of your personal data
  • Correct inaccurate data
  • Request deletion where applicable
  • Object to or restrict certain processing
  • Request data portability in applicable cases
  • Withdraw consent where processing is based on consent

12. Complaints

If you have concerns, contact us first and we will try to resolve them promptly. You also have the right to lodge a complaint with the UK Information Commissioner’s Office (ICO).

13. Changes to this policy

We may update this policy from time to time. Material changes will be reflected on this page with an updated revision date.