PACAVITA

Privacy Policy

Last updated: 1 March 2026

1. Data Controller

Pacavita, Saltaire, West Yorkshire. Contact: hello@pacavita.com. We are committed to protecting your privacy in compliance with UK GDPR and the Data Protection Act 2018.

2. What We Collect

  • Contact form submissions (name, email, phone, message)
  • Order data (business brief, payment details via Stripe)
  • Account data (email address for portal access)
  • Analytics data (anonymised page views, device type)
  • Cookies (see our Cookie Policy)

3. How We Use Your Data

  • To build and deliver your website (contract performance)
  • To process payments via Stripe (contract performance)
  • To respond to enquiries (legitimate interest)
  • To improve our service (legitimate interest)
  • To comply with legal obligations (legal obligation)

4. Data Sharing

We do not sell your data. We share data with: Stripe (payments), Supabase (hosting/database), Resend (email delivery), Cloudflare (CDN/hosting). All processors are GDPR-compliant with appropriate safeguards.

5. Data Retention

Account and order data: retained for 6 years (legal/tax requirement). Contact form submissions: 24 months. Analytics: anonymised, indefinite. Consent evidence: retained permanently for legal protection.

6. Your Rights

Under UK GDPR: access, rectification, erasure, restriction, portability, objection, and withdrawal of consent. Exercise any right by emailing hello@pacavita.com. We respond within 30 days.

7. Security

We implement encryption in transit (HTTPS), encrypted storage for sensitive data, access controls, and regular security reviews. Payment data is handled entirely by Stripe — we never see full card numbers.

8. Complaints

If you believe your data has been mishandled, contact us first. You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.