Privacy Policy

We respect your privacy and are committed to protecting your personal data in accordance with UK GDPR and the Data (Use and Access) Act 2025.

Last updated: 06 February 2026

Data Controller

Ceredigion Network
Email: privacy@ceredigion.net

What Data We Collect

• Contact data you submit via forms (e.g., name, email)
• Anonymous website usage data to improve user experience
• Necessary cookies to enable essential functionality
• Analytics/marketing cookies with your prior consent only

Legal Basis for Processing

We process your personal data based on:

• Consent: For analytics and marketing cookies (prior consent required)
• Contract Performance: To provide services you have requested
• Legitimate Interests: To improve our website and security (no balancing test required for recognised legitimate interests)
• Legal Obligation: To comply with legal requirements

Cookies & Consent

We use a cookie consent banner to allow you to accept or reject non-essential cookies. Prior consent is required for all non-essential cookies (analytics, marketing). Legitimate interests cannot replace consent for tracking cookies.

Manage your cookie preferences

See also our Cookie Policy for full details.

How We Use Data

We use your personal data to provide and improve services, respond to enquiries, and maintain security. We will never sell your data to third parties.

Analytics & Session Recording

When you consent to analytics cookies, we may use:

• Google Tag Manager: To centrally manage and deploy third-party tracking services.
• Microsoft Clarity: To record user interactions (clicks, scrolls, mouse movements) and create heatmaps to understand user experience. Clarity automatically masks personal data (e.g., text entered in form fields) to protect privacy. Session data is retained for up to 90 days.

You can opt-out at any time by rejecting analytics cookies in your cookie preferences .

Data Retention

We retain personal data for as long as necessary for the purposes it was collected, or as required by law:

• Contact data: up to 3 years after last contact
• Cookie data: up to 12 months (analytics), until withdrawn (consent)
• Clarity data: up to 90 days
• Security/log data: up to 6 years (legal obligations)

Your Rights Under UK GDPR

You have the following rights under UK GDPR and the Data (Use and Access) Act 2025:

• Right of access: Obtain a copy of your personal data
• Right to rectification: Correct inaccurate data
• Right to erasure: Request deletion of your data
• Right to restrict: Restrict processing of your data
• Right to object: Object to processing based on legitimate interests
• Right to data portability: Receive your data in a structured format
• Right to withdraw consent: Withdraw consent at any time
• Right to complain: Complain to the Information Commissioner's Office (ICO)

We will respond to data subject requests within one month of receiving all necessary information.

International Transfers

Some service providers (e.g., Microsoft Clarity, Google Tag Manager) may process data outside the UK. We ensure all transfers comply with UK GDPR by using:

• Adequacy decisions (where applicable)
• Standard Contractual Clauses (SCCs)
• Transfer Risk Assessments (TRAs) to ensure protection levels are not materially lower

Security

We take appropriate technical and organisational measures to protect your personal data from loss, unauthorised use, or disclosure. This includes encryption, access controls, and regular security monitoring.

Contact & Complaints

If you have any questions about this privacy policy or would like to exercise your rights, contact us:

Email: privacy@ceredigion.net

You also have the right to complain to the Information Commissioner's Office (ICO) if you believe your data has been handled unlawfully:

Make a complaint to the ICO