Designas CAD
  • Home
  • 3D
  • Portfolio
  • Services
    • Cabinetry Design
    • Joinery Design
    • Soft Furniture Design
    • Product Design & Engineering
    • Architectural Component Design
  • Academy
  • Login
  • Contact Us
Home→Privacy Policy
Legal

Privacy Policy

Version 2.0 | Effective Date: 9 July 2026 | Designas Ltd

Contents

  1. Who We Are
  2. Data We Collect
  3. Why We Use Your Data
  4. How Long We Keep It
  5. Who We Share It With
  6. International Transfers
  7. Your Rights
  8. Cookies
  9. Data Breaches
  10. AI & Automated Processing
  11. Changes to This Policy
  12. Contact Us

This Privacy Policy explains how Designas Ltd ("we", "us", "our") collects, uses, stores, and shares your personal data when you use designascad.com, submit a project enquiry, use our client portal, or otherwise engage our services.

We are committed to protecting your privacy and handling your data transparently. This Policy complies with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, the Privacy and Electronic Communications Regulations 2003 (PECR), and the Data Use and Access Act 2025 (DUAA 2025).

01

Who We Are

The data controller responsible for your personal data is:

Designas Ltd

Company Number: 15297097

Registered Address: 20 Wenlock Road, London, England, N1 7GU

Email: hello@designascad.com

Website: designascad.com

If you have any questions about this Policy or how we handle your data, please contact us at hello@designascad.com.

02

Data We Collect

We collect personal data in the following contexts:

Contact and enquiry data — When you submit a project enquiry via our contact form, we collect: first name, last name, email address, phone number (optional), company name (optional), service required, project brief, and any reference files you upload.

Client portal data — When you register for or use our client portal, we collect: login credentials (email and hashed password), account number, order history, revision requests, file downloads, and activity timestamps.

Communications data — Emails, messages, or other communications you send us, including their content and metadata.

Technical data — IP address, browser type and version, operating system, referring URL, pages visited, time and date of visits, and session duration. This is collected automatically via server logs and, if enabled, analytics tools.

File data — Design files, drawings, images, or other documents you share with us as part of a project. These are stored securely and used solely for the purpose of delivering our services.

We do not collect special category data (such as health data, biometric data, or political opinions) and we do not knowingly collect data from persons under 18.

03

Why We Use Your Data

We process your personal data only where we have a lawful basis under UK GDPR Article 6. The table below sets out each purpose and its legal basis:

PurposeLegal Basis
Responding to your project enquiryPre-contractual steps at your request (Art. 6(1)(b))
Providing CAD design services and delivering project filesPerformance of contract (Art. 6(1)(b))
Managing your client portal accountPerformance of contract (Art. 6(1)(b))
Sending invoices, payment reminders, and project updatesPerformance of contract (Art. 6(1)(b))
Keeping accounting and financial recordsLegal obligation (Art. 6(1)(c)) — Companies Act 2006
Analysing website usage to improve our servicesLegitimate interests (Art. 6(1)(f)) — improving service quality
Sending marketing emails about our services (where opted in)Consent (Art. 6(1)(a)) — you may withdraw at any time
Complying with legal obligations and regulatory requirementsLegal obligation (Art. 6(1)(c))
04

How Long We Keep Your Data

We retain personal data only for as long as necessary for the purposes described in this Policy, or as required by law. Our standard retention periods are:

Data TypeRetention PeriodReason
Client account and portal dataDuration of relationship + 7 yearsHMRC and Companies Act obligations
Project files and design deliverables12 months after project completionRevision and warranty support
Financial records (invoices, payments)7 years from the end of the relevant tax yearHMRC legal obligation
Enquiry data (leads not converted to clients)12 months from last contactLegitimate business interest
Email communications3 years from last correspondenceDispute resolution
Server access logs (technical data)90 daysSecurity and performance monitoring
Marketing consent recordsUntil consent withdrawn + 3 yearsEvidencing lawful basis for processing

When data reaches the end of its retention period, we delete or anonymise it securely.

05

Who We Share Your Data With

We do not sell, rent, or trade your personal data. We share it only in the following limited circumstances:

Service providers (data processors) — We use trusted third-party providers who process data on our behalf and under our instructions:

  • Hostinger — web hosting and email infrastructure. Data stored on servers within the European Economic Area.
  • Cloudflare — file storage (Cloudflare R2) and network services. Subject to Cloudflare's Standard Contractual Clauses for international transfers.
  • Google Analytics (if enabled) — website analytics. Pseudonymised data only; IP anonymisation enabled.

Legal and regulatory disclosure — We may disclose your data to courts, regulators, or law enforcement agencies where we are legally required to do so, or where necessary to establish, exercise, or defend legal claims.

Business transfers — In the event of a merger, acquisition, or sale of assets, your data may be transferred to a successor entity, subject to equivalent privacy protections.

All processors are required to process your data only on our instructions, maintain appropriate security measures, and comply with applicable data protection law.

06

International Transfers

Some of our service providers operate in countries outside the United Kingdom or European Economic Area. Where we transfer your personal data internationally, we ensure appropriate safeguards are in place:

  • Cloudflare — transfers governed by Standard Contractual Clauses (SCCs) approved by the ICO, supplemented by Cloudflare's Data Processing Addendum.
  • Hostinger — primary data processing within the EEA; any transfers outside the EEA are governed by SCCs.

You may request a copy of the relevant safeguards by contacting us at hello@designascad.com.

07

Your Rights

Under UK GDPR and the Data Use and Access Act 2025, you have the following rights in respect of your personal data:

  • Right of access — to obtain a copy of the personal data we hold about you (subject access request).
  • Right to rectification — to have inaccurate data corrected without undue delay.
  • Right to erasure — to have your data deleted where it is no longer necessary, consent has been withdrawn, or processing is unlawful, subject to legal retention obligations.
  • Right to restriction — to restrict processing of your data in certain circumstances.
  • Right to data portability — to receive your data in a structured, commonly used, machine-readable format, where processing is based on consent or contract.
  • Right to object — to object to processing based on legitimate interests, and to stop receiving direct marketing at any time.
  • Right not to be subject to solely automated decisions — we do not make solely automated decisions with legal or significant effects (see Section 10).

To exercise any of these rights, contact us at hello@designascad.com. We will respond within 30 days of receiving your request (extendable by a further two months for complex requests, with notice). Under DUAA 2025, if you are dissatisfied with our response you have a right to complain, and we will acknowledge your complaint within 30 days.

You also have the right to lodge a complaint with the Information Commissioner's Office (ICO):
Website: ico.org.uk
Telephone: 0303 123 1113

08

Cookies

We use cookies and similar technologies on our website. Under PECR and the DUAA 2025 soft opt-in provisions, we categorise cookies as follows:

CategoryExamplesConsent Required?
Strictly necessarySession management, security, client portal authentication (JWT cookies)No — essential for the site to function
AnalyticsGoogle Analytics (if enabled) — page views, session data, referral sourceYes — consent required before placement
Marketing/advertisingGoogle Ads conversion tracking, Meta Pixel (if enabled)Yes — consent required before placement
FunctionalSaved preferences, language settingsYes — where not strictly necessary

You can manage your cookie preferences at any time through your browser settings. Withdrawing consent does not affect the lawfulness of processing prior to withdrawal. Note that disabling certain cookies may affect the functionality of our website or portal.

Microsoft Clarity (if enabled) is used to collect heatmap and session data to improve the website experience. Clarity data is pseudonymised and not used to identify individuals.

09

Data Breaches

We maintain technical and organisational security measures appropriate to the risk of processing, including:

  • Encryption of data in transit (TLS 1.2 or higher on all web connections)
  • Encrypted storage of passwords (bcrypt, minimum 12 rounds)
  • HTTP-only, secure cookies for authentication tokens
  • Access controls limiting data access to authorised personnel only
  • Private file storage with time-limited signed access URLs (Cloudflare R2)

In the event of a personal data breach that is likely to result in a risk to the rights and freedoms of individuals, we will notify the ICO within 72 hours of becoming aware of the breach, as required under UK GDPR Article 33. Where the breach is likely to result in a high risk to affected individuals, we will also notify those individuals without undue delay. Full details of our breach response procedure are available on request at hello@designascad.com.

10

AI & Automated Processing

We may use AI-assisted tools in producing design work. Where AI tools process personal data (for example, client-submitted images or documents), we use only vetted, privacy-compliant providers and will not input your personal data into public AI systems without your explicit consent.

We do not use solely automated decision-making — including profiling — that produces legal or similarly significant effects on you, as defined under UK GDPR Article 22. All significant decisions relating to your account, project, or contractual relationship involve human review.

11

Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, services, or legal obligations. Where changes are material, we will notify registered users by email and post a prominent notice on our website at least 14 days before the changes take effect.

The effective date at the top of this page indicates when the Policy was last updated. Continued use of our website or services after the effective date constitutes acceptance of the updated Policy.

12

Contact Us

For privacy-related questions, data subject requests, or complaints:

Email: hello@designascad.com

Post: Designas Ltd, 20 Wenlock Road, London, England, N1 7GU

Response time: We aim to respond within 5 working days, and within 30 days for formal data subject requests.

If you are not satisfied with our response, you have the right to complain to the Information Commissioner's Office: ico.org.uk — Tel: 0303 123 1113.

Designas CAD
  • Home
  • Portfolio
  • Contact
  • Privacy Policy
  • Terms & Conditions
© 2026 Designas CAD. All rights reserved.
Designas Ltd · Company No. 15297097 · Registered office: 20 Wenlock Road, London, England, N1 7GU