This Privacy Policy explains how Designas Ltd ("we", "us", "our") collects, uses, stores, and shares your personal data when you use designascad.com, submit a project enquiry, use our client portal, or otherwise engage our services.
We are committed to protecting your privacy and handling your data transparently. This Policy complies with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, the Privacy and Electronic Communications Regulations 2003 (PECR), and the Data Use and Access Act 2025 (DUAA 2025).
The data controller responsible for your personal data is:
Designas Ltd
Company Number: 15297097
Registered Address: 20 Wenlock Road, London, England, N1 7GU
Email: hello@designascad.com
Website: designascad.com
If you have any questions about this Policy or how we handle your data, please contact us at hello@designascad.com.
We collect personal data in the following contexts:
Contact and enquiry data — When you submit a project enquiry via our contact form, we collect: first name, last name, email address, phone number (optional), company name (optional), service required, project brief, and any reference files you upload.
Client portal data — When you register for or use our client portal, we collect: login credentials (email and hashed password), account number, order history, revision requests, file downloads, and activity timestamps.
Communications data — Emails, messages, or other communications you send us, including their content and metadata.
Technical data — IP address, browser type and version, operating system, referring URL, pages visited, time and date of visits, and session duration. This is collected automatically via server logs and, if enabled, analytics tools.
File data — Design files, drawings, images, or other documents you share with us as part of a project. These are stored securely and used solely for the purpose of delivering our services.
We do not collect special category data (such as health data, biometric data, or political opinions) and we do not knowingly collect data from persons under 18.
We process your personal data only where we have a lawful basis under UK GDPR Article 6. The table below sets out each purpose and its legal basis:
| Purpose | Legal Basis |
|---|---|
| Responding to your project enquiry | Pre-contractual steps at your request (Art. 6(1)(b)) |
| Providing CAD design services and delivering project files | Performance of contract (Art. 6(1)(b)) |
| Managing your client portal account | Performance of contract (Art. 6(1)(b)) |
| Sending invoices, payment reminders, and project updates | Performance of contract (Art. 6(1)(b)) |
| Keeping accounting and financial records | Legal obligation (Art. 6(1)(c)) — Companies Act 2006 |
| Analysing website usage to improve our services | Legitimate interests (Art. 6(1)(f)) — improving service quality |
| Sending marketing emails about our services (where opted in) | Consent (Art. 6(1)(a)) — you may withdraw at any time |
| Complying with legal obligations and regulatory requirements | Legal obligation (Art. 6(1)(c)) |
We retain personal data only for as long as necessary for the purposes described in this Policy, or as required by law. Our standard retention periods are:
| Data Type | Retention Period | Reason |
|---|---|---|
| Client account and portal data | Duration of relationship + 7 years | HMRC and Companies Act obligations |
| Project files and design deliverables | 12 months after project completion | Revision and warranty support |
| Financial records (invoices, payments) | 7 years from the end of the relevant tax year | HMRC legal obligation |
| Enquiry data (leads not converted to clients) | 12 months from last contact | Legitimate business interest |
| Email communications | 3 years from last correspondence | Dispute resolution |
| Server access logs (technical data) | 90 days | Security and performance monitoring |
| Marketing consent records | Until consent withdrawn + 3 years | Evidencing lawful basis for processing |
When data reaches the end of its retention period, we delete or anonymise it securely.
We do not sell, rent, or trade your personal data. We share it only in the following limited circumstances:
Service providers (data processors) — We use trusted third-party providers who process data on our behalf and under our instructions:
Legal and regulatory disclosure — We may disclose your data to courts, regulators, or law enforcement agencies where we are legally required to do so, or where necessary to establish, exercise, or defend legal claims.
Business transfers — In the event of a merger, acquisition, or sale of assets, your data may be transferred to a successor entity, subject to equivalent privacy protections.
All processors are required to process your data only on our instructions, maintain appropriate security measures, and comply with applicable data protection law.
Some of our service providers operate in countries outside the United Kingdom or European Economic Area. Where we transfer your personal data internationally, we ensure appropriate safeguards are in place:
You may request a copy of the relevant safeguards by contacting us at hello@designascad.com.
Under UK GDPR and the Data Use and Access Act 2025, you have the following rights in respect of your personal data:
To exercise any of these rights, contact us at hello@designascad.com. We will respond within 30 days of receiving your request (extendable by a further two months for complex requests, with notice). Under DUAA 2025, if you are dissatisfied with our response you have a right to complain, and we will acknowledge your complaint within 30 days.
You also have the right to lodge a complaint with the Information Commissioner's Office (ICO):
Website: ico.org.uk
Telephone: 0303 123 1113
We use cookies and similar technologies on our website. Under PECR and the DUAA 2025 soft opt-in provisions, we categorise cookies as follows:
| Category | Examples | Consent Required? |
|---|---|---|
| Strictly necessary | Session management, security, client portal authentication (JWT cookies) | No — essential for the site to function |
| Analytics | Google Analytics (if enabled) — page views, session data, referral source | Yes — consent required before placement |
| Marketing/advertising | Google Ads conversion tracking, Meta Pixel (if enabled) | Yes — consent required before placement |
| Functional | Saved preferences, language settings | Yes — where not strictly necessary |
You can manage your cookie preferences at any time through your browser settings. Withdrawing consent does not affect the lawfulness of processing prior to withdrawal. Note that disabling certain cookies may affect the functionality of our website or portal.
Microsoft Clarity (if enabled) is used to collect heatmap and session data to improve the website experience. Clarity data is pseudonymised and not used to identify individuals.
We maintain technical and organisational security measures appropriate to the risk of processing, including:
In the event of a personal data breach that is likely to result in a risk to the rights and freedoms of individuals, we will notify the ICO within 72 hours of becoming aware of the breach, as required under UK GDPR Article 33. Where the breach is likely to result in a high risk to affected individuals, we will also notify those individuals without undue delay. Full details of our breach response procedure are available on request at hello@designascad.com.
We may use AI-assisted tools in producing design work. Where AI tools process personal data (for example, client-submitted images or documents), we use only vetted, privacy-compliant providers and will not input your personal data into public AI systems without your explicit consent.
We do not use solely automated decision-making — including profiling — that produces legal or similarly significant effects on you, as defined under UK GDPR Article 22. All significant decisions relating to your account, project, or contractual relationship involve human review.
We may update this Privacy Policy from time to time to reflect changes in our practices, services, or legal obligations. Where changes are material, we will notify registered users by email and post a prominent notice on our website at least 14 days before the changes take effect.
The effective date at the top of this page indicates when the Policy was last updated. Continued use of our website or services after the effective date constitutes acceptance of the updated Policy.
For privacy-related questions, data subject requests, or complaints:
Email: hello@designascad.com
Post: Designas Ltd, 20 Wenlock Road, London, England, N1 7GU
Response time: We aim to respond within 5 working days, and within 30 days for formal data subject requests.
If you are not satisfied with our response, you have the right to complain to the Information Commissioner's Office: ico.org.uk — Tel: 0303 123 1113.