1. Who We Are
Certi.Design is the controller of the personal information described in this notice. Our business contact details are shown on this page and on the Contact page.
2. Information We Collect
We may collect your name, email address, telephone or WhatsApp number, social-media contact, business or brand name, billing and delivery address, order and invoice details, project briefs, artwork and files, messages, payment status, website usage information, IP address, device information and security logs.
Card details are processed by the payment provider and are not stored in full by us. Cryptocurrency transactions may be visible on public blockchain networks.
3. Why We Use Your Information
- To answer enquiries and prepare quotations.
- To create, manage and deliver design, website, software, print and digital projects.
- To take and reconcile payments, issue invoices and maintain accounting records.
- To operate customer portals, provide files and communicate project updates.
- To prevent fraud, spam, abuse and security incidents.
- To comply with legal, tax, regulatory and insurance requirements.
- To improve our services and website where this is compatible with your rights.
4. Lawful Bases
We normally process customer information because it is necessary to take steps at your request before entering a contract, to perform a contract, to comply with legal obligations, or for our legitimate interests in operating and protecting the business. We use consent where the law requires it, including for optional direct marketing. You can withdraw consent at any time.
5. Who We Share Information With
We may share information only where necessary with website and hosting providers, email providers, payment providers such as Square, banking and cryptocurrency services, print or fulfilment partners, professional advisers, insurers, fraud-prevention providers and public authorities. Suppliers receive only the information needed to perform their role and must handle it appropriately.
6. International Transfers
Some service providers may process information outside the United Kingdom. Where this happens, we use an appropriate legal transfer mechanism or another protection recognised by UK data-protection law.
7. Retention
Enquiries that do not become projects are normally kept for up to 24 months after the last meaningful contact. Customer, order, payment and invoice records are normally kept for up to 7 years where needed for accounting, tax, legal or dispute purposes. Project and delivery files are retained according to the file-retention period shown in the customer portal or order. Security records are kept only for as long as reasonably required.
8. Your Rights
Depending on the circumstances, you may have rights to access, correct, erase, restrict or object to the use of your information, to receive portable information and to complain about automated decisions. These rights are not absolute. Contact us using contact@certi.design to make a request.
9. Complaints
Please contact us first so we can try to resolve your concern. You can also complain to the UK Information Commissioner's Office.
10. Cookies and Security
We use essential cookies and session storage to operate logins, baskets, checkout, security and form protection. Optional analytics runs only after consent and may measure pages viewed, traffic source, device and browser type, and approximate country, region or city. Our first-party analytics uses one-way identifiers and does not retain raw IP addresses. Optional marketing technologies should only be used in accordance with the applicable cookie rules. We use reasonable technical and organisational safeguards, but no internet service can promise absolute security.
11. Changes
We may update this notice when our services, suppliers or legal obligations change. The latest version will be published here with its update date.