1. Introduction
This Privacy Policy explains how CM Interactive Limited ("we", "us", "our") collects, uses, stores, and protects your personal data when you visit our website at https://cminteractive.uk, contact us, or engage us for services.
We are committed to protecting your privacy and handling your personal data in an open and transparent manner. We process personal data in accordance with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and the Privacy and Electronic Communications Regulations 2003 (PECR).
This policy is governed by, and construed in accordance with, the laws of England and Wales.
By using our website or providing your personal data to us, you confirm that you have read and understood this Privacy Policy.
2. Who We Are (Data Controller)
CM Interactive Limited (company number 15392983) is a Limited liability company registered in England and Wales with Companies House. We are the data controller responsible for your personal data.
Business name: CM Interactive Limited
Company number: 15392983
Correspondence address: Unit A, 82 James Carter Road, Mildenhall, Suffolk, United Kingdom, IP28 7DE
Website: https://cminteractive.uk
Contact for data matters: help@cminteractive.uk
The correspondence address above is a mail-forwarding address. All development work is carried out remotely. If you have any questions about this policy or how we handle your data, please contact us using the details above.
3. The Personal Data We Collect
We only collect the personal data we need. Depending on how you interact with us, this may include:
3.1 Enquiry data (contact form)
When you complete our contact form, we collect your name, your email address, the content of your message, and the technical data necessary to deliver and secure the form (see Section 3.4).
3.2 Booking data (discovery calls)
If you book a discovery call, this is handled through Calendly, which collects your name, email address, chosen time slot, and any details you provide. Calendly processes this data under its own privacy policy.
3.3 Client data
If you become a client, we may process additional information required to deliver our services, such as your business contact details, project requirements, and any materials, content, or source code relating to your project.
3.4 Technical and usage data
When you visit our website, we may automatically collect your IP address and approximate (city-level) location, browser type and device information, pages viewed and how you interact with the site, and your referral source. This is collected through Google Analytics and Cloudflare Turnstile (see Section 7).
We also set a consent management cookie called "cm_analytics_consent" to store your cookie preference decision.
3.5 What we do not collect
We do not collect or process any special category data (such as health, racial or ethnic origin, religious beliefs, or biometric data). We do not store payment card details - all payments are handled separately by our bank and any third-party payment providers, who act as independent controllers under their own privacy policies.
4. How and Why We Use Your Data (Lawful Bases)
Under UK GDPR we must have a lawful basis for processing your personal data. The bases we rely on are set out below.
| Purpose | Type of data | Lawful basis |
|---|---|---|
| Responding to enquiries you send us | Name, email, message | Legitimate interests – to respond to and manage enquiries |
| Scheduling and conducting discovery calls | Name, email, booking details | Legitimate interests / steps prior to entering a contract |
| Providing our services to clients | Client contact details, project materials, source code | Contract – performance of our agreement with you |
| Keeping records for legal and contractual reasons | Enquiry and project records | Legal obligation and legitimate interests (defending potential claims) |
| Website security and spam prevention | IP address, technical data (via Turnstile) | Legitimate interests – protecting our site and systems |
| Understanding website usage | Analytics data (via Google Analytics) | Consent (for non-essential cookies under PECR) |
Where we rely on legitimate interests, we have considered whether those interests are overridden by your rights and freedoms, and we believe they are not. You have the right to object to this processing (see Section 10).
Where we rely on consent (for example, for analytics cookies), you may withdraw it at any time without affecting the lawfulness of processing carried out before withdrawal.
5. How Long We Keep Your Data (Retention)
We keep personal data only for as long as necessary for the purposes for which it was collected, including to satisfy legal, accounting, or reporting requirements.
| Data | Retention period | Reason |
|---|---|---|
| General enquiries / leads that do not become projects | 2 years from initial contact | To follow up on the enquiry and maintain business records |
| Client enquiry and contractual records | 6 years after the end of the project | To allow for potential contractual claims under the Limitation Act 1980 |
| Client source code and project files | 6 years after project completion | Legal liability and to defend potential claims |
| Website analytics data | Up to 26 months (Google Analytics default) | Website performance analysis |
| Cloudflare Turnstile security data | Short-term only (typically up to 24 hours) | Spam and bot prevention |
When the retention period ends, we will securely delete or anonymise your data unless we are required by law to retain it for longer.
6. Who We Share Your Data With
We do not sell your personal data. We only share it where necessary, with service providers (processors) who help us run our website and business (listed in Section 7); professional advisers (such as accountants or legal advisers) where reasonably necessary; and authorities or regulators where we are legally required to do so.
Where a third party acts as our processor, they act only on our instructions and are bound by a written agreement that meets the requirements of UK GDPR.
7. Third-Party Services
We use the following third-party services. Each has its own privacy policy, which we encourage you to review.
7.1 Google Analytics
Purpose: To understand how visitors use our website.
Data: IP address (anonymised), device and browser data, pages viewed, interactions.
Provider: Google. Data may be transferred outside the UK (see Section 9).
Privacy policy: policies.google.com/privacy
7.2 Cloudflare Turnstile
Purpose: To protect our contact form from spam and automated abuse, without invasive tracking.
Data: IP address, technical and challenge-response data.
Provider: Cloudflare, Inc.
Privacy policy: cloudflare.com/privacypolicy
7.3 Calendly
Purpose: To schedule discovery calls.
Data: Name, email, booking details.
Provider: Calendly LLC (US-based).
Privacy policy: calendly.com/privacy
7.4 GitHub Pages
Purpose: Hosting of this website (cminteractive.uk).
Provider: GitHub, Inc.
Privacy policy: GitHub Privacy Statement
7.5 Krystal Hosting
Purpose: Hosting of client websites (not this website).
Provider: Krystal Hosting Ltd (UK-based).
Privacy policy: krystal.io/legal/privacy-policy
7.6 Payments
Invoicing and payments are handled by our bank, Monzo Bank Ltd, and may involve other independent payment providers. These organisations are separate data controllers and process your data under their own privacy policies. We do not store your card or banking details.
8. Cookies and Analytics
Our website uses cookies and similar technologies. Under PECR, we will only set non-essential cookies (such as Google Analytics cookies) where you have given consent.
- Essential / security: Cloudflare Turnstile may set technical data necessary to protect the contact form. These are strictly necessary and do not require consent.
- Essential (cookie preference): We set a cookie titled "cm_analytics_consent" to remember your cookie preference. This cookie stores your choice to either accept or decline analytics and expires after 365 days. This is not shared with third parties, and is necessary for us to respect your preference across visits to our site.
- Analytics: Google Analytics cookies help us understand site usage. These require your consent, which you can give or refuse through our cookie notice and withdraw at any time through your browser settings.
You can control or delete cookies through your browser settings. Doing so may affect how parts of the website function.
9. International Transfers
Some of our service providers (such as Google and Calendly) are based outside the UK, which may mean your data is transferred internationally.
Where data is transferred outside the UK, we ensure an appropriate safeguard is in place, such as the UK's adequacy regulations, or the International Data Transfer Agreement (IDTA) or the UK Addendum to the EU Standard Contractual Clauses.
10. Your Rights
Under UK GDPR, you have the following rights in relation to your personal data:
- Right to be informed – about how we use your data (this policy).
- Right of access – to request a copy of the data we hold about you.
- Right to rectification – to have inaccurate data corrected.
- Right to erasure – to ask us to delete your data, subject to our legal retention obligations.
- Right to restrict processing – to limit how we use your data in certain circumstances.
- Right to data portability – to receive your data in a structured, commonly used, machine-readable format.
- Right to object – to processing based on legitimate interests, including direct marketing.
- Rights relating to automated decision-making – we do not carry out automated decision-making or profiling that produces legal or similarly significant effects.
To exercise any of these rights, contact us at help@cminteractive.uk. We will respond within one month, as required by UK GDPR. There is normally no charge, although we may charge a reasonable fee or refuse a request that is manifestly unfounded or excessive.
11. How We Protect Your Data
We take appropriate technical and organisational measures to keep your data secure, including HTTPS encryption across the website, Cloudflare protection against spam, abuse, and denial-of-service attacks, limiting access to personal data to those who need it, and keeping software and systems up to date.
No method of transmission over the internet is completely secure. While we work to protect your data, we cannot guarantee absolute security.
12. Children's Data
Our website and services are aimed at businesses and are not directed at children. We do not knowingly collect personal data from anyone under the age of 18.
13. Complaints
If you have concerns about how we handle your data, please contact us first at help@cminteractive.uk so we can try to resolve the matter.
You also have the right to complain to the UK supervisory authority:
Information Commissioner's Office (ICO)
Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
Helpline: 0303 123 1113
Website: ico.org.uk
14. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. The "Last updated" date at the top shows when it was last revised. Material changes will be posted on this page.