Privacy and Cookies Policy
Last updated: June 2026
1. Introduction
1.1 We are committed to protecting the privacy of our website visitors and the people who use our services.
1.2 This policy explains how we collect, use, store and protect your personal data, and the rights you have in relation to it. It applies where we act as a data controller, meaning where we decide why and how your personal data is processed.
1.3 We use cookies on our website. Where cookies are not strictly necessary for the website to work, we will ask for your consent before they are set. See Sections 12 to 15 for details.
1.4 In this policy, “we”, “us” and “our” refer to RST Developments Ltd, trading as Build Your Business Online. Our full details are in Section 18.
1.5 We comply with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
2. How we use your personal data
2.1 This section sets out the categories of personal data we process, the purposes for which we process them, and the lawful basis for each.
2.2 Enquiry and discovery call data. When you contact us through our website forms, by email, by phone, or when you book a discovery call, we process the information you give us, such as your name, email address, phone number and the details of your enquiry. We use this to respond to you, to discuss your requirements, and to provide quotes. Our lawful basis is taking steps at your request before entering into a contract, and our legitimate interests in responding to and managing enquiries.
2.3 Client and project data. When you engage our services, we process the information needed to deliver them. This may include your name, business name, contact details, billing details, content and materials you provide for your project, and login or access credentials where you provide them. We use this to deliver the agreed services, to communicate with you, and to keep proper records. Our lawful basis is the performance of our contract with you. Any login credentials are treated as confidential and used only to carry out the agreed work.
2.4 Transaction data. When you make a payment, we process transaction details such as your name, contact details and the details of the payment. Card details are handled directly by our payment providers (see Section 4.4) and are not stored by us. We use this data to take payment, provide refunds and keep accounting records. Our lawful basis is the performance of our contract with you and compliance with our legal obligations, including tax and accounting law.
2.5 Newsletter and marketing data. If you sign up for our newsletter or opt in to receive a free download, we process your name and email address to send you the content you requested and related tips and offers about our services. Our lawful basis is your consent. You can unsubscribe at any time using the link in any email, after which we will stop sending you marketing.
2.6 Customer relationship data. We keep records of our dealings with clients and prospective clients, including contact details and the content of our communications, so we can manage our relationships, provide ongoing support and keep accurate records. Our lawful basis is our legitimate interests in managing our business relationships effectively.
2.7 Website usage data. When you visit our website we may process technical data such as your IP address, approximate location, browser type, operating system, referral source and the pages you view. This comes from our analytics tools, which run only where you have consented to non-essential cookies. We use this data to understand how our website is used and to improve it. Our lawful basis is our legitimate interests in monitoring and improving our website and services.
2.8 Correspondence data. We process the content of, and information relating to, any communication you send us, in order to communicate with you and to keep records. Our lawful basis is our legitimate interests in administering our business and dealing with communications.
2.9 We may also process any of the personal data described above where it is necessary to establish, exercise or defend legal claims, to obtain professional advice or insurance, or to comply with a legal obligation. Our lawful basis in these cases is our legitimate interests in protecting our business, or compliance with a legal obligation, as applicable.
2.10 Please do not send us anyone else’s personal data unless we have asked you to.
3. Automated decision-making
3.1 We do not carry out automated decision-making that produces legal effects concerning you, or that similarly significantly affects you.
4. Sharing your personal data
4.1 We do not sell your personal data. We share it only as described below, and only as far as is reasonably necessary.
4.2 Service providers (processors). We use trusted third-party providers to help us run our business, for example email and newsletter platforms, website hosting, scheduling tools and IT support. These providers process personal data on our behalf under contract and only on our instructions.
4.3 Payment providers. Payments are handled by our payment providers, PayPal and Stripe. We share transaction data with them only as needed to process payments, make refunds and deal with related queries. These providers act as data controllers in respect of the payment data they handle, and their own privacy policies apply.
4.4 Professional advisers and insurers. We may share personal data with our accountants, legal or other professional advisers and insurers where reasonably necessary to obtain advice, maintain cover, manage risk, or establish, exercise or defend legal claims.
4.5 Legal obligations. We may disclose personal data where required to comply with a legal obligation, to protect someone’s vital interests, or in connection with legal claims.
5. International transfers
5.1 Our website hosting is based in the UK.
5.2 Some of our service providers (for example certain analytics, email, advertising and payment providers) may process personal data outside the UK. Where this happens, we take steps to ensure your data is protected to UK standards, by relying on UK adequacy regulations or appropriate safeguards such as the UK International Data Transfer Agreement or the UK Addendum to the EU Standard Contractual Clauses.
6. How long do we keep your personal data
6.1 We do not keep personal data for longer than necessary for the purposes for which it was collected.
6.2 In general:
(a) Enquiry data from people who do not become clients is kept for up to 2 years from your last contact with us, then deleted.
(b) Client and transaction records are kept for the duration of our relationship and for 6 years afterwards, to meet our legal, tax and accounting obligations and to deal with any later claims.
(c) Newsletter and marketing data is kept until you unsubscribe or ask us to remove you, after which we retain a minimal record of your request not to be contacted.
6.3 We may keep personal data for longer where necessary to comply with a legal obligation or to protect someone’s vital interests.
7. How we keep your personal data secure
7.1 We use appropriate technical and organisational measures to protect your personal data against loss, misuse and unauthorised access or alteration.
7.2 We store personal data on secure systems, and sensitive information such as account credentials is held securely.
7.3 Data sent between your browser and our website in connection with enquiries and payments is protected using encryption.
7.4 No transmission of data over the internet can be guaranteed to be completely secure, but we take reasonable steps to protect the information you send us.
8. Your rights
8.1 Under data protection law you have the following rights. Some are complex and subject to conditions, so this is a summary rather than a full statement of the law.
(a) the right to be informed about how your data is used;
(b) the right of access to your personal data;
(c) the right to have inaccurate data corrected;
(d) the right to have your data erased in certain circumstances;
(e) the right to restrict processing in certain circumstances;
(f) the right to object to processing carried out on the basis of legitimate interests, and to object at any time to processing for direct marketing;
(g) the right to data portability where processing is based on consent or contract and is carried out by automated means;
(h) the right to withdraw consent at any time, where our processing is based on consent; and
(i) the right to complain (see Section 9).
8.2 To exercise any of these rights, contact us using the details in Section 18. We will respond within the timeframes required by law, normally within one month. We will provide the first copy of your personal data free of charge.
9. How to make a complaint
9.1 If you are unhappy with how we have handled your personal data, you have the right to complain to us directly, and we would prefer the chance to put things right.
9.2 You can make a complaint by contacting us using any of the details in Section 18, marking your message for the attention of our data protection contact. It helps if you tell us what has happened and what you would like us to do.
9.3 We will acknowledge your complaint within 30 days of receiving it, and we will provide a full response without undue delay.
9.4 If you are not satisfied with our response, or if we do not respond within a reasonable time, you can complain to the Information Commissioner’s Office (ICO), which is the UK’s supervisory authority for data protection. You can do this without complaining to us first, but raising it with us first will usually be quicker. The ICO’s contact details are at www.ico.org.uk, by phone on 0303 123 1113, or by post to Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF.
10. Third-party websites
10.1 Our website contains links to third-party websites. We have no control over, and are not responsible for, the privacy practices or content of those websites.
11. Children
11.1 Our website and services are intended for adults and are not directed at children. We do not knowingly collect personal data from children. If we become aware that we hold a child’s personal data without an appropriate basis, we will delete it.
12. About cookies
12.1 A cookie is a small file containing an identifier that is sent by a website to your browser and stored by it. Cookies may be “session” cookies, which expire when you close your browser, or “persistent” cookies, which remain until they expire or you delete them.
12.2 Cookies do not usually identify you directly, but personal data we hold about you may be linked to information obtained from cookies.
13. Cookies we use
13.1 We use the following types of cookies:
(a) Strictly necessary cookies, which are required for the website to function and to remember your cookie preferences. These do not require consent.
(b) Analytics cookies, which help us understand how visitors use our website so we can improve it. We use Google Analytics for this purpose. These are set only with your consent.
(c) Advertising and tracking cookies, which help us measure and tailor our marketing. We use the Meta (Facebook) Pixel for this purpose. These are set only with your consent.
13.2 The analytics and advertising tools above are provided by third parties who set their own cookies. Google’s privacy policy is available at www.google.com/policies/privacy, and Meta’s is available at www.facebook.com/privacy/policy.
14. Managing cookies
14.1 You can manage your cookie preferences through the consent banner on our website at any time.
14.2 Most browsers also allow you to block or delete cookies through their settings. Blocking all cookies may affect how parts of our website work.
15. When we act as a data processor
15.1 When we deliver projects for clients, we may handle personal data on a client’s behalf, for example data held within a website we build or maintain. In those cases the client is the data controller and we act as their data processor. This policy does not apply to that processing; our responsibilities are instead set out in our agreement with the client.
15.2 We use MailerLite to manage our own email and newsletter activity. MailerLite acts as our processor for that purpose.
16. Changes to this policy
16.1 We may update this policy from time to time by publishing a new version on our website. Please check this page from time to time. Where changes are significant, we may also notify you by email.
17. Data protection registration
17.1 We are registered with the UK Information Commissioner’s Office as a data controller. Our registration number is ZA373034.
18. Our details
18.1 This website is owned and operated by RST Developments Ltd, trading as Build Your Business Online. We are registered in England and Wales under company number 05792385, with our registered office at 20-22 Wedlock Road, London, N1 7GU, United Kingdom.
18.2 The person responsible for data protection queries is Kathy Rustell.
18.3 You can contact us:
(a) by email, at info@bybodigital.com;
(b) by phone, on +44 (0)1271 815128;
You can read our Terms & Conditions here
