StartMadeSimple
Get Started

Privacy Policy

Last Updated: 7 January 2026

1. Introduction

StartMadeSimple ("we", "us", or "our") is committed to protecting your privacy and personal data. This Privacy Policy explains how we collect, use, store, and protect your personal information in compliance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

Data Controller: Herman Vermaak, trading as StartMadeSimple
Contact: For any privacy-related queries, please use our contact form.

2. Information We Collect

2.1 Information You Provide

We collect information you voluntarily provide when you:

  • Complete our contact forms (name, email address, company details, message)
  • Request a consultation or discovery call
  • Submit a project brief or upload documents
  • Use our AI-powered business clarity tool
  • Subscribe to our newsletters or updates
  • Engage with our services

2.2 Automatically Collected Information

When you visit our website, we may automatically collect:

  • IP address and browser type
  • Device information and operating system
  • Pages visited and time spent on pages
  • Referring website addresses
  • Cookies and similar tracking technologies (see our Cookie Policy)

3. How We Use Your Information

We process your personal data for the following purposes:

  • Service Delivery: To provide consultancy services, respond to inquiries, and deliver requested information
  • Contract Performance: To fulfill our contractual obligations when you engage our services
  • Communication: To send service-related communications and respond to your queries
  • Business Development: To understand client needs and improve our services
  • Legal Compliance: To comply with legal obligations and protect our legitimate interests
  • Marketing: To send promotional materials (only with your explicit consent, which you can withdraw at any time)

4. Legal Basis for Processing

Under UK GDPR, we process your data based on:

  • Consent: When you explicitly agree to processing (e.g., marketing communications)
  • Contract: When necessary to perform our services
  • Legitimate Interests: For business development and service improvement
  • Legal Obligation: When required by law

5. Data Storage and Security

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. Your data is stored securely using:

  • Encrypted databases hosted on secure servers
  • AWS S3 cloud storage with access controls for uploaded documents
  • Regular security audits and updates
  • Access restricted to authorized personnel only

We retain your personal data only as long as necessary for the purposes outlined in this policy or as required by law. Typically:

  • Contact form inquiries: 3 years from last contact
  • Client project data: 7 years for accounting purposes
  • Marketing consents: Until withdrawn

6. Data Sharing and Third Parties

We do not sell your personal data. We may share your information with:

  • Service Providers: AWS (cloud storage), email service providers, analytics tools - all under strict data processing agreements
  • Professional Advisors: Legal, accounting, or other professional advisors when necessary
  • Legal Requirements: When required by law or to protect our rights

All third-party processors are carefully selected and required to comply with UK GDPR standards.

7. Your Rights Under UK GDPR

You have the following rights regarding your personal data:

  • Right to Access: Request a copy of your personal data
  • Right to Rectification: Correct inaccurate or incomplete data
  • Right to Erasure: Request deletion of your data ("right to be forgotten")
  • Right to Restrict Processing: Limit how we use your data
  • Right to Data Portability: Receive your data in a structured format
  • Right to Object: Object to processing based on legitimate interests
  • Right to Withdraw Consent: Withdraw consent at any time (doesn't affect prior processing)

To exercise these rights, please contact us. We will respond within one month.

8. Cookies and Tracking

We use cookies to improve your experience on our website. For detailed information about the cookies we use and how to manage them, please see our Cookie Policy.

9. International Data Transfers

Your data may be transferred to and stored in countries outside the UK (e.g., AWS servers). We ensure adequate protection through:

  • Standard Contractual Clauses approved by the UK authorities
  • Adequacy decisions where applicable
  • Appropriate safeguards as required by UK GDPR

10. Children's Privacy

Our services are not directed at individuals under 18. We do not knowingly collect personal data from children. If we become aware of such collection, we will take steps to delete it promptly.

11. Changes to This Policy

We may update this Privacy Policy periodically. We will notify you of significant changes by posting the new policy on this page with an updated "Last Updated" date. We encourage you to review this policy regularly.

12. Contact Us

For any questions, concerns, or requests regarding this Privacy Policy or your personal data, please:

13. Complaints

If you believe your data protection rights have been violated, you have the right to lodge a complaint with the UK Information Commissioner's Office (ICO):

ICO Contact Details:
Website: https://ico.org.uk
Telephone: 0303 123 1113