Privacy Policy

This website is operated by Motty Creative Ltd (“we”, “us”, “our”). We are committed to protecting and preserving the privacy of visitors when they visit our site or communicate electronically with us. This policy explains how we collect, use, store, and disclose your personal data, and your rights under applicable UK data protection laws.

By using our website (motty.webflow.io) or submitting personal information to us, you agree to the practices described in this policy.

1. Data controller and contact

  • Controller: Motty Creative Ltd

  • Registered address / contact details: [INSERT ADDRESS]

  • Data Protection Officer (or contact): [If applicable, name/email]

For any queries about this policy, or to exercise your data rights, please contact us at [email address].

2. What personal data we collect & how

We may collect and process the following categories of personal data:

a) Data you supply

  • When you fill out a contact or enquiry form: your name, email address, and any message or details you provide.

  • Any other information you voluntarily provide (e.g. project requirements, business information).

b) Data collected automatically

When you visit our website, we may automatically collect:

  • Technical data: a truncated and anonymised version of your IP address, browser type and version, operating system and platform.

  • Usage data: pages you visit, time spent on pages, how you navigated to the site (referrer), click interactions, downloads, and error pages.

  • Other analytics or cookie-based data (see section on cookies).

We take care to collect only what is necessary for our purposes.

3. Legal bases for processing, and DUAA updates

Under the UK GDPR (as incorporated in UK law) and the Data Protection Act 2018, we may process your personal data only when there is a lawful basis to do so. The new Data (Use and Access) Act 2025 (“DUAA”) introduces or clarifies certain bases and amendments, which we also account for. Ogletree+3ICO+3GOV.UK+3

We rely on one or more of the following lawful bases:

  • Consent: where you have given clear consent to the processing of your personal data for a specific purpose (e.g. when you submit a contact form).

  • Performance of a contract: where processing is necessary to fulfil a contract with you (e.g. to respond to an enquiry, supply services).

  • Legitimate interests: where processing is necessary for our legitimate interests (e.g. improving the website, marketing, analytics), provided those interests do not override your data protection rights.

  • Recognised legitimate interests (where applicable under DUAA): DUAA establishes a new lawful ground for specified recognized legitimate interests (for e.g. certain public tasks or common processing) which may reduce or remove the need for a balancing test in those defined circumstances. GOV.UK+2ICO+2

  • Legal obligation: where we must process data to comply with a legal duty.

  • Public interest / other statutory basis: if required by law (rare in our context).

In all cases, we endeavour to limit the data we collect, ensure it is accurate, and only use it for the stated purposes.

4. Purposes of processing & how we use your data

We use personal data for the following purposes:

  • To respond to your enquiries and communications.

  • To provide, manage, and improve our services, website, and offerings.

  • To perform analytics and website optimization.

  • To send marketing or promotional materials (where we have consent or a lawful basis).

  • To comply with legal and regulatory obligations.

  • To detect and prevent fraud or misuse.

We will not use your personal data for purposes beyond those we have disclosed or have obtained consent for, unless required by law.

5. Data sharing & third parties

  • We use trusted third-party service providers (e.g. website hosting, email platforms, analytics tools) to assist with running and maintaining the site. These providers are bound by contract to treat personal data confidentially and only process it according to our instructions.

  • We do not rent, sell, or share personal data with non-affiliated third parties, except as necessary to provide our services or as legally required.

  • In certain cases, we may provide data to public authorities or regulators if required by law or in response to a valid request.

  • Where third parties act as data processors, we ensure appropriate technical and organisational safeguards (e.g. data-processing agreements).

6. International transfers of data

If your data is transferred outside the UK (or European Economic Area), we will ensure adequate safeguards are in place. Under DUAA, the rules for international data transfers have been relaxed in some respects—that is, a third country’s protection need only be “not materially lower” than UK standards in some cases. Ogletree+2GOV.UK+2
We will notify you of any such transfers and the safeguards used (e.g. standard contractual clauses, adequacy decisions, binding corporate rules).

7. Data retention

We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected, comply with legal obligations, resolve disputes, and enforce our agreements.
We periodically review what we hold and securely delete or anonymise data that is no longer needed.

8. Your rights

Under UK data protection law (UK GDPR, DPA 2018, and the amendments via DUAA), you have the following rights:

  • Right of access: to request a copy of the personal data we hold about you (a “subject access request”).

  • Right to rectification: to correct inaccurate or incomplete data.

  • Right to erasure (“right to be forgotten”): in some circumstances you may request deletion of your data.

  • Right to restrict processing: ask us to limit how we process your data.

  • Right to data portability: receive your data in a machine-readable format and/or request transfer to another controller.

  • Right to object: to processing based on legitimate interests (including recognized legitimate interests) or direct marketing.

  • Right to withdraw consent: if processing is based on consent, you may withdraw it at any time (without affecting processing done before withdrawal).

  • Right to complain: to the Information Commissioner’s Office (ICO) if you believe your rights have been infringed.

To exercise these rights, contact us via the contact details above. We aim to respond without undue delay and within applicable legal timeframes (typically 1 month, extendable in certain cases).

9. Cookies and similar tracking technologies

We use cookies, web beacons, and analytics tools to collect usage information and improve our site performance. You may accept or decline non-essential cookies via the cookie banner or settings. Essential cookies necessary for site operation may be used without consent.

Where consent is required (e.g. for analytics or marketing cookies), we obtain it explicitly, and you may withdraw it at any time.

10. Security

We take appropriate technical and organisational measures to protect your personal data against unauthorised or unlawful processing, and against accidental loss, destruction, or damage. These include encryption, access controls, secure servers, and internal policies.

However, no transmission over the internet or storage method is perfectly secure. While we strive to protect your data, we cannot guarantee absolute security of data in transit; any transmission is done at your own risk. Once data is received, we apply strict procedures to limit accidental or unauthorised access.

11. Data breaches

In the event of a personal data breach, we will assess its severity and, where required under UK GDPR, report it to the ICO within 72 hours of becoming aware.
If the breach is likely to result in a high risk to individuals’ rights and freedoms, we will also notify the affected individuals promptly, in a clear and transparent manner.

12. Children and online services

If we ever offer online services likely to be used by children, we will take special care to protect their data and comply with applicable design codes. DUAA also emphasises that children’s interests must be considered when designing processing operations. ICO

We do not knowingly collect personal data from children under 13 via this site.

13. Changes to this policy

We may update this privacy policy from time to time (e.g. to reflect changes under law, including DUAA, or changes in our practices).
We will publish the updated policy here and, where appropriate, notify users by email or via a notice on our site. Please check back periodically.

14. Contact and complaints

If you have questions, comments, or complaints about this policy or our data practices, please contact us at [contact email].
If you remain dissatisfied, you may lodge a complaint with the Information Commissioner’s Office (ICO):