GDPR Compliance Statement – Ginger Pixels

At Ginger Pixels, we are committed to protecting the privacy and data of our clients, partners, and website visitors. We confirm that we are fully compliant with the General Data Protection Regulation (GDPR), including both the EU GDPR and UK GDPR, as applicable.

Summary of Our GDPR Compliance:

Lawful Processing
We only collect and process personal data when we have a clear legal basis to do so, such as consent, contract fulfilment, or legal obligation.
Transparency
We inform individuals how their data will be used at the time of collection and only use it for the stated purpose.
Data Minimisation
We only collect data that is necessary and relevant.
Data Security
We use secure servers, encrypted systems, and password-protected platforms to safeguard all personal data.
Individual Rights
We uphold all data subject rights under GDPR, including the right to access, rectification, erasure, objection, and data portability.
Third-party Processors
Where we use external tools or service providers (e.g. for analytics or hosting), we ensure that they are GDPR-compliant and have appropriate Data Processing Agreements (DPAs) in place.
Breach Response
We have internal procedures for identifying, reporting, and responding to any data breaches in accordance with GDPR requirements.

For more detailed information about how we collect, store, and manage data — including cookie usage — please see our Privacy & Cookie Policy at: www.gingerpixels.co.uk/ginger-pixels-privacy-cookie-policy/

If you have any questions or requests regarding your personal data or this statement, please contact:

Christopher Corfield
Ginger Pixels
Email: studio@gingerpixels.co.uk
Phone: 07887 508 938

Ginger Pixels – Data Processing Agreement (DPA)

This Data Processing Agreement outlines how Ginger Pixels (the “Processor”) processes personal data on behalf of its clients (the “Controller”) in accordance with the UK General Data Protection Regulation (UK GDPR) and, where applicable, the EU GDPR.

1. Scope and Purpose of Data Processing

Ginger Pixels may process personal data strictly for the purpose of delivering the following services:

Website development and maintenance
Google Ads/PPC management
SEO and marketing campaigns
Integration and configuration of analytics tools (e.g. Google Analytics, Meta Pixel)
Email marketing setup (e.g. Mailchimp, Klaviyo)
Website hosting support or liaison with third-party providers

2. Categories of Personal Data Processed

Depending on the service provided, Ginger Pixels may process the following personal data on behalf of the client:

Customer names and email addresses (e.g. from mailing lists or CRM tools)
IP addresses and anonymised user behaviour data (via analytics)
Login credentials or access tokens (e.g. WordPress, Google Ads)
Contact form submissions (collected via websites we manage)
Social media user IDs (where relevant to ad campaigns or integrations)

We do not knowingly process any special category data (e.g. health, race, religious beliefs) unless expressly agreed in writing.

3. Responsibilities of the Client (Data Controller)

Clients retain full control over the data and are responsible for:

Obtaining valid consent where required under GDPR
Ensuring the data shared is accurate, lawful, and not excessive
Informing Ginger Pixels of any required data deletions or subject access requests

4. Processor Obligations (Ginger Pixels)

Ginger Pixels agrees to:

Only process data as instructed by the client
Keep personal data confidential and secure
Implement appropriate technical and organisational security measures
Notify the client without undue delay in the event of a data breach
Assist the client in fulfilling obligations related to data subject rights
Ensure employees and contractors with access to data are bound by confidentiality agreements
Not engage sub-processors without informing the client (see Section 6)

5. Duration of Processing

Personal data is only retained for the duration necessary to provide the agreed services, unless a longer retention period is legally required or agreed in writing.

6. Sub-processors

Where necessary, Ginger Pixels may use third-party tools and platforms (e.g. Google, Meta, Mailchimp, hosting providers). We ensure these services are GDPR-compliant and, where appropriate, Data Processing Agreements are in place with those vendors.

7. International Transfers

Where third-party services transfer data outside the UK or EU (e.g. to the USA), Ginger Pixels ensures that the service provider uses an appropriate safeguard mechanism, such as Standard Contractual Clauses (SCCs).

8. Termination and Deletion

Upon termination of services or at the request of the client, Ginger Pixels will securely delete or return all personal data, unless retention is legally required.

Security Controls – Ginger Pixels

Ginger Pixels takes a proactive, privacy-by-design approach to data protection. Our security measures include:

Technical Measures

Use of secure, encrypted password managers (e.g. 1Password or LastPass)
Two-factor authentication (2FA) enabled on all client-facing platforms
Secure HTTPS protocols across all websites we build or manage
Regular updates and patching of CMS software (e.g. WordPress)
Encrypted local and cloud backups of client site files
Use of secure file sharing (e.g. password-protected links, encrypted cloud platforms)

Organisational Measures

Staff access is strictly on a need-to-know basis
All employees/contractors sign confidentiality agreements
Internal data handling protocols documented and reviewed annually
Incident response plan in place for suspected breaches
No personal data is stored on unencrypted local devices

Client Access and Control

Clients retain ownership and admin access to their own platforms (e.g. Google Ads, Mailchimp)
We use client-authorised collaborator access where possible (rather than password sharing)
We encourage all clients to implement 2FA and limit user permissions on shared tools

If you have any questions about this Data Processing Agreement or our security controls, please contact:

Christopher Corfield
Ginger Pixels
Email: studio@gingerpixels.co.uk
Phone: 07887 508 938

Cookie	Duration	Description
cookielawinfo-checbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.