GDPR Policy

Date updated: 31/05/2023



Rouge Media Ltd. is committed to protecting the privacy and personal data of individuals using our website design services. This policy outlines how we collect, process, store, and protect personal data in accordance with the General Data Protection Regulation (GDPR).


Personal Data: Any information that relates to an identified or identifiable individual.
Data Subject: An identified or identifiable individual to whom personal data relates.
Controller: The entity that determines the purposes and means of processing personal data.
Processor: An entity that processes personal data on behalf of the controller.

Lawful Basis for Processing Personal Data

We will only collect and process personal data if we have a lawful basis to do so under the GDPR. The lawful bases for processing personal data include:

Consent: We will obtain explicit consent from individuals before processing their personal data for specific purposes.
Contractual Necessity: We may process personal data to fulfill our contractual obligations with clients or to take pre-contractual steps at the request of the data subject.
Legal Obligation: We may process personal data to comply with legal obligations imposed on us.
Legitimate Interests: We may process personal data based on our legitimate interests, provided they are not overridden by the individual’s interests or fundamental rights and freedoms.

Types of Personal Data Collected

We may collect and process the following types of personal data:

Contact information (name, email address, phone number)
Client-specific information necessary for project management and communication
Website usage data (cookies, IP address, browser type)
Other relevant personal data provided voluntarily by individuals

Purposes of Processing Personal Data

We will process personal data for the following purposes:

Providing website design services to clients
Communicating with clients and responding to inquiries
Improving our services and enhancing user experience
Complying with legal obligations
Marketing and promotional activities with explicit consent

Data Subject Rights

We respect the rights of individuals regarding their personal data and will provide the necessary mechanisms to exercise those rights, including:

Right to access: Individuals can request access to their personal data held by us.
Right to rectification: Individuals can request correction or update of inaccurate or incomplete personal data.
Right to erasure: Individuals can request the deletion of their personal data, subject to certain legal obligations.
Right to restrict processing: Individuals can request the restriction of processing of their personal data under specific circumstances.
Right to data portability: Individuals can request a copy of their personal data in a structured, commonly used, and machine-readable format.
Right to object: Individuals can object to the processing of their personal data in certain situations.
Right not to be subject to automated decision-making: Individuals have the right to not be subject to decisions based solely on automated processing, including profiling.

Data Security Measures

We have implemented appropriate technical and organizational measures to ensure the security of personal data we process. These measures include:

Regular data backups and secure storage
Access controls and authentication mechanisms
Data encryption in transit and at rest
Regular security assessments and audits
Employee training on data protection and confidentiality.

Data Retention

We will retain personal data for as long as necessary to fulfill the purposes outlined in this policy, or as required.