last updated 15th September 2023


Welcome to the privacy statement of (also referred to as “we”, “our” and “us”). This statement is designed to inform website visitors (“you”, “your” and “yours”). “Website” refers to the URL or any URLs redirecting to it. We are committed to protect your personal information and we act in accordance with applicable data protection laws, including the General Data Protection Regulation (EU 2016/679) (“GDPR”), the UK General Data Protection Legislation and UK Data Protection Act 2018 and the California Consumer Privacy Act (“CCPA”).

This statement contains information about the personal information we collect and use when you browse our Website and use our services and the purposes for which we use such information. It also sets outs your rights in relation to your personal information.

Given the nature of our Website, we do not expect to collect the personal data of anyone under 13 years old. If you are aware that any personal data of anyone under 13 years old has been shared with us, please let us know so that we can delete that data.


Under data protection laws, we need to disclose the details of the entity responsible for your personal information. Wordphrase Ltd is your data controller. Wordphrase Ltd is a private limited company registered in England and Wales under company number 10682319.

Our contact details are:

  • our registered office at Suite 110, 82 James Carter Road, Mildenhall, Suffolk, United Kingdom, IP28 7DE
  • e-mail: [email protected]


This Website includes links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites, plug-ins or applications and are not responsible for their privacy practices. When you leave our Website, we encourage you to read the privacy policy of every website you visit.


What counts as personal information or personal data? Personal data is any information from which a person (a data subject) can be identified or potentially identified from. It does not include data where the identity has been removed (anonymous data).

We may collect, use, store and transfer different kinds of personal data about you which we have grouped together as follows:

  • Identity Data: first and last name, username or similar identifier, date of birth and gender.
  • Contact Data: billing address, delivery address, e-mail address and telephone number.
  • Financial Data: bank account and payment card details.
  • Transaction Data: includes details about payments to and from you and other details of products and services you have purchased from us.
  • Technical Data: includes IP address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access this Website.
  • Profile Data: includes your username and password, purchases or orders made by you, your interests, preferences, your job title and industry you work in, feedback and survey responses.
  • Usage Data: includes information about how you use our Website, products and services.
  • Marketing and Communications Data: includes your preferences in receiving marketing from us and our third parties and your communication preferences.

How do we obtain your personal data? We use different methods to collect data from and about you. We have set out the personal data we process below in more detail. Please note that not every piece of personal data is collected or processed in each case. This depends on the particular activities carried out in your situation.

  • When you interact with us, you may give us some personal data directly. This is the case, for example, when you send us an enquiry via a form on our Website, when you create an account with us, or when you correspond with us via e-mail. In such cases, the following personal data may be processed:
    • Identity Data
    • Contact Data
  • When you browse our Website we may indirectly collect some or all of the following data from you via technologies such as cookies:
    • Technical Data
    • Usage Data

If you would like to know more about the cookies we use on our Website, please refer to our Cookie Notice (link).

  • When you make a purchase in the shop section of our Website, some or all of the following data may be collected from you:
    • Identity Data
    • Contact Data
    • Financial Data
    • Transaction Data
    • Profile Data
    • Marketing and Communications Data


We also collect, use and share aggregated data such as statistical or demographic data for any purpose. Aggregated data could be derived from your personal data but is not considered personal data in law as this data will not directly or indirectly reveal your identity. For example, we may aggregate data about how you use our Website to calculate the percentage of users accessing a specific feature or section of our Website. However, if we combine or connect aggregated data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this privacy statement.


We do not collect any special categories of personal data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health, and genetic and biometric data). Nor do we collect any information about criminal convictions and offences.


Where we need to collect personal data by law, or under the terms of a contract we have with you, and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you (for example, to provide you with a product you purchase from us). In this case, we may have to cancel the purchase but we will notify you if this is the case at the time.


We can only process your personal data when we have a lawful basis to do so. We rely on one of the following lawful bases when we process the personal data set out above:

  • consent: generally, we do not rely on consent as a legal basis for processing your personal data although we will get your consent before sending direct marketing communications to you via e-mail. You have the right to withdraw consent to receive marketing materials at any time by contacting us;
  • performance of a contract: processing your data where it is necessary for the performance of a contract to which you are a party or to take steps at your request before entering into such a contract;
  • compliance with a legal obligation: processing your personal data where it is necessary for compliance with a legal obligation that we are subject to
  • our legitimate interest: the interest of our business in conducting and managing our business to enable us to give you the best service/product and the best and most secure experience. We make sure we consider and balance any potential impact on you (both positive and negative) and your rights before we process your personal data for our legitimate interests. We do not use your personal data for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law). You can obtain further information about how we assess our legitimate interests against any potential impact on you in respect of specific activities by contacting us.


Why do we need personal data from you and what’s the purpose of processing such data? In the table below we have set out the purposes we use your personal data for and on which lawful basis we rely to do so.

To create and manage an account with us(a) Identity (b) ContactPerformance of a contract with you
To process and deliver a product you purchased including: (a) manage payments, fees and charges (b) collect and recover money owed to us(a) Identity (b) Contact (c) Financial (d) Transaction (e) Marketing and Communications(a) Performance of a contract with you (b) Necessary for our legitimate interests (to recover debts due to us)
To manage our relationship with you which will include: (a) notifying you about changes to our terms or privacy statement (b) asking you to leave a review/testimonial or take a survey(a) Identity (b) Contact (c) Profile (d) Marketing and Communications(a) Performance of a contract with you (b) Necessary to comply with a legal obligation (c) Necessary for our legitimate interests (to keep our records updated and to study how customers use our products/services)
To administer and protect our business and our Website (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data, reduce pageloads and improvement of overall performance) (a) Identity (b) Contact (c) Technical(a) Necessary for our legitimate interests (for running our business, provision of administration and IT services, network security, to prevent fraud and other criminal activity that could be damaging to both you and us, and in the context of a business reorganisation or group restructuring exercise) (b) Necessary to comply with a legal obligation
To deliver relevant website content and advertisements to you and measure or understand the effectiveness of the advertising we serve to you(a) Identity (b) Contact (c) Profile (d) Usage (e) Marketing and Communications (f) TechnicalNecessary for our legitimate interests (to study how customers use our products/services, to develop them, to grow our business and to inform our marketing strategy)
To make suggestions and recommendations to you about goods or services that may be of interest to you(a) Identity (b) Contact (c) Technical (d) Usage (e) Profile (f) Marketing and Communications  Necessary for our legitimate interests (to develop our products/services and grow our business)
To send you our marketing communications, including our newsletters, and to monitor how effective our marketing communications are and how this can be improved(a) Identity (b) Contact (c) Profile (optional) (d) Marketing and Communications (e) Technical (f) UsageConsent
Disclosures and other activities necessary to comply with legal and regulatory obligations that apply to our business, e.g. to record and demonstrate evidence of your consents where relevant(a) Technical (b) Marking and CommunicationsNecessary to comply with a legal obligation


We may use your Identity, Contact, Technical, Usage and Profile Data to form a view on what we think you may want or need, or what may be of interest to you. This is how we decide which products, services and offers may be relevant for you.

You will receive marketing communications from us about similar products and services if you have requested such information from us or purchased products or services from us and you have not opted out of receiving that marketing at the time of making that purchase or enquiry. If you have not opted out, you can still do so by following the unsubscribe link in each communication sent.

We will get your express opt-in consent before we serve you with our marketing communications – other than for similar products and/or services in case you have made a purchase, as set out in the paragraph above – and before we share your personal data with any third party for marketing purposes. You can always withdraw your consent by following the unsubscribe link in each marketing communication sent.

Please note that if you receive our marketing communications, tracking pixels may be included in our communications in order to gather data about the effectiveness of our marketing communications.

If you respond to any of our marketing communications, your response may include some personal data (other than your e-mail address and name), which we will use only for the purpose you have indicated in your response, or for the purpose of that communication. Your response is deemed your consent for us to use your personal data for that purpose.


You can ask us or third parties to stop sending you marketing messages at any time by following the opt-out links on any marketing message sent to you or by contacting us at any time.

Where you opt out of receiving these marketing messages, this will not apply to personal data provided to us as a result of a product purchase, warranty registration, product/service experience or other transactions.


Under the laws of various states of the USA, most notably the California Consumer Privacy Act (CCPA) as well as for example the Virginia Consumer Data Protection Act (VCDPA), visitors of our Website who are residents of those states have various rights in relation to their personal data. One of these rights is the right to opt-out of the sale of personal information. We offer all of our USA visitors this right. When you have a current residency in any USA state, you can exercise this right.

We may share some of your personal information to third parties, which sharing may be considered a sale under USA state privacy laws. Such personal information is for example your IP-address, device information or browsing behaviour which is shared with third party advertisers for the purpose of serving interest-based advertising.

You can exercise your right to opt-out by clicking on the following link and fill out and submit the interactive form provided here. You can also exercise your right by sending us an email at [email protected] with the information mentioned when you click the above link.

Once you make an opt-out request, we will wait at least twelve (12) months before asking you to reauthorize personal information sales. However, you may change your mind and opt back in to personal information sales at any time by contacting us.


We work with third-party service providers who, on our behalf and at our instruction, process certain personal data from you. The processing of your personal data by those service providers is subject to data processing agreements or standard contractual clauses to ensure that the required level of protection of your personal data is safeguarded. We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions. We share personal data with the following service providers:

  • Google Drive, Dropbox, Amazon AWS, BackupSheep and Backblaze, providing off-site back-up storage service for our Website
  • Quic.Cloud, providing a content delivery network service
  • Mautic, providing services to serve subscribers with marketing communications
  • our bookkeeping service provider and our accountant

We also use Google Analytics, which is a service we use to analyze the use of our Website by our visitors. Google Analytics places cookies on our Website in order to gather certain information from you when you access and browse our Website. Such information may include your IP address. However, we have implemented the IP anonymization feature so that your IP address is shortened and cannot be traced back to you. We also do not allow Google to share your data for any other purpose within their organisation. Please also refer to our Cookie Notice for more information about the cookies set for analytics purposes.

Some of the third-party service providers set out above may be based outside of, or may process personal information outside the UK or the European Economic Area (EEA). That means that certain personal data may be transferred outside of the UK or the EEA, which is only allowed if an adequate level of protection of personal information can be guaranteed. We have entered into data processing agreements with our service providers including standard contractual clauses approved by the authorities in the UK and the EU, in oder to ensure the required level of protection is guaranteed.

We may also share your personal information with law enforcement or similar authorities if required by applicable law.

Lastly, we may share personal data with third parties to whom we may choose to sell, transfer or merge parts of our business or our assets. Alternatively, we may seek to acquire other businesses or merge with them. If a change happens to our business, then the new owners may use your personal data in the same way as set out in this privacy statement.


We have put appropriate security measures in place to prevent personal information from being accidentally lost, or used or accessed in an unauthorised way. We limit access to your personal information to those within our business who have a genuine business need to know it. Those processing your information will do so only in an authorised manner and are subject to a duty of confidentiality.

We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.


We will only retain your personal data for as long as reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. We may retain your personal data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.

To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements.

By law we have to keep basic information about you if you have made a purchase from us (including Contact, Identity, Financial and Transaction Data) for six years after you cease being a customer for tax purposes.

In some circumstances you can ask us to delete your data: see Your Rights below for further information.

In some circumstances we will anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes, in which case we may use this information indefinitely without further notice to you.


Data protection laws give you a set of rights you can enforce against us for free. However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we could refuse to comply with your request in these circumstances. If you wish to exercise any of the below rights, please let us know your request by e-mail. 

You have the right to:

  • fair processing of information and transparency over how we use your use personal information;
  • access to your personal information and to certain other supplementary information;
  • require us to correct any mistakes in your information which we hold;
  • require the erasure of personal information concerning you in certain situations;
  • receive the personal information concerning you which you have provided to us, in a structured, commonly used and machine-readable format and have the right to transmit those data to a third party in certain situations;
  • object at any time to processing of personal information concerning you for direct marketing;
  • object in certain other situations to our continued processing of your personal information;
  • otherwise restrict our processing of your personal information in certain circumstances.

As a security measure and to avoid misuse of your personal information we may ask you to confirm your identity. We can only process requests from data subjects about their own data. We will get back to you about your request within one month after we received it.


If you have any questions about this Privacy Statement or if you have a complaint about the way we deal with your personal data, please contact us and give us a chance first to solve your question or complaint.

Residents of the EU and the UK also have the right to lodge a complaint with a supervisory authority, in particular in the UK or in a European Economic Area state if you work, normally live or if any alleged infringement of data protection laws occurred in that relevant state. In the UK, the supervising authority is the Information Commissioner (


We may make changes to this Privacy Statement from time to time, for example to reflect amendments in legislation or a change in the way we do business. We have the right to make such changes without giving you prior notice. You can always find the most recent version of this Privacy Statement on our Website. Your continued use of our Website following the posting of changes constitutes your acceptance of such changes.