This policy explains what personal information MichaelPC collects through the site, why it is used, who can receive it, how long it is kept, and how someone can exercise their rights or raise a complaint.
Policy version 1.3.86. Last updated 25 May 2026. Built around pre-contract enquiries, quotation intake, essential storage, anti-spam verification, and optional analytics that stays off until consent.
1. Data controller
MichaelPC controls the personal information handled through this site for enquiry review, proposal preparation, and related operational follow-up.
The privacy contact route is the contact form. Use that route and mention that the request is about privacy, access, correction, erasure, or a data-protection complaint. If a later project requires MichaelPC to process client personal data on written client instructions, that processor-side activity should be documented in the project pack or a separate DPA schedule instead of being assumed from this public site notice alone.
2. Data categories collected
The quotation and enquiry flow can collect name, business name, email address, phone number if provided, current website or domain details if provided, service type, timeline notes, project details, progress or submission timestamps, privacy acknowledgement, source page, user agent, client IP where the server records that information for security and abuse-prevention reasons, and Google reCAPTCHA verification output needed to decide whether the anti-spam check passed. If optional analytics is accepted, Google Analytics can also receive page-view and browser-usage signals for the public site.
3. Why MichaelPC uses the data
The information is used to review and respond to enquiries, assess project suitability, preserve quotation progress where a visitor moves through the multi-step flow, prepare proposals or statements of work, keep business records, trigger internal operational handling of new or incomplete requests, protect the site against spam or abusive submissions through Google reCAPTCHA plus the site’s own security checks, and understand public-page use through optional GA4 measurement where a visitor has accepted analytics.
4. Lawful basis
MichaelPC relies on pre-contract steps when someone asks about services, legitimate interests to run the enquiry and follow-up workflow responsibly, and legal obligations where accounting or business-record retention applies. Consent is used where the site explicitly asks for it, including the optional analytics choice described in the Cookie Notice.
5. Recipients and processors
The information is reviewed by MichaelPC and can be handled by the operational providers listed below when needed to host, protect, store, forward, back up, or reply to the enquiry.
MichaelPC site runtime environment: Hosts the server-rendered website and stores quotation draft and submitted request records for review.
Internal operational notification service: Used only to notify Michael about quotation handling when the private operational notification path is enabled through runtime-only configuration.
Google Analytics: Receives optional page and usage measurement data only after the visitor accepts analytics on the public site.
Google reCAPTCHA: Provides contact-form anti-spam challenge rendering and server-side verification for quotation requests.
Google or related network providers: Can receive the visitor IP, analytics traffic, or challenge traffic when Google Analytics or Google reCAPTCHA is active for the relevant page and consent state.
Business email provider: Carries direct email communication when MichaelPC replies to an enquiry or continues the conversation outside the site.
Backup or infrastructure providers used by the site environment: Support operational backup, hosting, and recovery of stored enquiry records where applicable.
6. International transfers
MichaelPC aims to keep enquiry handling controlled and proportionate. If a provider involved in hosting, email, backup, or approved AI work processes information outside the United Kingdom, MichaelPC will rely on the relevant contractual or legal transfer safeguard that applies to that provider relationship.
7. Project controller or processor roles
The public enquiry stage is handled as MichaelPC's own intake workflow. If a later project involves website migration, CRM work, automation setup, chatbot knowledge handling, or another activity where MichaelPC processes personal data on the client's written instructions, the project pack should say whether MichaelPC is acting as a processor, an independent controller, or another role for that activity. That project-specific role, retention boundary, and deletion or return expectation should be documented before that work starts.
8. Retention periods
Partial quotation drafts that are not completed are normally kept for up to 30 days unless a shorter retention or deletion decision is needed for security or abuse reasons. Submitted enquiries or quotation requests that do not become projects are normally kept for up to 24 months. Project-related records can be kept for up to 6 years where accounting, legal, or business-record retention applies. Basic security or rate-limit logs are kept only for the operational window that supports abuse prevention and troubleshooting, reCAPTCHA results are kept only as part of the stored enquiry record or request logs needed to review spam or abuse issues, and the local analytics-consent preference remains in the visitor browser until it is cleared or changed. Optional GA4 retention is then governed by the Google Analytics property settings for that service.
9. Rights and complaints
You may have rights to request access, correction, erasure, restriction, objection, or portability where the law provides them. Use the contact form and say “Data protection request” or “Data protection complaint” in the message. MichaelPC aims to acknowledge data protection complaints within 30 days and respond without undue delay. Complaints should be logged with the date received, a short issue summary, the owner handling the review, the acknowledgement date, and the response date so the issue is traceable if the matter continues. You can also complain to the ICO if you remain unhappy.
10. AI and sensitive information
MichaelPC does not need clients to send passwords, payment details, customer data, staff records, or sensitive regulated material through the public enquiry form. If AI support is later included in a project, the approved data boundary, tool choice, hosting model, review process, and human approval steps must be agreed before that work begins.
11. Security and minimisation
Reasonable technical and organisational steps are used to protect the site and stored quotation or enquiry records. Visitors should still keep the public form to the information needed for the first conversation and avoid sending unnecessary sensitive material. Optional analytics stays off until the visitor accepts it through the cookie settings path.