Privacy Policy

Last updated: 9 July 2026

This notice explains how Velocity Web — Martin Shelton, trading as Velocity Web — handles personal data collected through velocityweb.co.uk. It is written to comply with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

1. Who we are

Velocity Web is a web design, ecommerce and digital marketing agency based in the South West of England, founded in 1998 by Martin Shelton. We build and manage 65 client websites across public sector, ecommerce, academic and business sectors.

The business is operated by Martin Shelton as a sole trader, trading as Velocity Web.

Business address: 1 Queen Square, Bath, BA1 2HA
Data protection contact: [email protected]

For the purposes of UK data protection law, Martin Shelton (trading as Velocity Web) is the data controller for personal data collected through this website.

For client work, Velocity Web is a data processor acting on behalf of clients whose sites we host or support. Those clients’ data-handling is governed by separate contracts and their own privacy policies.

2. What personal data we collect

When you contact us through the enquiry form, by email or by phone, we collect:

When you use the on-site chat widget (Momentum Concierge), we collect:

Chat responses are generated by AI (currently via the Anthropic Claude API). Chat transcripts may be reviewed by Velocity Web to improve responses and — where you request it — to follow up personally. Complex enquiries can be escalated to Martin Shelton via WhatsApp.

When you visit any page, our web server automatically logs:

These logs are used for security, performance monitoring and abuse prevention. They are not linked to your identity unless you also submit a form or chat message.

Analytics and marketing tracking. With your consent, we use:

These trackers only load if you accept them via the cookie consent banner. You can change your consent at any time by clicking the “Cookie settings” link in the footer.

Cookies. We set essential cookies to operate the site, plus optional analytics and marketing cookies only with your consent. See section 8.

3. Legal basis under UK GDPR

We process personal data on these legal bases:

DataBasis
Contact form and email enquiriesConsent (you chose to contact us) and legitimate interests (responding to enquiries about our services)
Chat widget messagesConsent (you chose to send the message)
Server logs and security dataLegitimate interests (keeping the site secure and available)
Google Analytics 4 and Meta Pixel trackingConsent (given via the cookie banner; withdraw at any time)
Client-project data (during a working engagement)Contract (the agreement between us and you as a client)

4. How we use your data

We use the personal data described above to:

We do not sell your data. We do not send marketing emails to enquirers unless you explicitly opt in.

5. How long we keep it

6. Who we share your data with

We use the following third-party processors to run this website and our business. Each is contractually bound to protect your data:

ProcessorPurposeLocation
Cloudways (managed WordPress hosting)Website hosting and server-level backupsUnited Kingdom / EU
CloudflareCDN, DDoS protection, WAFGlobal (with UK-region routing where possible)
Momentum Technology Solutions LtdPowers the Momentum Concierge chat widgetUnited Kingdom
Anthropic PBCAI responses in the chat widget (via Claude API)United States (see international transfers below)
Google (Analytics 4 + Tag Manager)Site analytics — only with your consentUnited States (masked-IP mode)
Meta Platforms IrelandMeta Pixel — advertising measurement, only with your consentIreland / United States
Google WorkspaceEmail correspondence with usEuropean Union / United States
XeroInvoicing and accounting (if you become a client)United Kingdom / Australia

We may disclose personal data if required to do so by law, court order or a valid request from a UK regulator.

7. International transfers

Some of our processors — most notably Anthropic (chat AI), Google (Analytics, Tag Manager, Workspace) and Meta (Pixel) — process data outside the UK, typically in the United States or European Union. Where this happens we rely on the UK International Data Transfer Agreement, the UK Addendum to the EU Standard Contractual Clauses, or an adequacy decision to ensure your data remains protected to UK GDPR standards.

8. Cookies

Cookies on this site are managed by Complianz, which shows you a consent banner on your first visit and remembers your choices.

Essential cookies are always on — they’re required to run the site (WordPress session cookies for login, Cloudflare security cookies, the Momentum Concierge session cookie, and Complianz’s own cookie-consent record).

Analytics cookies (Google Analytics 4 via Google Tag Manager — _ga, _ga_*, _gid) load only if you accept them via the cookie banner. They record which pages you visit and where you came from, so we can improve the site.

Marketing cookies (Meta Pixel — _fbp, _fbc) load only if you accept them. They measure ad performance on Facebook and Instagram and let us show relevant follow-up ads.

A full, always-current list of every cookie on this site — including exact names, purposes and durations — is available on our Cookie Policy page, generated by Complianz from a live scan of the site.

You can review, accept, reject or change your cookie choices at any time by clicking “Manage cookie settings” in the footer. Rejecting analytics and marketing cookies will not stop you using the site.

Most browsers also let you refuse or delete cookies at the browser level; instructions vary by browser. Blocking essential cookies may break parts of the site.

9. Your rights under UK GDPR

You have the right to:

To exercise any of these rights, email [email protected]. We’ll respond within one month.

10. Security

We host on Cloudways with our own Velocity Bolt performance and security stack — Cloudflare CDN and WAF, LiteSpeed server, daily off-site backups, and up-to-date WordPress + plugin patching. All access to the admin area is over HTTPS and requires strong passwords plus two-factor authentication.

No system is perfectly secure. If you believe your data has been affected by a breach on our systems, contact us immediately at [email protected]. We will notify the ICO within 72 hours where required by law.

11. Children

This website is not directed at children under 13. We do not knowingly collect personal data from children. If you believe we have, please contact us and we will delete it.

12. Changes to this policy

We may update this policy from time to time. Material changes will be flagged at the top of the page with a revised “last updated” date. Continued use of the site after a change means you accept the updated policy.