Privacy and cookie policy

Last updated 30 May 2026

This policy explains how Webol Limited (“Webol”, “we”, “us”) collects and uses personal data, and your rights over it. It covers our website, our sales and marketing, our work with clients and suppliers, and recruitment. It is written to meet the UK GDPR and the Data Protection Act 2018.

Where we process personal data on behalf of a client as part of delivering our services, the client is the controller and we act as a processor under our Data Processing Agreement. In that case the client’s own privacy notice governs those individuals. This policy covers the personal data for which Webol is the controller.

1. Who we are

Webol Limited is the data controller for the personal data described in this policy.

• Address: Suite 15, The Enterprise Centre, Coxbridge Business Park, Farnham, Surrey, GU10 5EH
• Email: hello@webol.co.uk
• Phone: 020 7550 9299
• Company number: 12147057, registered in England and Wales
• ICO registration number: ZC161074

2. The personal data we collect, and whose

Depending on how you interact with us, we may process personal data about the following people:

• Website visitors and enquirers: name, email, phone number and the content of your enquiry.
• Prospects and marketing contacts: business contact details (name, role, company, email, phone) and engagement data such as whether you have opened our emails or replied. Some of this is obtained from third-party sources (see section 4).
• Clients and their representatives: contact and account details for our client relationships, project and billing information, and correspondence.
• Suppliers and contractors: contact and payment details needed to manage the relationship.
• Job applicants: the details in your application and CV, and our assessment of it.

We do not seek to collect special category data (such as health or ethnicity). Please do not send it to us unless we ask.

3. How and why we use it, and our lawful basis

Purpose	Lawful basis (UK GDPR Article 6)
Responding to enquiries and providing information you ask for	Legitimate interests, and taking steps to enter into a contract
Providing and managing our services, and billing	Performance of a contract, and legal obligation for accounting records
Marketing our services to business contacts (including email)	Legitimate interests, and consent where required by law
Managing suppliers and contractors	Performance of a contract, and legitimate interests
Recruitment	Legitimate interests, and taking steps to enter into a contract
Website analytics and cookies	Consent
Security, fraud prevention and protecting our business	Legitimate interests
Meeting legal and regulatory obligations	Legal obligation

Where we rely on legitimate interests, we have considered your rights and you can object at any time (see section 9).

4. Where we get your data

• directly from you, when you contact us, enquire, work with us or apply for a role;
• automatically, through cookies and analytics when you use our website (see section 7);
• from third parties, including business contact and prospecting sources such as LinkedIn and similar B2B tools, and referrals;
• from clients, where they ask us to contact their people as part of a project.

5. Who we share it with

We do not sell your personal data. We share it only with organisations that help us run our business, under appropriate contracts and data protection terms. These fall into the following categories:

• IT and infrastructure: cloud, hosting and IT providers (for example Google Workspace and Amazon Web Services);
• Software and AI tools: AI and productivity tools we use to run the business and deliver work (for example our email, meeting-notes, code and AI-assistant tools). Our business-tier AI tools are configured so your content is not used to train their models;
• Sales and marketing: CRM, proposal, scheduling and outreach tools that hold business contact data;
• Our group company: our group development company, Webol Solutions Pvt Ltd in India, which supports delivery;
• Professional advisers and payments: our accountants, solicitors, bank and payment providers;
• Authorities: regulators, law enforcement or others where we are required to by law.

A current list of the sub-processors that may handle personal data as part of our service delivery is available on request and is set out in our sub-processor list.

6. International transfers

Some of our providers, and our group company in India, are based outside the United Kingdom, so your personal data may be processed outside the UK. Where it is, and the country is not covered by UK adequacy regulations, we put an appropriate safeguard in place, such as the UK International Data Transfer Agreement or the UK Addendum to the EU Standard Contractual Clauses, together with the provider’s own data protection terms.

7. Cookies and similar technologies

Cookies are small files placed on your device when you visit a website. Some are essential for the site to work; others help us understand how the site is used or support our marketing, and these are only set with your consent. The cookies and tools we use fall into these groups:

• Essential: needed for the site to function and to keep it secure, including Google reCAPTCHA on our forms to prevent spam.
• Analytics: Google Analytics 4 (via Google Tag Manager) and Hotjar, which help us understand how visitors use the site, including aggregate usage and anonymised session activity.
• Advertising and remarketing: Google Ads and Microsoft (Bing) Ads, which let us measure and target advertising, including remarketing.
• Functional and marketing: Calendly (meeting booking), Nutshell (our CRM) and MarketingCloudFX, which support scheduling, enquiries and marketing measurement.

We set non-essential cookies (analytics, advertising and functional) only after you accept them through our cookie banner. You can change or withdraw your choice at any time through the banner, and you can also control cookies through your browser settings.

8. How long we keep it

We keep personal data only for as long as we need it, and to meet legal and accounting requirements. Our standard periods are:

• enquiries and contacts we stay in touch with: for as long as it remains relevant. We review these periodically and remove a contact after 5 years with no engagement, or sooner if you opt out;
• clients and suppliers: for the duration of our relationship and 6 years afterwards, to cover contractual and tax requirements;
• accounting and financial records: 6 years, as required by law;
• marketing contacts: until you opt out, or after 5 years with no engagement, when we review and remove them;
• unsuccessful job applicants: 6 months after the decision, unless you agree we can keep your details on file for longer;
• website analytics: up to 14 months;
• the cookie consent record: 12 months.

At the end of these periods we securely delete or anonymise the data.

9. Your rights

Under UK data protection law you have the right to:

• ask for a copy of the personal data we hold about you;
• ask us to correct it if it is wrong, or to delete it;
• ask us to restrict or object to how we use it, including objecting to direct marketing;
• ask us to transfer it to another organisation, where that right applies;
• withdraw your consent at any time, where we rely on consent.

To exercise any of these, email hello@webol.co.uk. We will respond within the time limits set by law, normally one month. You also have the right to complain to the Information Commissioner’s Office (ICO) at ico.org.uk, although we would appreciate the chance to address your concern first.

10. How we keep your data secure

We use appropriate technical and organisational measures to protect personal data, including access controls, encryption in transit and at rest where appropriate, and due diligence over the providers we use. No system is completely secure, but we take reasonable steps to protect your information and to deal properly with any breach.

11. Children

Our website and services are aimed at businesses and are not directed at children. We do not knowingly collect personal data about children.

12. Changes to this policy

We may update this policy from time to time. The latest version will always be on this page, with the date it was last updated shown at the top.

13. How to contact us

For any question about this policy or your personal data, contact us at hello@webol.co.uk, or write to Webol Limited, Suite 15, The Enterprise Centre, Coxbridge Business Park, Farnham, Surrey, GU10 5EH.