.svg)
Effective date: 04/01/2026
Last updated: 22/01/2026
Anytime “we”, “us”, “our” are used, this refers to DFY Digital as the owner and operator of this website.
1) What this policy covers
This policy explains how we collect, use, store and share personal data when you:
- visit our website; and/or
- submit an enquiry through our website forms; and/or
- contact us by email or phone.
2) Personal data we collect and how we collect it
A) Data you provide to us
When you submit either enquiry form, we collect:
- Name;
- Company;
- Email address;
- Telephone number;
- SMS opt-in preference.
B) Communications
If you contact us by email or phone, we may keep a record of:
- the content of messages and call notes;
- the date/time and outcomes.
C) Technical data (collected automatically)
When you browse the website, we may collect limited technical information such as:
- IP address (or part of it);
- device/browser information;
- pages visited and approximate time/date;
- security/logging information.
D) Cookies and similar technologies
We use a cookie banner to manage cookies and similar technologies on this site.
Some cookies are strictly necessary for the site to function securely. Other cookies (e.g., marketing/advertising) are used only if you accept them via the cookie banner.
3) Why we use your data and the lawful basis
Under Guernsey law, we must identify and document a lawful basis (“lawful processing condition”) for processing personal data.
We use your personal data for the following purposes:
A) Handling enquiries and arranging meetings
Purpose: Responding to your request, discussing your needs, and arranging a meeting.
Legal basis: Steps at your request prior to contract and/or legitimate interests (running our business and responding to enquiries).
B) SMS contact (where you opt in)
Purpose: Contacting you by SMS to arrange a meeting, if you tick the SMS opt-in box.
Legal basis: Consent (your opt-in) and/or steps at your request (where the SMS is purely to progress your enquiry).Important: We will not send marketing/promotional SMS unless you have provided a separate, clear marketing consent (if you add this in future).
C) Website security and performance
Purpose: Maintaining website security, preventing misuse, and troubleshooting.
Legal basis: Legitimate interests.
D) Advertising measurement and retargeting (Meta Pixel)
Purpose: Measuring ad performance, creating audiences, and delivering/optimising advertising on Meta platforms.
Legal basis: Consent (marketing/advertising cookies), please see Cookies section below. Meta also provides controls for cookie-related settings for the Pixel.
4) Where your data goes
We do not sell your personal data.
We share personal data only as necessary to operate the website and communicate with you:
A) Website platform/hosting
- Webflow (website platform/hosting). Webflow states sites are stored and delivered via Cloudflare and include SSL/HTTPS.
B) Email communications
- Gmail / Google (we receive form submissions in our Gmail inbox).
C) Tag management and advertising technology (only after consent)
- Google Tag Manager (Google): used to manage which tags/scripts load on the site.
- Meta Pixel (Meta): used for advertising measurement/retargeting.
Consent control: The Meta Pixel is configured to only fire after you accept cookies (marketing/advertising cookies) via the cookie banner.
D) Professional advisers / legal compliance
- We may share data with professional advisers (e.g., accountant/lawyer) where necessary, and with authorities where legally required.
E) SMS Consent
- We do not share your SMS consent with other third parties (except SMS providers).
5) International transfers
Some providers we use (e.g., Google and Meta) may process data outside Guernsey, including in the United States. Webflow publishes sub processor information which includes providers such as Cloudflare, AWS and Google.
Where personal data is transferred internationally, we rely on appropriate safeguards and lawful transfer mechanisms used by those providers.
6) How we store and protect your data
We store enquiry information primarily in Gmail / Google Workspace Account, GoHighLevel, and Webflow.
Security measures we take include:
- access controls to email/accounts;
- strong passwords and (where enabled) multi-factor authentication;
- keeping software/devices updated;
- using reputable hosting/platform providers with security controls.
No system is completely secure, but we take appropriate measures to reduce risk.
7) How long we keep your data
We keep personal data only as long as necessary for the purposes set out above.
Enquiry data (non-clients):
- Retained for 24 months from the date of the last communication, then deleted or anonymised where practicable.
Client records:
- Retained for 24 months after the end of the client relationship (typically to manage accounts, resolve disputes, and meet legal/tax obligations).
Basic platform/security logs:
- Retained for 12 months.
Cookie/Pixel data:
- Retention is influenced by your cookie consent choices and the settings of the relevant platforms (e.g., Meta/Google).
8) Your rights
Guernsey law provides individuals with rights over their personal data, including (subject to applicable exemptions):
- the right to be informed;
- the right of access;
- the right to rectification;
- the right to erasure;
- the right to restriction;
- the right to object;
- the right to data portability rights relating to automated decision-making.
How to exercise your rights: contact us at Josh@dfydigital.gg. We may ask for information to verify your identity before responding.
9) Cookies, Google Tag Manager and Meta Pixel
Cookie choices:
You can accept or reject non-essential cookies using the cookie banner and [“Cookie settings” link/location].
- Strictly necessary cookies: required for the site to function securely.
- Marketing/advertising cookies: used for Meta Pixel and ad measurement/retargeting (only if you accept them).
Meta Pixel:
If you accept marketing/advertising cookies, the Meta Pixel may collect data about your device and actions on the site (e.g., page views and interactions) and share it with Meta to measure and improve advertising. Meta provides GDPR-related guidance for Pixel implementation.
10) Children
This website is not directed at children, and we do not knowingly collect personal data from children.
11) Complaints
If you have a concern, please contact us first and we will try to resolve it.
You can also complain to Guernsey’s supervisory authority:
Office of the Data Protection Authority (ODPA);
Telephone: +44 (0)1481 742074;
Email: info@odpa.gg
Address: Block A, Lefebvre Court, Lefebvre Street, St Peter Port, GY1 2JP
12) Who we are
This website is owned and operated by Joshua Stephens, a sole trader resident in Guernsey (“DFY Digital").
Trading address: Rue des Caches, St Saviours, Guernsey;
Email: Josh@dfydigital.gg;
Phone: +44 7781 434130.
We provide information about our digital marketing services, aimed solely at Guernsey.
Guernsey’s principal data protection legislation is the Data Protection (Bailiwick of Guernsey) Law, 2017, which came into effect on 25 May 2018 and was drafted to reflect GDPR standards.
13) Additional rights for other jurisdictions
This business is based in Guernsey and services are aimed solely at Guernsey. However, if you access this site from another jurisdiction, additional local rights may apply to you to the extent the relevant law applies.
For example, if California privacy law applies to our activities, California residents may have rights to request access to or deletion of personal information and to opt out of “sale”/certain “sharing”. We do not sell personal information.
14) Changes to this policy
We may update this policy from time to time. The latest version will always be posted on this page with the “Last updated” date.