BWP Creative Limited (t/a Parish Council Websites) Privacy Policy

Last updated: 01/02/2026

1. Introduction

BWP Creative Limited (t/a Parish Council Websites) (“we”, “our”, or “us”) is committed to protecting and respecting your privacy.

This privacy policy explains how we collect, use, store and protect personal data when providing website hosting, development, email hosting and related digital services.

We primarily provide services to parish councils, town councils and small organisations across the United Kingdom.

2. Who We Are

BWP Creative Limited is a company registered in England and Wales.

Trading name: Parish Council Websites
Email: info@parishcouncilwebsites.co.uk
Address: 227 Lichfield Road, Rushall, Walsall, West Midlands WS4 1EA

3. Our Role Under Data Protection Law

In most cases, we act as a data processor on behalf of our clients. This means we process personal data only to provide the services requested by the client.

Our clients, such as parish councils and town councils, are usually the data controller. They are responsible for deciding what personal data is collected, why it is collected, and how long it should be retained.

Where we collect and use personal data for our own business purposes, such as client account administration, billing, support and communication, we act as a data controller.

4. Information We May Collect

We may collect and process the following types of information.

Information you give us

You may provide information by filling in forms on our website, contacting us by email, telephone or post, or using the services we provide.

This may include:

Your name
Email address
Telephone number
Organisation name
Billing and account details
Support requests and correspondence

Information we collect automatically

When you visit our website, we may collect limited technical information, including your IP address, browser type, device information and basic website usage information.

Information processed as part of our services

When providing website hosting, development, maintenance or email services, we may process data on behalf of clients. This may include:

Website content and databases
Uploaded files and documents
Website form submissions
User account data
Email account data, where email hosting is provided
Email metadata, such as sender, recipient and timestamps

5. How We Use Personal Data

We use personal data for the following purposes:

To provide website, hosting, email and support services
To manage client accounts and contracts
To respond to enquiries and support requests
To issue invoices and manage payments
To maintain the security and reliability of our services
To comply with legal, accounting and reporting obligations
To inform clients about important service changes

We do not sell personal data to third parties.

We do not use personal data for marketing purposes without appropriate consent or another lawful basis.

6. Lawful Basis for Processing

We process personal data under one or more of the following lawful bases:

Contract: where processing is necessary to provide agreed services
Legitimate interests: for running our business, providing support, maintaining security and improving services
Legal obligation: where processing is required by law, accounting rules or regulatory requirements
Consent: where consent is specifically required, such as for certain marketing activities

7. Where Data Is Stored

Website and email data hosted by us is stored on UK-based servers within our managed hosting infrastructure, using established hosting providers and data centres.

We do not routinely transfer client website or email data outside the United Kingdom.

Where third-party services are used to help provide our services, we take reasonable steps to ensure appropriate safeguards are in place.

8. Backups and Data Resilience

Hosted websites and associated email accounts are backed up using automated backup systems, including JetBackup where available.

Backups may include:

Website files
Website databases
Email account data
Account configuration data

Backups are maintained for resilience, disaster recovery and restoration purposes. Multiple restore points are retained, and backups are stored separately from the live hosting account where supported by the hosting platform.

Backups are generally performed at account level, meaning website files, databases and email data can be restored where required. Individual email accounts may also be restored where the backup system supports this.

Backup retention periods may vary depending on the hosting platform and service provided.

9. Security and Encryption

We take appropriate technical and organisational measures to protect personal data.

These measures may include:

HTTPS / SSL certificates for websites
Encryption in transit using SSL/TLS
Secure hosting environments
Access controls and authentication
Firewall and infrastructure-level protections
Regular software updates and maintenance
Automated backups and restore capability

Email transmission is secured using TLS where supported by the sending and receiving mail servers.

Data is protected at rest within the hosting infrastructure through provider-level security controls.

10. Email Hosting and Compliance Considerations

Where email hosting is provided through cPanel-based hosting, email accounts are included within the hosting environment and may be covered by account-level backups.

For organisations with higher email usage, formal retention requirements, audit requirements, FOI obligations or advanced compliance needs, we may recommend dedicated email platforms such as Microsoft 365.

Microsoft 365 can provide additional features such as advanced security, retention policies, archiving and eDiscovery tools.

11. Disclosure of Personal Data

We may share personal data with trusted third parties where necessary to provide our services. This may include:

Hosting providers
Domain registrars
Email infrastructure providers
Payment and accounting service providers
Technical support providers
Professional advisers, where required

We only share data where necessary and do not sell personal data to third parties.

12. Data Retention

We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, including legal, accounting and reporting requirements.

When deciding retention periods, we consider:

The amount, nature and sensitivity of the data
The risk of harm from unauthorised use or disclosure
The purposes for which the data is processed
Whether those purposes can be achieved by other means
Applicable legal and contractual requirements

Client account information is usually retained for the duration of the client relationship and for a reasonable period afterwards.

Website content, email data and other client-controlled data are retained in accordance with the client’s instructions and the services provided.

Backup data is retained in line with the relevant backup retention policy for the hosting platform.

13. Your Data Protection Rights

Under UK GDPR, individuals have rights in relation to their personal data. These may include:

The right of access
The right to rectification
The right to erasure
The right to restrict processing
The right to data portability
The right to object
The right to withdraw consent, where processing is based on consent

Where we act as a data processor, requests should usually be made to the relevant data controller, such as the council or organisation responsible for the website or service.

Where we act as a data controller, requests can be sent to us using the contact details below.

14. Cookies

Our website may use cookies for essential functionality, performance, analytics or security.

Where required, visitors will be provided with information about cookies and appropriate choices.

Client websites hosted or maintained by us may have their own cookie notices and privacy policies, which are the responsibility of the relevant client as data controller.

15. Links to Other Websites

Our website may contain links to other websites. We are not responsible for the privacy practices or content of external websites.

16. Changes to This Privacy Policy

We may update this privacy policy from time to time. Any changes will be published on this page.

17. Contact Us

Questions, comments and requests regarding this privacy policy are welcomed.

Email: info@parishcouncilwebsites.co.uk
Post: BWP Creative Limited, 227 Lichfield Road, Rushall, Walsall, West Midlands WS4 1EA

18. Complaints

You have the right to make a complaint to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues.

ICO website: www.ico.org.uk

We would appreciate the opportunity to deal with your concerns first, so please contact us before approaching the ICO where possible.

Karen Parsons

18:20 14 Nov 19

James is always very quick to respond. I am very grateful to James for setting up the newsletters and consultations for me. It is nice to know that if I have an issue there is someone I can contact, who will resolve the issue for me. Highly recommended.

Ian Shenton

14:07 23 Jul 19

Absolutely first class service. The website software is generally very easy to use but when I did mess things up, James very very quickly put it right......cannot speak highly enough as I sent the e-mail and a few minutes later it was all okay again.....highly recommended.

Wyre Piddle

12:36 14 Aug 19

I have worked with Parish Council Websites quite a lot. They manage 4 of my Parish Council websites that I am Clerk for.The sites are excellent and easy to use and update. They are very amenable when we need anything modifying and always happy to sort out any problems. I would highly recommend their work.

Clerk Bournheath

15:01 22 Jul 19

Efficient friendly service at a good price. Recent updates have made my life so much easier. I definitely recommend this company.

Richard Winser

15:20 11 Sep 19

Earlier this year, the company that created, maintained and hosted my website ceased trading. We were compelled to find an alternative provider for these services and contacted Parish Council Websites. This transpired to be one of the most fortunate and positive things we have done, since the website was created in 2016. Not only did they arrange and facilitate the transfer of our website to their managed services, they were able to update, add our specified changes and reinvigorate this critical business interface. I would thoroughly recommend Parish Council Websites, they were superb, very knowledgeable and can’t do enough to help.