How we handle your information

1. Who we are

Decimus is a design-led collaboration between Siobhan and Corinne, based in Hastings, East Sussex. For the purposes of UK GDPR we are the data controller for any information you share with us through this website.

2. What we collect

Any details, notes or messages you choose to share with us through our forms — name, email address, and the project information you give us to help us understand your brief.

We do not use tracking cookies, analytics scripts, advertising pixels, or any third-party trackers. If you simply browse the site without submitting a form, we hold nothing about you.

3. Why we collect it

We process your information so we can respond to your enquiry and discuss your project. Our lawful basis is legitimate interest under Article 6(1)(f) of the UK GDPR — specifically, the legitimate interest of running our design practice and replying to people who contact us about it.

Once we begin working together, our basis shifts to contract under Article 6(1)(b) — processing necessary to deliver the design work you have engaged us for.

Any details, notes or messages you choose to share will help us design your project to suit your brief.

4. Where it goes

Form submissions are stored in our content management system (Sanity), which holds data on servers in the EU and US. We are happy to share the current hosting region on request.

When you submit a form, an email notification is also sent to Siobhan and Corinne via our email delivery provider (Resend) so we see your enquiry quickly. Both Sanity and Resend act as data processors on our behalf and are bound by their own GDPR-compliant terms.

5. How long we keep it

We keep enquiry data for as long as it is useful and no longer:

• Unconverted enquiries: up to 24 months, then deleted unless you ask us to keep them
• Active and past clients: for the duration of the relationship and for a reasonable period afterwards, to honour record-keeping, warranty, and tax obligations

6. Who we share it with

Nobody outside Decimus. We do not sell your data, we do not pass it to third-party marketers, and we do not run advertising. The only external services that touch your information are Sanity (storage) and Resend (email delivery), both acting strictly as our processors.

7. Cookies

This site uses no tracking cookies — no Google Analytics, no Meta pixel, no advertising tags, no third-party analytics. The cookie notice that appears at the bottom of the page is there to reassure you of this; it is not a consent banner, because there is nothing to consent to.

8. Your rights

Under UK GDPR you have the right to:

• Ask for a copy of the data we hold about you (access)
• Have inaccurate data corrected (rectification)
• Ask us to delete your data (erasure)
• Receive your data in a portable format (portability)
• Object to our processing or restrict how we use your information
• Complain to the Information Commissioner's Office if you believe we have handled your data improperly

9. Contact us about your data

To exercise any of these rights, or just to ask a question about how we handle your information, please get in touch:

10. Updates to this policy

We may update this policy from time to time as our practices or the law change. The date at the top of the page reflects the most recent update. This policy was last updated on 3 June 2026.