Privacy Policy

Trades Booking & Retention System

Privacy Policy (UK)

Effective date: 10 February 2026
Trading name: Wicko Design
Legal entity: Wicko Web and Design Ltd (Company No. 12823561)
Registered office: 124 City Road, London, EC1V 2NX, United Kingdom
Contact: [email protected] | +44 1184 029 000

This Privacy Policy explains how Wicko Design (Wicko Web and Design Ltd) (“we”, “us”, “our”) collects, uses, stores, and shares personal data when you visit our website, contact us, or use our Trades Booking & Retention System (the “Service”).

If you are a trade business (builder, plumber, electrician, decorator, etc.) using the Service, you may process personal data relating to your own customers/leads. In most cases, you will be the Data Controller for that data, and we will act as a Data Processor on your instructions (see Section 7).

1) Who this policy applies to

This policy applies to:

  • Website visitors and people who enquire about the Service

  • Clients who subscribe to and use the Service

  • Client users (your staff/contractors who have logins)

  • Individuals whose data is processed within a client’s account (e.g., householders, property managers, commercial contacts who request quotes or book jobs)

2) What personal data we collect

Depending on your interaction with us and the Service, we may collect:

A) Identity and contact data

  • Name, business name, job title

  • Email address, phone number

  • Business address and billing details (where relevant)

B) Client account and service data

  • User login details (for client users)

  • CRM records created in your account (lead notes, job type, service area, booking times, quote status)

  • Communication history (emails/SMS/WhatsApp messages, call logs where enabled)

  • Files you upload (e.g., job photos or documents), if your account uses file features

C) Booking and job data

  • Appointment details (date/time, job location area, service required)

  • Quote and job status updates (e.g., quoted, booked, completed)

  • Customer preferences or access notes you record (e.g., parking, entry instructions)

D) Transaction and billing data

  • Subscription plan details and invoices

  • Payment status and references

  • Card payments are processed by third-party payment providers (e.g., Stripe). We do not store full card details.

E) Technical data

  • IP address, browser type, device information

  • Log data related to security and system performance

  • Cookie and analytics data for our website (see Section 10)

Special category data: The Service is not intended for processing special category data (e.g., health data). If you record such information in CRM notes (for example, accessibility-related needs), you should only record what is necessary and ensure you have a lawful basis.

3) How we collect personal data

We collect data through:

  • Website forms, demo bookings, enquiry forms, emails and calls

  • Use of the Service (CRM entries, bookings, messaging logs, pipelines)

  • Cookies and analytics tools on our websites

  • Integrations you enable (e.g., Stripe, Google calendar, email/SMS providers, accounting tools)

4) How we use personal data

We use personal data to:

  • Provide, operate, and support the Service

  • Set up and configure your account, pipelines, automations, and integrations

  • Respond to support requests and maintain service quality

  • Send service communications (billing, technical notices, support updates)

  • Process subscriptions, invoices, and payments

  • Monitor security, prevent fraud, and maintain system integrity

  • Improve our website and services

  • Send marketing communications (where permitted—see Section 9)

5) Lawful bases for processing (UK GDPR)

We rely on one or more of the following lawful bases:

  • Contract: to provide the Service and administer subscriptions

  • Legitimate interests: to operate and improve the Service, maintain security, prevent fraud, and communicate with business contacts in a proportionate way

  • Consent: for certain marketing communications and non-essential cookies

  • Legal obligation: for tax/accounting and regulatory compliance

6) How we share personal data

We may share personal data with trusted third parties where necessary to provide the Service, including:

A) Platform providers and sub-processors

  • GoHighLevel (GHL) (the software platform used to run the Service)

  • Email/SMS/WhatsApp and voice providers (where enabled)

  • Cloud hosting, infrastructure, logging, and security providers used to operate the Service

B) Payment providers

  • Stripe (for payment processing) and relevant banking providers for transfers

C) Integrations you enable

  • Google/Microsoft calendar services

  • Accounting platforms and connectors

  • Website tools/plugins used to embed forms, chat, or booking widgets

D) Professional advisers and authorities

  • Accountants, legal advisers, insurers, and regulators (where required)

We do not sell personal data.

7) Controller vs Processor (important)

When you are a Client using the Service

For personal data stored in your account relating to your customers/leads:

  • You are typically the Data Controller (you decide what data is collected and how it’s used).

  • We are typically the Data Processor (we process data to provide and support the Service on your instructions).

This means you are responsible for:

  • providing privacy information to your customers/leads

  • ensuring you have a lawful basis and marketing consent where required

  • handling data subject requests for your customer data (we will assist where applicable)

We can provide a Data Processing Agreement (DPA) on request.

8) International data transfers

Some providers may process data outside the UK. Where international transfers occur, we use appropriate safeguards such as:

  • UK adequacy regulations (where applicable)

  • UK International Data Transfer Agreement (IDTA) and/or the UK Addendum to EU SCCs

  • additional security measures as required

9) Marketing preferences and opt-out

We may contact you about the Service and related offerings:

  • where you have asked for information, booked a demo, or are an existing client; and/or

  • where permitted under legitimate interests and applicable marketing rules; and/or

  • where you have given consent (where required)

You can opt out at any time by:

  • using the unsubscribe link in emails, or

  • replying STOP to SMS (if used), or

  • contacting us at [[email protected]]

Service messages (billing notices, critical service updates) are not marketing and may still be sent.

10) Cookies and analytics

Our websites may use cookies and similar technologies to:

  • ensure the site functions properly

  • understand website performance (analytics)

  • support conversion tracking and marketing (where enabled and permitted)

Where required, we will request consent for non-essential cookies. You can manage cookies through your browser settings and, where available, our cookie preferences tool.

11) Data retention

We keep personal data only as long as necessary for the purposes described, including:

  • for the duration of your Subscription

  • for a reasonable period after termination to handle queries, exports, and compliance

  • as required by law for invoicing and accounting records

Clients control retention of their customer/lead data within their account, subject to their own legal obligations and policies.

12) Security

We use reasonable technical and organisational measures to protect personal data. However, you are responsible for:

  • setting strong passwords and enabling appropriate access controls

  • managing staff users and permissions

  • ensuring devices used to access the Service are secure

13) Your rights (UK GDPR)

Depending on the circumstances, you may have rights to:

  • access your personal data

  • correct inaccurate data

  • request deletion (where applicable)

  • restrict or object to processing

  • data portability (where applicable)

  • withdraw consent (where processing is based on consent)

  • lodge a complaint with the UK regulator (ICO)

To exercise rights, contact [[email protected]].

Note: If you are an end customer of a trade business using the Service, you should normally contact that business directly (they are the Controller). We will support the Controller as Processor where required.

14) Calls, messages, and AI features (where enabled)

If you enable messaging (SMS/WhatsApp) or voice features (including AI call handling), you are responsible for ensuring:

  • you provide appropriate notices to customers/leads; and

  • you obtain consent where required by law and provider policies.

Call recording and message logs may be stored depending on your configuration and third-party provider settings.

15) Complaints

If you have concerns, please contact us first at [[email protected]].

You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO).

16) Changes to this Privacy Policy

We may update this policy from time to time. We will publish the latest version with an updated effective date.

17) Contact us

Email: [[email protected]]
Post: Wicko Web and Design Ltd, 124 City Road, London, EC1V 2NX, United Kingdom

Get In Touch

Subscribe Now

Contact

07717 567560

Reach Us

Copyright © 2026. David Wickstead - Wicko. All rights reserved.