Privacy policy
Last updated: 29 March 2026
This policy describes how CoorieControl (“we”, “us”) handles personal information when you use our website at cooriecontrol.com (the “site”). It is intended to help you understand your privacy rights under UK data protection law, including the UK GDPR and the Data Protection Act 2018. You should review this policy alongside our Cookie policy.
Who is responsible for your data?
The data controller is Xegen Ltd, which operates the CoorieControl website. For privacy enquiries, please use our Contact page.
What we collect
We may process the following categories of personal data:
- Contact form: If you send a message via the site, we process your name, email address, message content, and technical data needed to deliver the email (for example IP address and browser type may appear in server or email logs).
- Website use: Basic technical information such as IP address, pages viewed, and time of access may be logged by our hosting provider for security and reliability.
- Analytics (Google Analytics 4): We use Google Analytics 4 (measurement ID G-KKFHCJR94V) to understand how visitors use the site (for example pages viewed, approximate location, device and browser type, and interactions). Google processes this information on our behalf. See Google’s Privacy Policy and Google Analytics data practices.
How we use your data
We use personal data to:
- Respond to enquiries you send through the contact form;
- Operate, secure, and improve the site;
- Measure and analyse site traffic and usage with Google Analytics 4;
- Comply with legal obligations where applicable.
We do not sell your personal data. We do not use it for automated decision-making or profiling as defined in UK GDPR.
Legal bases
Where UK GDPR applies, we rely on legitimate interests to run the site, respond to enquiries, and understand how the site is used (including through analytics), balanced against your rights. Where the law requires it (for example certain cookies or similar technologies under PECR), we rely on consent—see our Cookie policy. We may rely on legal obligation where the law requires us to process data.
Retention
Contact messages are kept only as long as needed to handle your enquiry and for any follow-up, unless a longer period is required for legal, contractual, or legitimate business reasons. Server and access logs are retained and rotated in line with our hosting provider’s configuration, for a limited period for security and operational purposes. Google Analytics data is retained according to Google’s retention settings for our property.
Sharing and processors
We may use trusted service providers to host the site, send email (for example Amazon SES), or provide analytics. Google Ireland Limited (and Google affiliates as described in Google’s privacy policy) provides Google Analytics 4; they act as a processor in providing the measurement service. They process data only in line with our configuration and Google’s terms. We may disclose information if required by law or to protect rights and safety.
International transfers
Some of our service providers may process personal data outside the UK. Where they do, we use appropriate safeguards required by UK data protection law, such as the UK International Data Transfer Addendum to the EU Commission’s standard contractual clauses, the UK International Data Transfer Agreement, or adequacy regulations where applicable.
Your rights
Under UK data protection law you may have the right to:
- Access, correct, or erase your personal data;
- Restrict or object to certain processing;
- Data portability, where applicable;
- Lodge a complaint with the Information Commissioner’s Office (ICO) at ico.org.uk.
To exercise these rights, please use our Contact page.
Children
The site is not directed at children under 13, and we do not knowingly collect their personal data.
Changes
We may update this policy from time to time. The “Last updated” date will change when we do. Continued use of the site after changes constitutes acceptance of the updated policy where permitted by law.