Business websites for UK service businesses

Legal information

DotNetPress CMS SaaS Privacy Policy

**Effective Date:** [01/06/2026]
**Last Updated:** [01/06/2026]

---

1. Introduction

This Privacy Policy explains how DotNetPress CMS (“DotNetPress”, “we”, “us”, or “our”) collects, uses, stores, shares, and protects personal data when you use our software-as-a-service platform, websites, applications, and related services (“Services”).

We are committed to protecting your privacy and handling personal data transparently and in accordance with

  • UK General Data Protection Regulation (“UK GDPR”);
  • Data Protection Act 2018;
  • Privacy and Electronic Communications Regulations (“PECR”);
  • EU GDPR where applicable;
  • Other applicable privacy and data protection laws.

Please read this Privacy Policy carefully.

---

2. About DotNetPress

DotNetPress is a cloud-hosted content management system platform that enables users to create, manage, publish, and maintain websites and digital content.

This Privacy Policy applies to

  • Visitors to our websites;
  • Customers and subscribers;
  • End users of websites powered by DotNetPress where applicable;
  • Individuals communicating with us;
  • Prospective customers and business contacts.

---

3. Data Controller Information

For the purposes of UK GDPR and applicable data protection laws, the data controller is

**DotNetPress CMS**
Email: [Insert Privacy Contact Email]
Website: [Insert Website URL]
Address: [Insert Registered Business Address]

If you have questions about this Privacy Policy or your personal data, please contact us using the details above.

---

4. Personal Data We Collect

We may collect and process the following categories of personal data.

4.1 Account and Registration Information

  • Full name;
  • Username;
  • Email address;
  • Telephone number;
  • Billing address;
  • Company name;
  • Account credentials;
  • Subscription details.

4.2 Payment Information

Payment information may include

  • Billing details;
  • Transaction identifiers;
  • Payment status;
  • Subscription records.

We do not typically store full payment card details directly. Payments may be processed through third-party payment providers.

4.3 Technical and Device Information

  • IP address;
  • Browser type and version;
  • Device identifiers;
  • Operating system;
  • Usage logs;
  • Diagnostic information;
  • Authentication activity;
  • Session information.

4.4 Usage and Analytics Data

  • Features used;
  • Website interactions;
  • Content activity;
  • Navigation behaviour;
  • Platform performance metrics;
  • Error reports.

4.5 Communication Data

  • Support requests;
  • Emails and correspondence;
  • Chat messages;
  • Feedback submissions;
  • Survey responses.

4.6 User Content

We may process content uploaded or created within the Services, including

  • Text;
  • Media files;
  • Website content;
  • Documents;
  • Databases;
  • Metadata.

Users are responsible for ensuring they have lawful authority to upload and process such content.

4.7 Marketing Data

  • Marketing preferences;
  • Newsletter subscriptions;
  • Campaign interactions;
  • Consent records.

4.8 Cookies and Tracking Data

We may use cookies and similar technologies to collect information regarding website usage and preferences.

Further details are available in our Cookie Policy.

---

5. How We Collect Personal Data

We collect personal data through

  • Direct interactions with users;
  • Account registrations;
  • Subscription purchases;
  • Website forms;
  • Customer support interactions;
  • Automated technologies and cookies;
  • Third-party integrations;
  • Analytics providers;
  • Payment providers;
  • Publicly available sources where lawful.

---

6. Lawful Bases for Processing

Under UK GDPR, we rely on one or more of the following lawful bases.

6.1 Contractual Necessity

Processing necessary to

  • Provide Services;
  • Manage subscriptions;
  • Deliver customer support;
  • Maintain accounts.

6.2 Legitimate Interests

Processing necessary for our legitimate interests, including

  • Improving Services;
  • Security monitoring;
  • Fraud prevention;
  • Business administration;
  • Analytics and performance optimisation;
  • Marketing to existing business customers where lawful.

We balance these interests against individuals’ rights and freedoms.

6.3 Legal Obligations

Processing required to comply with

  • Tax obligations;
  • Regulatory requirements;
  • Court orders;
  • Law enforcement requests.

6.4 Consent

Where required by law, we rely on consent for

  • Certain marketing communications;
  • Non-essential cookies;
  • Optional processing activities.

Consent may be withdrawn at any time.

---

7. How We Use Personal Data

We may use personal data to

  • Provide and operate the Services;
  • Authenticate users;
  • Manage subscriptions and billing;
  • Deliver customer support;
  • Maintain platform security;
  • Monitor performance and reliability;
  • Improve and develop Services;
  • Detect fraud and abuse;
  • Communicate service updates;
  • Send marketing communications where lawful;
  • Comply with legal obligations;
  • Enforce contractual rights.

---

8. Marketing Communications

We may send marketing communications where

  • You have consented;
  • We are otherwise permitted under PECR and applicable law.

You may opt out at any time by

  • Clicking unsubscribe links;
  • Updating account preferences;
  • Contacting us directly.

We will maintain suppression records where necessary to ensure compliance with opt-out requests.

---

9. Cookies and Similar Technologies

We may use

  • Essential cookies;
  • Analytics cookies;
  • Functional cookies;
  • Security cookies;
  • Marketing cookies where permitted.

Where required by law, we will request consent before placing non-essential cookies.

Users may manage cookies through browser settings and cookie consent tools.

Further details are available in our Cookie Policy.

---

10. Sharing Personal Data

We may share personal data with the following categories of recipients.

10.1 Service Providers and Subprocessors

Including providers of

  • Cloud hosting;
  • Infrastructure;
  • Payment processing;
  • Email delivery;
  • Analytics;
  • Monitoring;
  • Customer support tools;
  • Security services.

These providers are contractually required to protect personal data.

10.2 Professional Advisers

Including

  • Solicitors;
  • Accountants;
  • Auditors;
  • Insurers.

10.3 Authorities and Regulators

Where required by law or to protect legal rights.

10.4 Business Transfers

Personal data may be transferred in connection with

  • Mergers;
  • Acquisitions;
  • Asset sales;
  • Corporate restructuring.

10.5 Customer Instructions

Where DotNetPress acts as a processor, personal data may be shared according to customer instructions.

---

11. International Data Transfers

Personal data may be transferred outside the United Kingdom or European Economic Area.

Where such transfers occur, we will implement appropriate safeguards, including

  • UK International Data Transfer Agreements (IDTAs);
  • UK Addendum to EU Standard Contractual Clauses;
  • Adequacy regulations;
  • Other lawful transfer mechanisms.

---

12. Data Security

We implement appropriate technical and organisational measures designed to protect personal data, including

  • Encryption where appropriate;
  • Secure authentication;
  • Access controls;
  • Network security protections;
  • Monitoring and logging;
  • Backup procedures;
  • Security reviews and updates.

However, no system can be guaranteed completely secure.

Users are responsible for maintaining secure passwords and account credentials.

---

13. Data Retention

We retain personal data only for as long as necessary to

  • Provide Services;
  • Fulfil contractual obligations;
  • Comply with legal requirements;
  • Resolve disputes;
  • Enforce agreements.

Retention periods may vary depending on

  • The nature of the data;
  • Legal obligations;
  • Regulatory requirements;
  • Business needs.

Following expiry of applicable retention periods, personal data may be securely deleted or anonymised.

---

14. Your Data Protection Rights

Under applicable data protection laws, individuals may have rights including

14.1 Right of Access

To request access to personal data we hold.

14.2 Right to Rectification

To request correction of inaccurate or incomplete data.

14.3 Right to Erasure

To request deletion of personal data in certain circumstances.

14.4 Right to Restrict Processing

To request limitation of processing activities.

14.5 Right to Data Portability

To obtain personal data in a portable format where applicable.

14.6 Right to Object

To object to processing based on legitimate interests or direct marketing.

14.7 Rights Related to Automated Decision-Making

To request review of decisions made solely through automated processing where legally applicable.

14.8 Right to Withdraw Consent

Where processing is based on consent, consent may be withdrawn at any time.

Requests may be submitted using the contact details in this Privacy Policy.

We may request identity verification before responding.

---

15. Complaints

If you believe your data protection rights have been violated, you may contact us first so we can attempt to resolve the issue.

You also have the right to lodge a complaint with the UK Information Commissioner’s Office (ICO):

urlInformation Commissioner’s Office (ICO)[https://ico.org.uk/](https://ico.org.uk/)

---

16. Children’s Privacy

Our Services are not intended for children under the age of 18.

We do not knowingly collect personal data from children.

If we become aware that personal data relating to a child has been collected unlawfully, we may delete it.

---

17. Third-Party Websites and Services

Our Services may contain links to third-party websites or integrations.

We are not responsible for

  • Third-party privacy practices;
  • Third-party content;
  • External websites or services.

Users should review third-party privacy policies separately.

---

18. Customer Responsibilities

Customers using DotNetPress to collect or process personal data through their own websites or applications are responsible for

  • Providing lawful privacy notices;
  • Obtaining valid consents where required;
  • Ensuring lawful processing;
  • Responding to data subject requests;
  • Configuring cookies and tracking appropriately.

Where customers act as data controllers, they remain responsible for their compliance obligations.

---

19. Data Processing Roles

19.1 DotNetPress as Data Controller

DotNetPress acts as a data controller for personal data relating to

  • Customer accounts;
  • Billing;
  • Marketing;
  • Website visitors;
  • Business operations.

19.2 DotNetPress as Data Processor

DotNetPress may act as a data processor where customers use the Services to process personal data relating to their own users, customers, or website visitors.

In such cases

  • Customers remain the data controllers;
  • Processing is performed according to customer instructions.

---

20. Data Breach Procedures

We maintain procedures designed to

  • Detect security incidents;
  • Investigate breaches;
  • Mitigate impacts;
  • Notify affected parties where legally required.

Where required by law, affected customers or regulators may be notified without undue delay.

---

21. Changes to This Privacy Policy

We may update this Privacy Policy from time to time.

Where changes are material, we will provide reasonable notice through

  • Website notices;
  • Account notifications;
  • Email communications.

The latest version will always be available through our website.

---

22. Contact Us

If you have questions about this Privacy Policy or wish to exercise your rights, please contact

**DotNetPress CMS**
Email: [Insert Privacy Contact Email]
Website: [Insert Website URL]
Address: [Insert Registered Business Address]

---

23. Additional Compliance Documents

Depending on your implementation and business operations, DotNetPress may also maintain

  1. Cookie Policy;
  2. Data Processing Agreement (DPA);
  3. Acceptable Use Policy;
  4. Information Security Policy;
  5. Retention Policy;
  6. Subprocessor List;
  7. Incident Response Policy;
  8. International Data Transfer documentation.

---

Important Legal Notice

This Privacy Policy is provided as a general informational template and starting point only and does not constitute legal advice.

Privacy and data protection obligations depend on

  • Your business activities;
  • Hosting architecture;
  • Customer jurisdictions;
  • Tracking technologies used;
  • International data transfers;
  • Marketing practices;
  • Industry-specific regulations.

You should obtain review and approval from a qualified UK solicitor or data protection professional before publishing or relying on this Privacy Policy in production.