Identity Automation for Modern MSP

CooperBox Ltd — Privacy Policy

Last updated: 21/11/2025
ICO Registration Number: [Pending – will update upon issuance]
Contact Email: info@cooperbox.co.uk
Website: https://cooperbox.co.uk

1. Who We Are

CooperBox Ltd (“we”, “us”, “our”) is a private limited company registered in England & Wales.

Company Number: 16800693
Registered Office: 31 Maritime Road, Stockton-on-Tees, TS18 2FZ, United Kingdom
Data Controller: CooperBox Ltd
Contact for Data Protection: info@cooperbox.co.uk

We are committed to protecting your personal data and complying with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and all relevant UK privacy laws.

2. What Personal Data We Collect

We collect personal data through our website, analytics, forms, email, and standard website operations.

2.1 Data you provide directly

  • Name
  • Email address
  • Phone number (if submitted)
  • Messages submitted via forms
  • Any additional information you choose to provide

2.2 Automatically collected data

Collected via cookies, analytics, server logs, and security tools:

  • IP address
  • Device type
  • Browser type
  • Operating system
  • Pages visited and actions taken
  • Referral source
  • Time spent on the website

2.3 Cookies and tracking

Our website uses:

  • Google Analytics
  • WordPress cookies
  • Security cookies (e.g., Cloudflare, Wordfence)
  • Preference cookies
  • Session cookies

A full breakdown is provided in the Cookie Policy.

2.4 Plugins and third-party tools

Because we use WordPress, certain plugins may collect data automatically, including:

  • Jetpack (performance and analytics)
  • Contact Form 7 (form submissions)
  • Akismet (spam detection)
  • Wordfence or Cloudflare (security and bot detection)
  • SEO/UX plugins that may track interactions

3. How We Use Your Personal Data

We use your data for the following purposes:

  • To respond to enquiries or messages you send
  • To maintain website security and performance
  • To analyse traffic and improve user experience
  • To prevent fraud and spam
  • To comply with legal obligations
  • To protect our website from malicious activity

We do not sell your data or use it for intrusive marketing.

4. Legal Bases for Processing (UK GDPR)

We process personal data under the following legal bases:

4.1 Legitimate Interests

For:

  • Website analytics
  • Security and fraud prevention
  • Service improvement

4.2 Consent

For:

  • Non-essential cookies
  • Marketing communications (if ever used)

4.3 Legal Obligation

For:

  • Responding to regulatory requests
  • Maintaining required records

5. How Long We Keep Your Data

We retain personal data only as long as necessary:

  • Contact form submissions: up to 12 months
  • Analytics data: 14–26 months (Google Analytics default)
  • Server logs: 30–180 days, depending on host configuration
  • Plugin-generated security logs: 90 days, unless needed for investigations

You may request deletion at any time (see Section 9).

6. Who We Share Your Data With

We may share data with trusted third parties who support our operations:

6.1 Website hosting provider

(IONOS or equivalent) – stores server logs and security data.

6.2 Cloudflare (if enabled)

Used for:

  • CDN
  • Web security
  • Bot detection
  • Firewall services

6.3 WordPress plugins

Such as:

  • Jetpack
  • Akismet
  • Contact Form plugins
  • Security plugins

6.4 Analytics tools

  • Google Analytics
  • Jetpack Stats

6.5 Email and communication tools

Such as:

  • Microsoft 365 / Outlook
  • Hosting email service

No data is shared with advertisers or unrelated third parties.

7. International Data Transfers

Some third-party processors (e.g. Google, Automattic/Jetpack, Cloudflare) may transfer data outside the UK.

We rely on:

  • UK GDPR adequacy regulations
  • Standard Contractual Clauses (SCCs)
  • Other approved safeguards

These are standard protections used globally for SaaS websites.

8. How We Protect Your Data

We implement multiple layers of security, including:

  • SSL encryption
  • Firewall protection
  • Cloudflare/Wordfence security
  • Spam protection
  • Role-based access controls
  • Regular security patches
  • Encrypted backups
  • Secure hosting environment

No method is 100% secure, but we take all reasonable technical and organisational measures.

9. Your Rights Under UK GDPR

You have the right to:

  • Access your personal data
  • Correct inaccurate data
  • Request deletion
  • Restrict processing
  • Object to processing
  • Data portability
  • Withdraw consent (for cookies/marketing)
  • Lodge a complaint with the ICO

To exercise your rights:
Email: info@cooperbox.co.uk

10. Complaints

If you have concerns, contact us at:
info@cooperbox.co.uk

If unresolved, you can complain to the ICO:
Information Commissioner’s Office
Wycliffe House, Water Lane, Wilmslow, SK9 5AF
https://ico.org.uk/make-a-complaint/

ICO Registration Number: [Pending – will update upon issuance]

11. Changes to This Policy

We may update this policy periodically.
Last updated date will always be shown at the top of this page.