Data protection policy

Key details

Effective date: May 28, 2018.

Who are we

Web Peppers is a web development company that provides services worldwide. The official name is UAB Web Peppers Baltic.


Web Peppers needs to gather and use certain information about and from individuals. These can include clients, subcontractors, suppliers, business contacts, partners, employees, website visitors and other people the Company has a relationship with or may need to contact.

This policy applies to Web Peppers dealings with clients and third parties that may be involved in processing client-related information. It covers the way personal information and data should be obtained, used, shared, physically stored and destroyed.

Why this policy exists

The Company is committed to protecting the privacy and security of the collected information. The information we collect allows us to provide you with the best experience with our services.

This data protection policy ensures Web Peppers:

  • Complies with data protection law and follow good practice.
  • Protects the rights of clients, subcontractors, suppliers, business contacts, partners, employees, our website visitors and other people the Company has a relationship with or may need to contact.
  • Is open about how it stores and processes individuals’ information.
  • Protects itself from the risks of a data breach.

Data protection law

The EU General Data Protection Regulation 2016/679 (GDPR) and the Data Protection Act 2018 (which supplements the GDPR) came into force on 25 May 2018.  We refer to these as “data protection law”.

These rules apply regardless of whether data is stored electronically, on paper or on other materials. To comply with the law, personal information must be collected and used fairly, stored safely and not disclosed unlawfully.

Key Definitions

In this document, we have used some words and phrases, and these are explained below.

“Personal information” means any information which relates to a living, identifiable person. It can include names, addresses, telephone numbers, email addresses etc but it is wider than that and includes any other information relating to that person or a combination of information which, if put together, means that the person can be identified.

“Processing” covers all activities relating to the use of personal information, from its collection through to its storage and disposal and everything in between.

“Data subject” means the person whose personal information is being processed.

“Data controller” means the organization which is responsible for processing data and ensuring that personal information is processed in accordance with data protection law.

“Project” means web, mobile or other types of software development projects.

“Project Data” means project-related data like Databases, Software code, Designs, Images, etc.

GDPR Principles

The General Data Protection Regulation is underpinned by important principles. There are six principles that describe the legal obligations of organizations that handle personal information about individuals:

  • Lawfulness, fairness, and transparency.

The information we gather about an individual will be collected in a way where they are fully informed about how we intend to use that information, for what purposes and how we will share it.

  • Purpose limitation.

We will explain why we need the information we are collecting and not use it other than for those purposes.

  • Data minimization.

We will only collect the information we need to provide the services required.

  • Accuracy.

The information we collect will be accurate and where necessary kept up to date. Inaccurate information will be removed or rectified as we become aware of the changes.

  • Storage limitation.

We will not hold information for longer than is necessary.

  • Integrity and confidentiality.

We will make sure that the personal information we hold is held securely to ensure that it does not become inadvertently available to other organizations or individuals.

Web Peppers fully supports these principles.

What data will be processed

We may collect the following types of data:

  • Contact Information that allows us to communicate with you, such as your name, username, mailing address, telephone number, email address or other addresses that allow us to send you messages.
  • Relationship Information that helps us do business with you, such as your bank account information, payment details, services you would like to have and similar information that can help us understand your needs and offer you personalized service.
  • Project-related information that is necessary to have to provide you high-quality service. It can be project documentation and graphic designs, images, photos, databases of your project, accesses to web hostings and servers where your project is hosted, accesses to any third party services that is necessary to support and similar information that should be provided to us to fulfill tasks of your project.

How we collect data

Web Peppers collects your personal information and project-related data to provide you personalized service; to enhance and develop your projects; and to widen wherever possible our business relationships. We aim to provide you with the best experience when working with us.

We collect information from you and from other sources.

  • In many cases, we collect data and personal information directly from you. You may choose to share any information with us when you fill in a contact form on our websites, participate in a promotion, send us email or messages in Skype, when you contact us, such as for client service purposes, or interact with us online and offline.
  • We receive Personal Information from third party services. For example, we may collect personal information from Google Analytics and third party online services when you visit our website.
  • We may collect information from publicly-available sources, such as social media sites when permitted by the site’s terms of service. For example, if you communicate with Web Peppers using Facebook or Twitter, we may receive additional information about your from your profile. We may also obtain information from third-party data suppliers who help us enhance our records.
  • Cookies are collected on the website to improve your experience.

Purpose of the processing

Web Peppers will process your personal information and project-related data for a range of purposes. These include the following:

  • To deliver services to you.
  • To administer any billing information.
  • To communicate with you by post, phone, email or other electronic media, in order to provide you with relevant information and updates relating to the service you require.
  • With your consent, to communicate with you for marketing and promotional purposes.
  • To compile statistics for reporting purposes.
  • Understand how you use our content and services, for analytics and product development purposes, developing new products and services and (where appropriate) to personalize offers that we make to you.

Please note that we may also use and disclose information about you that is not personally identifiable. For example, we may publish reports and provide products that contain non-personally identifiable statistical data. These reports do not contain any Personal Information.

Please be aware that, in certain circumstances, where you do not provide personal information which is required by us, we will not be able to provide the services under our contract with you or may not be able to comply with a legal obligation on us.

Legal basis of the processing

If we require your consent for any use of your personal information, we will collect it at the appropriate time, explaining why we are collecting the data and how we will use it, and you can withdraw this consent at any time.  In other cases, we consider the processing of your personal information for these purposes to be necessary for:

  • To perform of our contractual obligations with you.
  • Compliance with a legal obligation.
  • To manage our relationship with you which will include: (a) Notifying you about changes to our terms or data protection policy (b) Asking you to leave a review or take a survey.
  • To administer and protect our business and our site (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data).
  • To use data analytics to improve our website, products/services, marketing, client relationships, and experiences.
  • To make suggestions and recommendations to you about goods or services that may be of interest to you.

Disclosing Personal Information

We may disclose your personal information to relevant parties as described in this policy.

We may disclose your personal information to any of our employees, officers, managers, professional advisers, agents, suppliers or subcontractors insofar as reasonably necessary for the purposes set out in this policy.

Where relevant, and as stated previously, we may disclose your personal information to our selected partners and subcontractors who work with us insofar as reasonably necessary for the purposes set out in this policy.  Your personal information will only be shared with the relevant partners and subcontractors, the information will not be passed to third parties where there is not needed.

Except as we have explained above, we will not normally publish or disclose any personal information about you to other external enquirers or third parties unless you have asked us to do or have consented to it, or unless it is in your vital interests to do so.

Data Storage

We also use a select number of suppliers to support the provision of our services. For example, data is processed using a client relationship management provider, email service provider and website host providers like AWS, Google Cloud, Hetzner, etc, and other services that help us deliver high-quality service to you. Where we use any such sub-processors, we undertake prior due diligence to confirm that they meet recognized adequacy standards for data protection; this includes any that are located outside of the European Union.

Data Protection

Web Peppers applies appropriate technical and organizational measures to protect your data against unauthorized or unlawful processing and against accidental loss or destruction of, or damage to, personal information and to comply with the data protection laws.

The Company has appropriate security measures to prevent personal information held being accidentally or deliberately compromised. In particular, Web Peppers:

  • We have designed and organized security to fit the nature of the personal information and project-related data held.
    • All our employees and subcontractors that have access to Personal Information and/or Project data have password protection of their PCs.
    • We store Personal Information on servers and services that can deliver a high level of security with access restriction to relevant people like Google Drive, Redmine, Jira, etc.
    • Personal information and Project data are shared with relevant employees and subcontractors only.
    • Project data like software code and databases are stored in secure places only. We use services like GitLab, GitHub, Redmine, Jira, AWS, Hetzner and other third-party services that provide a high level of security.
    • Our servers are protected with SSH Keys and restrict access only to relevant employees and subcontractors.
    • We back up any crucial data.
  • We are ready to respond to any breach of security swiftly and effectively.

Data Retention

This Section sets out our approach to data retention, which is designed to help ensure that we comply with our legal obligations in relation to the retention and deletion of personal information.

Personal information that we process for any purpose or purposes shall not be kept for longer than is necessary for that specific purpose or those purposes.

Notwithstanding the other provisions of this Section, we will retain documents (including electronic documents) containing personal data:

  • to the extent that we are required to do so by law;
  • if we believe that the documents may be relevant to any ongoing or prospective legal proceedings; and
  • in order to establish, exercise or defend our legal rights.

Your legal rights and choices in connection with your data

Under certain circumstances, by law, you have the right to:

  • Request access to your personal information (commonly known as a “subject access request”). This enables you to receive a copy of your data and to check that we are lawfully processing it.
  • Request correction of your data. This enables you to ask us to correct any incomplete or inaccurate information we hold about you.
  • Request erasure of your data. This enables you to ask us to delete or remove your data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your data where you have exercised your right to object to processing.
  • Object to processing of your data where we are processing it. You also have the right to object where we are processing your data for direct marketing purposes.
  • Request the restriction of processing of your data. This enables you to ask us to suspend the processing of your data, for example, if you want us to establish its accuracy or the reason for processing it.
  • Request the transfer of your data to another party.

Depending on the circumstances and the nature of your request it may not be possible for us to do what you have asked, for example, where there is a statutory or contractual requirement for us to process your data and it would not be possible to fulfill our legal obligations if we were to stop. However, where you have consented to the processing, you can withdraw your consent at any time by emailing to us. In this event, we will stop the processing as soon as we can. If you choose to withdraw consent it will not invalidate past processing.

If you want to exercise any of the rights described above or are dissatisfied with the way we have used your information, please contact by email Please state: DATA PROTECTION as the email title.

Changes to This Policy

This policy may change from time to time. The latest effective date will be highlighted at the top of the policy information.

We will update this privacy policy when necessary to reflect customer feedback, changes in our programme/projects and services or legal changes. When we post changes to this policy, we will revise the “Effective Date” at the top of the Data Protection Policy.