Privacy Policy

How Malki Web Design collects, uses, stores and protects your personal information — and the rights you have under the UK GDPR and the Data Protection Act 2018.

UK GDPRData Protection Act 2018Last updated: 26 June 2026

1. Who we are

Malki Web Design ("we", "us", "our") is a web design and digital marketing studio based in the United Kingdom, operated by Marwan Malki. We provide websites, SEO and online marketing services for dental practices, facial aesthetics clinics and healthcare professionals.

For the purposes of the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018, Malki Web Design is the data controller responsible for your personal data when you contact us or make an enquiry through this website.

If you have any questions about this policy or how we handle your data, you can contact us at info@malkiwebdesign.co.uk. A postal address is available on request.

2. What information we collect

We keep data collection to a minimum. The personal data we hold is the information you choose to give us when you complete the contact form or otherwise enquire through this website. This typically includes:

Your name
Your email address
Your phone number
Your business or practice name (if you provide it)
Any details you include in your message or enquiry
The service you are interested in

When you visit the site we may also automatically collect limited technical information — such as your IP address, browser type, device and the pages you view — through cookies and similar technologies (see section 5).

We do not collect special category data (such as health or medical records), and we ask that you do not send us sensitive personal information through our website forms.

3. How we collect your data

We collect your data when you complete and submit the contact form on this website. When you submit the form, your details are transmitted securely using SendGrid (a service provided by Twilio SendGrid, Inc.) and delivered to us by email so that we can read and respond to your enquiry. We may then record your details in our CRM, GoHighLevel (provided by HighLevel Inc.), to manage our correspondence with you.

These are the only ways we actively collect your personal data. We do not buy, rent or scrape personal data, and we do not obtain your details from third-party marketing lists.

4. How we use your information & our lawful basis

We only use your personal data for the purposes below, relying on the following lawful bases under Article 6 of the UK GDPR:

To respond to your enquiry and provide a quote — taking steps at your request before entering into a contract, and our legitimate interest in answering enquiries.
To deliver our services and communicate with you as a client — performance of a contract.
To send relevant follow-ups about your enquiry or our services — consent and/or legitimate interests. You can opt out at any time.
To keep business records and meet legal, tax and accounting obligations — legal obligation and legitimate interests.

We will never sell your personal data, and we will not use it for unrelated purposes without telling you first.

5. Cookies, analytics & advertising

This website uses a small number of cookies and similar technologies, which fall into the following categories:

Essential cookies — required for core site functions and the contact form to work.
Analytics cookies — help us understand how visitors use the site so we can improve it. These are only set where required with your consent.
Advertising cookies and pixels — from time to time we may run online advertising (for example Google Ads or Meta/Facebook Ads). If we do, these platforms may set cookies or tracking pixels to measure ad performance and show relevant ads. These are only used with your consent.

You can control or delete cookies through your browser settings and withdraw consent at any time. Blocking some cookies may affect how parts of the site work.

6. Who we share your data with

We do not sell or rent your personal data. We only share it with trusted service providers ("processors") who help us run our business, and only as far as necessary. These include:

SendGrid (Twilio SendGrid, Inc.) — processes and delivers your contact-form submission to us by email.
GoHighLevel (HighLevel Inc.) — CRM used to manage and respond to enquiries.
Cloudflare — hosting and security for this website.
Google and/or Meta (Facebook) — where we run advertising or measurement, limited data may be processed by these platforms.

We may also disclose your information where we are required to do so by law, or to establish, exercise or defend our legal rights.

International transfers

Some of our providers (including GoHighLevel) are based in the United States, so your data may be transferred and stored outside the UK. Where this happens, we make sure appropriate safeguards are in place — such as Standard Contractual Clauses or the UK International Data Transfer Addendum — so your data remains protected to UK standards.

7. How long we keep your data

We keep your personal data only for as long as necessary for the purposes set out in this policy. Enquiry details are typically retained for up to 24 months from your last contact with us. If you become a client, we keep records for the duration of our working relationship and for up to 6 years afterwards to meet legal, tax and accounting obligations. After this, your data is securely deleted.

8. Your rights under the UK GDPR

You have the following rights in relation to your personal data:

Right to be informed — to know how your data is used (this policy).
Right of access — to request a copy of the data we hold about you.
Right to rectification — to have inaccurate data corrected.
Right to erasure — to ask us to delete your data ("the right to be forgotten").
Right to restrict processing — to limit how we use your data.
Right to data portability — to receive your data in a portable format.
Right to object — to object to processing based on legitimate interests, or to direct marketing.
Right to withdraw consent — at any time, where we rely on consent.

To exercise any of these rights, email info@malkiwebdesign.co.uk. We will respond within one month, and there is normally no charge.

9. How we protect your data

We take the security of your data seriously. This website is served over an encrypted HTTPS connection, and the platforms we use (such as GoHighLevel and Cloudflare) apply industry-standard security measures including encryption and access controls. While no method of transmission over the internet is completely secure, we take reasonable steps to protect your information from loss, misuse and unauthorised access.

10. Children's privacy

Our website and services are aimed at businesses and healthcare professionals, and are not directed at children. We do not knowingly collect personal data from anyone under the age of 16. If you believe a child has provided us with personal data, please contact us and we will delete it.

11. Complaints

If you are unhappy with how we have handled your personal data, please contact us first so we can try to put things right. You also have the right to complain to the UK's data protection regulator, the Information Commissioner's Office (ICO):

Information Commissioner's Office — ico.org.uk — Helpline: 0303 123 1113

12. Changes to this policy

We may update this Privacy Policy from time to time to reflect changes in our practices or in the law. Any changes will be posted on this page with an updated date. This policy was last updated on 26 June 2026.