Your information

Privacy notice

This notice explains what information Millwards Online receives, why it is used, who it is shared with and the choices available to you.

In brief: you can run the free audit without an account. Millwards Online inspects public website information, does not receive your full card number, and does not treat an audit or purchase as permission to send marketing.

Who controls your data

Millwards Online is a service operated by Mackenie Millward, sole trader trading as Millwards Digital. Millwards Digital is the controller for the personal information described in this notice.

Postal address: 698 Harvey Road, Derby, DE24 0EG, United Kingdom.
Email: support@millwards.shop.

This notice applies to millwards.online and its free audits, paid reports, human reviews and monitoring services. A separate privacy notice may apply when you use millwards.shop for other website services.

Information collected

When you run an audit

  • the public website address you submit;
  • an optional business name and town or service area;
  • public page content and technical responses returned by that website, including its homepage, redirect path, robots.txt and sitemap.xml where available;
  • the audit results, scores, detected issues and report identifier; and
  • limited request and security information, such as an IP address, browser details, timestamps and rate-limit records. Rate-limit identifiers used by the application are pseudonymised using a keyed hash, although the hosting provider may also keep ordinary server logs for a limited period.

The free audit form does not require an email address. Public website content can itself contain personal information, for example a sole trader’s name or published business contact details.

When you pay or subscribe

  • your name, email address and billing contact details;
  • the product, price, currency, payment status and transaction dates;
  • Stripe customer, Checkout, payment and subscription identifiers; and
  • the audited or monitored domain, report access details, subscription status and monitoring history.

Payment is completed on Stripe’s hosted Checkout. Stripe collects your payment credentials. Millwards Digital receives confirmation and transaction details needed to fulfil and administer the order, but does not receive or store your full card number or card security code.

When you ask for support or a human review

Millwards Digital receives the contents of your message, contact details, report or order references, business context, review notes and correspondence. If you manage audits for a client, information about that client and its authorised domains may also be processed.

Where the information comes from

Information comes directly from you, from the publicly accessible website you ask Millwards Online to inspect, from Stripe after a payment event, and from routine technical logs generated when the service is used.

How and why information is used

Provide a requested free audit
To fetch the public page, calculate a diagnostic score, display a snapshot and prevent misuse. The lawful basis is Millwards Digital’s legitimate interest in providing the service you requested and operating it securely.
Supply a paid service
To take payment, unlock and email reports, perform a human review, run monitoring and administer subscriptions. The lawful basis is performance of the business contract with you or taking steps at your request before entering it.
Support and service messages
To answer questions and send necessary messages about access, fulfilment, billing, cancellations, service incidents or material changes. The basis is the contract and legitimate interests in supporting customers. These are not marketing messages.
Security and improvement
To investigate faults or abuse, maintain records, understand aggregate service performance and improve the checks. The basis is legitimate interests in a reliable and secure service.
Tax, accounting and legal matters
To keep transaction records, handle disputes and comply with lawful requests. The basis is legal obligation and, where relevant, legitimate interests in establishing or defending legal claims.

No marketing consent is implied. Submitting an audit, buying a report or subscribing does not opt you into promotional email. If optional marketing is offered later, it will use a separate, clear choice and can be withdrawn at any time.

The automated score helps organise diagnostic findings. It is not used to make a decision about you that produces legal or similarly significant effects.

Sharing and international transfers

Personal information is not sold. It is shared only where reasonably needed with:

  • Stripe, which processes Checkout, payments, refunds and subscriptions under its own responsibilities and service terms;
  • hosting, infrastructure and email delivery providers that help operate and fulfil the service;
  • professional advisers, insurers or contractors under appropriate confidentiality duties; and
  • courts, regulators, tax authorities, law enforcement or another party where disclosure is legally required or necessary to protect legal rights.

Some suppliers may process information outside the United Kingdom. Where UK data protection law requires it, Millwards Digital relies on an adequacy regulation or approved contractual safeguards and assesses the transfer as appropriate. Stripe explains its own processing and international transfers in the Stripe privacy policy.

How long information is kept

  • Free audits: the application keeps the report for up to 30 days, then expires and removes it from report access.
  • Paid reports and monitoring history: report access and related audit history are generally available for up to 12 months.
  • Rate-limit and security records: retained only for as long as reasonably needed to prevent abuse, diagnose incidents and protect the service.
  • Support and review correspondence: ordinarily kept for up to 24 months after the last meaningful contact, unless it forms part of a contract or dispute record that must be kept longer.
  • Payment, subscription, tax and accounting records: kept for the period required by applicable law and to resolve payment or contractual issues.

Information may be retained longer where a legal claim, investigation or preservation duty requires it, or removed sooner when it is no longer needed. Stripe applies its own retention periods to information it controls.

Cookies and browser storage

Millwards Online does not currently use advertising or analytics cookies. It uses browser storage to remember the most recent audit and, after a purchase, to retain the private report access token on that browser. The token can remain until you clear the site’s browser data or until its access period ends, which may be up to 12 months.

You can clear this information using your browser’s site-data controls. Doing so may remove convenient access from that device; use the private link sent by email to regain access while it remains valid. Keep that link private.

Stripe may set cookies or use similar technologies on its hosted Checkout and billing pages. Those are controlled under Stripe’s own notice and settings.

Your data protection rights

Depending on the circumstances, UK data protection law may give you the right to:

  • ask for access to and a copy of your personal information;
  • ask for inaccurate or incomplete information to be corrected;
  • ask for information to be erased or its use restricted;
  • object to processing based on legitimate interests;
  • receive certain information in a portable format; and
  • withdraw consent where consent is the basis for processing, without affecting earlier lawful use.

These rights are not absolute and an exemption may apply. To exercise a right, email support@millwards.shop. Millwards Digital may ask for proportionate information to confirm your identity and locate the relevant record. There is normally no fee, although the law permits one in limited circumstances.

Security and your responsibilities

Reasonable technical and organisational safeguards are used to protect information, including access controls, private report tokens, restricted application storage and limited staff or contractor access. No internet service can guarantee absolute security.

Do not email passwords, full card details or authentication codes. If you submit another organisation’s domain or personal information, make sure you are authorised to do so. The service is intended for business users and is not directed to children.

Contact, complaints and changes

Questions or requests about this notice can be sent to support@millwards.shop or posted to Millwards Digital, 698 Harvey Road, Derby, DE24 0EG, United Kingdom.

If you are not satisfied with the response, you can complain to the UK Information Commissioner’s Office. Its current guidance and complaint service are at ico.org.uk/make-a-complaint.

This notice may be updated when the service, suppliers or legal requirements change. A new date will be shown at the top, and material changes affecting active customers may also be communicated directly.