Stalitsa · Legal

Privacy policy

Last updated: July 2026. This page describes how Stalitsa Ltd handles personal data when you use stalitsa.com or engage us for digital services.

Who we are

Stalitsa Ltd (company number 17316087, registered in England and Wales) is the data controller for this website and for personal data we process in running our own business. When we deliver services for clients, we may process personal data on their behalf as a data processor, see client services and business email administration below. The easiest way to reach us is the contact form on this site.

What this site does

This is a marketing site: pages you read in your browser, links to third-party profiles, and assets (fonts, icons, images) loaded as part of the design. There is no account login. The contact page includes a form; when you send a message, your input is handled by our hosting and security provider and delivered to our inbox through our email delivery service on our domain.

Data we may process

When you browse the site. Like most websites, technical information is processed so pages can load: for example network and security data handled by our hosting and infrastructure providers (see below).

Usage analytics. This site uses privacy-oriented traffic analytics through our hosting provider to measure basic trends (for example page views, referrers, and high-level usage metrics). The purpose is to understand and improve the site. Where this is provided without client-side tracking cookies, Stalitsa does not set first-party analytics cookies for that feature.

When you use the contact form. We collect the name, email address, and message you submit; if you choose to, you may also add an optional company or project name. When enabled, a bot protection check may run before send. That data is sent to our inbox through our email delivery service so we can respond, and you may receive a short automatic acknowledgement. Your email provider may process technical message metadata in the usual way.

Client services

Stalitsa provides website design and development, hosting, ongoing support, and business email setup and administration for UK businesses. Depending on the service, we may process contact details, project information, domain and DNS records, technical configuration data, and account credentials (stored securely and used only for the service).

For most client work, you remain the data controller for personal data relating to your business, customers, and staff. Stalitsa acts as a data processor when handling that data to deliver agreed services. Processing is governed by UK GDPR, our contract with you, and any data processing terms agreed in writing.

Business email administration

Where we set up or manage business email for a client, we may hold administrator access to the email system for technical support. DNS configuration, mailbox setup, recovery, and other essential administration.

We do not routinely access, read, or monitor the content of client emails. We do not use client email data for marketing or any purpose unrelated to the service. Access to email content happens only when:

  • you request support that requires it (for example troubleshooting a specific message or delivery issue), with your knowledge; or
  • it is strictly necessary for essential technical configuration that cannot be completed without brief access (for example verifying forwarding rules during setup).

Email platforms and providers may process message metadata and content under their own terms. Where we process email-related personal data on a client’s behalf, the client remains the data controller and Stalitsa acts as a data processor.

Hosting and infrastructure

This site uses a hosting and security provider for web delivery, protection, analytics, and form handling. That provider processes technical data (such as IP addresses and request metadata) to deliver content, protect the site, and provide the analytics feature above. See the provider’s privacy documentation for details of their processing.

Cookies and browser storage

This site does not use tracking or advertising cookies. We do not set first-party analytics cookies. Our hosting and security provider may use limited technical browser storage as part of delivering the site, providing security features, and running bot-protection checks, these are not used for behavioural tracking or advertising. No cookie consent banner is shown on this site because it does not use consent-requiring tracking cookies.

Third-party content

Some resources may load from third parties when you follow external links. Those providers may process technical data in line with their own policies. The contact form uses bot protection (when enabled) and our email delivery service to deliver messages to our inbox. External links (for example to GitHub or social profiles) are governed by those services when you visit them.

Legal bases (UK GDPR)

Depending on the situation, we rely on appropriate bases such as legitimate interests (operating and securing a public business website), performance of a contract or steps before a contract where you enquire about services, or consent where required. When acting as a data processor for client services, we process personal data only on documented instructions from the client (as data controller), unless UK law requires otherwise.

Retention

Messages sent through the form (and related email threads) are kept only as long as needed for the conversation and legitimate business records, unless a longer period is required by law. Client project and service records are retained for the duration of the engagement and for a reasonable period afterwards for support, legal, and accounting purposes, unless a different period is agreed in writing.

Your rights

Where UK GDPR / GDPR applies, you may have rights including access, rectification, erasure, restriction, objection, and data portability. You may also lodge a complaint with a supervisory authority. To exercise rights related to data processed here, use the contact form and describe your request.

International transfers

Providers may process data in the UK, EEA, US, or other regions. Where transfers are made, we expect appropriate safeguards where required by law.

Changes

We may update this policy from time to time. The “Last updated” date at the top will change when we do.

← Back to home