Workflows, T/A Adaptable Websites, has created a Privacy Policy to clearly advise you on how your personal information is handled and to demonstrate its firm commitment to your privacy.

There are three sections. Along with a privacy policy, we felt it important to let you know EXACTLY how we operate for transparency.

Click the tabs above to access the statements.

Updated 24 May 2018 in line with GDPR
Most recent update 14 May 2024

Workflows’ business operations has no paper trail. Any details that we have in relation to you are kept electronically. It is the intention of this section to let you know EXACTLY what happens to this data.

Workflows has no ‘paper’ booking system.

Workflows has a Professional Indemnity Combined Insurance policy that covers Professional Indemnity, Public & Products Liability & Legal Expenses, 

Online Payment Methods

Online payments are made by Standing Order or by Bank Transfer to our bank account. Your financial details are not stored in any way by us.

Client Information Systems & Accounting System Data

If you trade with Workflows then the following processes are in place pertinent to your data:

– Client information required for invoicing and accounts purposes is stored in a cloud-based accounting system for small businesses called Xero. It is password controlled with Two-factor authentication (2FA) via smartphone app. There is access to one user and the company accountant.

– All accounting information is held by Workflows’ accountants at Workflows registered office.

– The following details are kept in MS Outlook 365 for the purposes of managing client work and for contact needs: First Name, Surname, Company Name, Email Address, Telephone Numbers and future website consideration Information. The PC it resides on is password controlled.

– The following details are kept in Last Pass, an industry standard Password Management System, for handling client website passwords and usernames safely: Client website address, username and password. Client DNS domain provider login details are also kept in Last Pass. Access to Last Pass is via Two-factor authentication (2FA).

– The system is password protected. It runs in a secure firewalled computer environment and is only accessible to one person who oversees the above process.

Client Website Systems & Data

– All Adaptable Websites are hosted by Siteground – a specialist Web Hosting Provider. All Websites are run on the WordPress platform.

The following security is deployed at the server level on Siteground servers:
Account Isolation – Uses chroot so shared server safe i.e. Apache in a chrooted environment with suExec.
WordPress-Specific Firewall – prevent DDOS & provides Brute Protect.
Hardware traffic filtering and software … also limits login attempts.
Latest PHP and MySQL versions.
Siteground use Mod security on the server.

The following security is deployed at the wordpress level:
Htaccess is used to provide numerous security rules e.g. blocking access to wp-login.php and wp-admin, blocking access to the htaccess file itself, disabling xml-rpc, blocking include-only files, protecting wp-config, disabling directory browsing.
Usernames are unique. Passwords for Adaptable Websites are from 22-128 digits for the primary account.
Secondary accounts are not encouraged due to increased security risk …. but are enabled for clients that require their own access. Secondary accounts are only created on request by the client.

The following security is deployed at the wordpress plugin level:
The security plugin Siteground Security is used and consistent / identical settings and checks used across all sites.

– Clients sites are accessed via SFTP (Secure File Transfer Protocol) via the FTP software FileZilla or from the online Web Hosting Provider’s system

– Client sites are all SSl-enabled i.e. https://

– Workflows provides an ’email-received’ check system for client contact form submissions. A submission from a client website generates an email to both the client and Workflows except in cases where the client has requsted this not to happen for data protection reasons. Workflows randomly checks that the client has received the email and on confirmation deletes the email. A deleted email is permanently automatically deleted after 1 month from the Outlook deleted items folder. Workflows keeps no data from client contact form submissions.

The Information We Collect

Workflows (”We”) may collect, store and use the following kinds of personal data:

– information relating to any transactions carried out between you and us in relation to this Website, including information relating to any purchases you make of our goods or services including that as advised under ‘Accounting System Data’ in the ‘Workflows Operations’ section.

– information that you provide to us for the purpose of registering with us.

– information that you provide to us for the purpose of subscribing to our Website services.

– any other information that you choose to send us.


Please see the Cookie Policy tab above.

Personal Data Collected From Our Website

Personal data is only collected on our website if you choose to contact us via our contact form located on our contact page. If you make a submission we receive an email with the details of the submission. You will have consented to our usage of your data in order to fulfil your request. We only use your details to contact you.

We may use your personal information to:

– administer the Website;

– supply to you services that you are interested in as outlined on our Website;

– send statements / invoices to you, and collect payments from you;

– send you general (non-marketing) commercial communications;

– send you email notifications which you have specifically requested or that are part of our service e.g. monthly client email; 

Also, please note:

– where you submit personal information for publication on our Website, we will publish and otherwise use that information in accordance with the license you grant to us, e.g testimonials;

– we will not provide your personal information to any third parties for the purpose of direct marketing;

– we do not send newsletters;

– all our financial transactions are handled through our bank, HSBC, via Standing Order or Bank Transfer. We may use Paypal in the odd circumstance to get a payment in advance.

Personal Data Collected On Client Websites

All client websites are SSL-enabled.

All client websites are the legal obligation of the client. It is the obligation of the client to make requests to changes of the site to fall in line with GDPR law and not that of Workflows.

Client sites, with the exception of e-commerce sites, have no cookies.


We may disclose information about you to any of our employees, officers or agents, insofar as reasonably necessary for the purposes as set out in this privacy policy.

In addition, we may disclose information about you:

– to the extent that we are required to do so by law;

– in connection with any legal proceedings or prospective legal proceedings;

– in order to establish, exercise or defend our legal rights (including providing information to others for the purposes of fraud prevention and reducing credit risk); and

– to the purchaser (or prospective purchaser) of any business or asset which we are (or are contemplating) selling.

Except as provided in this privacy policy, we will not provide your information to third parties.

International Data Transfers

We only operate in the United Kingdom. The data centre, that handles our web services provided to clients, is based in London. The web hosting company used is Siteground. Data is not transferred internationally. 

Security Of Your Personal/Company Data

We will take reasonable technical and organisational precautions to prevent the loss, misuse or alteration of your personal information. All personal information you provide is on secure (password- and firewall- protected) computers.

Of course, data transmission over the internet is inherently insecure, and we cannot guarantee the security of data sent over the internet.

You are responsible for keeping your password and user details confidential for your website if we have provided you with access to your website.

Policy Amendments

We may update this privacy policy from time-to-time by posting a new version on our website. You should check this page occasionally to ensure you are happy with any changes. We may also notify you of changes to our privacy policy by email.

Your Rights

You may instruct us to provide you with any personal information we hold about you. We will provide this information, and if you so require, delete any data.

Third Party Websites

The Website contains links to other websites. We are not responsible for the privacy policies or practices of third party websites.

Updating Information

Please let us know if the personal information which we hold about you needs to be corrected or updated.


If you have any questions about this privacy policy, or our treatment of your personal data, please email: or write to:
Workflows Ltd, 9 Royston Court, Wake Green Park, Moseley, Birmingham B13 9YN

Data Controller

The data controller responsible for the Workflows’ Website is:

Workflows Ltd, 9 Royston Court, Wake Green Park, Moseley, Birmingham B13 9YN

Registered in England and Wales.

Company No: 6624239

Registered Office: 9 Royston Court, Wake Green Park, Moseley, Birmingham B13 9YN

Data Protection Registration: Workflows only accesses data under client instruction or for important administration purposes. Workflows has been advised that it is notification exempt with regard to its general business activities.

This site uses cookies, small text files that are placed on your machine, that provide anonymised tracking data to Google Analytics. As a rule, this will help us to make the browsing experience better. However, you may prefer to disable cookies on this site and on others. The most effective way to do this is to disable cookies in your browser. We suggest consulting the Help section of your browser or taking a look at the About Cookies website which offers guidance for all modern browsers.