Comet SEO · 71 Somerset St, Northampton NN1 3LW, UK
Comet SEO Ltd, 71 Somerset St, Northampton NN1 3LW, United Kingdom. Company No: XXXXXXXX. ICO Registration: ZA-XXXXXXX. Email: hello@cometseo.com. Phone: +44 1604 632 482.
We process personal data under the UK General Data Protection Regulation (UK GDPR, retained EU law), the Data Protection Act 2018, and the Privacy and Electronic Communications Regulations 2003 (PECR). Our supervisory authority is the Information Commissioner's Office (ICO), Wycliffe House, Water Lane, Wilmslow SK9 5AF. Website: ico.org.uk.
Contact information: name, email, phone, company name, website URL. Collected when you submit our contact form or place an order. Legal basis: legitimate interest and contract performance.
Analytics access: When you become a client, we request read-only access to your Google Analytics, Google Search Console, and potentially your e-commerce platform analytics. This data is accessed under NDA and used solely for SEO analysis. Legal basis: contract performance.
Payment data: Processed by Stripe (PCI DSS Level 1 compliant). We do not store card numbers. Legal basis: contract performance.
Website analytics: We use Plausible Analytics, which is cookieless and does not collect personal data. No IP addresses are stored.
We share data only with: Stripe (payment processing, US, under UK adequacy framework); Google (when accessing your analytics, US, under standard contractual clauses); Plausible (analytics, EU-hosted). We never sell data to third parties.
You have the right to: access your data; rectify inaccurate data; erase your data; restrict processing; data portability; object to processing; withdraw consent. Contact hello@cometseo.com. We respond within 30 calendar days. If unsatisfied, you may complain to the ICO: ico.org.uk/make-a-complaint.
Client project data: duration of engagement plus 6 years (HMRC requirement). SEO reports and deliverables: 2 years after project end. Invoices and financial records: 6 years (Companies Act). Analytics access: revoked within 7 days of project conclusion. Contact form submissions from non-clients: 12 months.
All data transmitted via HTTPS (TLS 1.3). Data at rest encrypted (AES-256). Two-factor authentication on all accounts. Non-disclosure agreements signed by all team members. Access restricted on a need-to-know basis. In the event of a data breach, we will notify the ICO within 72 hours per UK GDPR Article 33, and affected individuals without undue delay per Article 34.
We do not use automated decision-making or profiling that produces legal effects concerning you.
We may update this policy. Material changes will be communicated via email to active clients. The latest version is always available on this page.
Last updated: March 2026.
Online · Northampton