HomeServicesAboutContact

Privacy Policy

Last updated: 8 March 2026

1. Who we are

The Co-Ord is a wedding and event coordination business based in Manchester, UK. When we refer to “we”, “us” or “our” in this policy, we mean The Co-Ord.

If you have any questions about how we handle your data, you can contact us at enquiries@theco-ord.co.uk.

2. What data we collect

We collect the following personal data when you interact with our website:

When you submit an inquiry or quote request

  • Full name
  • Email address
  • Phone number
  • Event details (date, venue, guest count, event type)
  • Any additional information you provide in your message

When you create a client account

  • Full name
  • Email address
  • Phone number
  • Account login credentials (password is encrypted and never stored in plain text)

When you make a payment

  • Payment amount and type
  • Payment status and transaction reference

We do not store your card details. All payment processing is handled securely by Stripe, our payment processor.

3. How we use your data

We use your personal data to:

  • Respond to your inquiry and provide a quote
  • Coordinate and manage your event
  • Send you event-related communications (confirmations, updates, documents)
  • Process payments for our services
  • Provide access to your client portal

We will never use your data for marketing purposes unless you have given us explicit consent to do so.

4. Legal basis for processing

We process your personal data on the following legal bases under UK GDPR:

  • Contract: Processing is necessary to fulfil our contract with you or to take steps at your request before entering into a contract (e.g. responding to your inquiry, managing your event).
  • Legitimate interest: Processing is necessary for our legitimate business interests, such as improving our services and maintaining our client relationships.
  • Consent: Where you have given us specific consent, for example to receive marketing communications.

5. Who we share your data with

We share your data only with the following third-party services, which are necessary to operate our business:

  • Stripe — for processing payments securely. See Stripe's privacy policy.
  • Resend — for sending transactional emails (e.g. inquiry confirmations, event updates). See Resend's privacy policy.
  • Supabase — for securely storing your data and managing authentication. See Supabase's privacy policy.
  • Vercel — for hosting our website and providing privacy-friendly website analytics. Vercel Analytics collects anonymous, aggregated usage data (such as page views and visitor counts) without using cookies or tracking individual users. See Vercel's privacy policy.

We do not sell, rent or share your personal data with any other third parties.

6. Cookies

Our website uses only essential cookies that are strictly necessary for the site to function. These are used to manage your login session if you access the client portal.

We use Vercel Analytics to collect anonymous, aggregated website usage data (such as page views). Vercel Analytics does not use cookies and does not track or identify individual visitors. We do not use any advertising or tracking cookies.

7. How we protect your data

We take appropriate technical and organisational measures to protect your personal data, including:

  • All data is transmitted over HTTPS (encrypted in transit)
  • Passwords are hashed and never stored in plain text
  • Access to personal data is restricted to authorised staff only
  • Our database enforces row-level security policies

8. How long we keep your data

We retain your personal data for as long as necessary to fulfil the purposes for which it was collected, or as required by law. Specifically:

  • Inquiry data: Retained for up to 12 months after your inquiry if you do not become a client, then deleted.
  • Client data: Retained for the duration of our business relationship and for up to 6 years afterwards for legal and accounting purposes.
  • Payment records: Retained for 6 years as required by UK tax regulations.

9. Your rights

Under UK GDPR, you have the right to:

  • Access the personal data we hold about you
  • Correct any inaccurate or incomplete data
  • Delete your personal data (subject to legal obligations)
  • Restrict how we process your data
  • Object to our processing of your data
  • Data portability — receive your data in a structured, commonly used format

To exercise any of these rights, please contact us at enquiries@theco-ord.co.uk. We will respond within 30 days.

You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk if you believe your data has been mishandled.

10. Changes to this policy

We may update this privacy policy from time to time. Any changes will be posted on this page with an updated “last updated” date. We encourage you to review this page periodically.

11. Contact us

If you have any questions about this privacy policy or how we handle your data, please contact us: