Privacy Policy

Last Updated: 27-03-2019

Introduction and Our Commitment to Your Privacy

At Delta Internet Limited, we understand that your privacy is fundamental to your trust in us. As a professional digital marketing agency, we handle personal information with the utmost care and in strict compliance with all applicable data protection legislation. This comprehensive Privacy Policy explains how we collect, use, protect, share, and manage your personal data.

We respect and value the privacy of everyone who visits our website, deltainternetltd.com (“Our Site”), enquires about our services, or engages us as a client. We will only collect and use personal data in ways that are described in this Privacy Policy and in a manner that is consistent with our obligations and your rights under UK and international data protection law.

Our Promise to You

• Transparency: We will be clear about what data we collect and why
• Control: You have meaningful control over your personal information
• Security: We implement robust measures to protect your data
• Respect: We will only use your data for legitimate purposes you'd reasonably expect
• Compliance: We fully comply with UK GDPR, Data Protection Act 2018, and all applicable regulations

Please read this Privacy Policy carefully to understand our views and practices regarding your personal data and how we will treat it. Your use of Our Site signifies your acceptance of this Privacy Policy. If you do not accept this Privacy Policy, please do not use Our Site or provide us with any personal information.

---

1. Key Information and Definitions

1.1 Who We Are (Data Controller)

For the purposes of applicable data protection legislation, Delta Internet Limited is the Data Controller of the personal data collected through Our Site and in the provision of our services. This means we determine the purposes for which and the manner in which your personal data is processed.

Our Details:

• Legal Entity: Delta Internet Limited
• Company Registration Number: 11734615
• Registered Office: 9 Fairburn Close, Borehamwood, Hertfordshire, WD6 5EZ, United Kingdom
• Primary Contact Email: [email protected]
• Telephone: 44-175-396-3005
• Website: deltainternetltd.com

1.2 Our Data Protection Officer

Our Data Protection Officer is responsible for overseeing questions in relation to this Privacy Policy and our data protection practices. If you have any questions about this Privacy Policy, including any requests to exercise your legal rights, please contact our Data Protection Officer:

Contact Details:

• Email: [email protected] (Subject: “Data Protection Enquiry”)
• Post: Data Protection Officer, Delta Internet Limited, 9 Fairburn Close, Borehamwood, Hertfordshire, WD6 5EZ, United Kingdom
• Telephone: 44-175-396-3005 (ask for the Data Protection Officer)

1.3 Important Definitions

To ensure clarity throughout this Privacy Policy, the following terms have specific meanings:

“Personal Data” means any information relating to an identified or identifiable natural person (a “Data Subject”). An identifiable person is one who can be identified, directly or indirectly, by reference to an identifier such as a name, an identification number, location data, an online identifier, or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that person.

“Special Categories of Personal Data” means personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data (where used for identification purposes), data concerning health, or data concerning a person's sex life or sexual orientation. We do not generally collect or process Special Categories of Personal Data except in limited circumstances where you explicitly provide such information or where necessary for legal compliance.

“Processing” means any operation or set of operations performed on personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure, or destruction.

“Data Processor” means a natural or legal person, public authority, agency, or other body which processes personal data on behalf of the Data Controller. When we use third-party service providers to process personal data on our behalf, they act as Data Processors under our instruction.

“UK GDPR” means the UK General Data Protection Regulation, being the GDPR as it forms part of UK law by virtue of section 3 of the European Union (Withdrawal) Act 2018, as amended by the Data Protection, Privacy and Electronic Communications (Amendments etc.) (EU Exit) Regulations 2019.

“Data Protection Act 2018” or “DPA 2018” means the primary piece of UK legislation governing data protection, which supplements and tailors the UK GDPR.

“PECR” means the Privacy and Electronic Communications (EC Directive) Regulations 2003 (as amended), which regulate electronic communications including cookies, marketing emails, and calls.

“Cookies” means small text files that are placed on your computer, smartphone, or other device when you visit websites. Cookies contain information that is transferred to your device's hard drive and enable websites to remember information about your visit.

“Legitimate Interests” means the lawful basis for processing where our use of your data is necessary for our legitimate business interests or those of a third party, provided those interests are not overridden by your fundamental rights and freedoms.

“Consent” means any freely given, specific, informed, and unambiguous indication of your wishes by which you, through a statement or clear affirmative action, signify agreement to the processing of personal data relating to you.

1.4 Scope of This Privacy Policy

What This Policy Covers:

This Privacy Policy applies to personal data we collect:

• Through Our Site (including any subdomains)
• Through emails, phone calls, and other direct communications with us
• Through our provision of digital marketing services to clients
• Through events, webinars, or other activities we organize
• From third-party sources (with appropriate consent or legal basis)

What This Policy Does Not Cover:

This Privacy Policy does not apply to:

• Third-party websites linked from Our Site (even if we recommend them)
• Social media platforms where we maintain a presence (each platform has its own privacy policy)
• Services provided by our clients or partners (they are separate Data Controllers)
• Personal data we process solely on behalf of clients as a Data Processor (governed by separate Data Processing Agreements)

We have no control over and are not responsible for the privacy practices of third-party websites or services. We strongly advise you to review the privacy policies of any third-party sites you visit.

1.5 Children's Privacy

Age Restrictions:

Our Site and services are not intended for children under the age of 16. We do not knowingly collect personal data from children under 16. If you are under 16, please do not use Our Site, register an account, submit any personal information through Our Site, or engage our services.

Parental Notice:

If you are a parent or guardian and you are aware that your child has provided us with personal data without your consent, please contact us immediately. If we become aware that we have collected personal data from a child under 16 without verification of parental consent, we will take steps to remove that information from our systems promptly.

Educational Services:

In limited circumstances where we provide services to educational institutions that involve processing data of minors, we do so under appropriate legal agreements with the institution, which acts as the Data Controller, and with appropriate safeguards in place.

---

2. What Personal Data We Collect

The personal data we collect depends on how you interact with us. Below is a comprehensive overview of the types of personal data we may collect, organized by source and purpose.

2.1 Data You Provide Directly to Us

Contact and Enquiry Information:

When you contact us, submit an enquiry form, or register for our newsletter, we may collect:

• Full name (first name and surname)
• Job title and role
• Company or organization name
• Business address
• Email address
• Telephone number (landline and/or mobile)
• Correspondence address (if different from business address)
• Nature of your enquiry or interest in our services
• Preferred contact method and times
• How you heard about us

Account Registration Data:

If you create an account on Our Site (for accessing client portals, resources, or other features), we collect:

• Username and login credentials
• Password (stored in encrypted/hashed form only)
• Profile information you choose to provide
• Account preferences and settings
• Security questions and answers (if applicable)

Service Engagement Information:

When you engage our services as a client, we collect:

• Detailed business information (company size, industry, target market, competitive landscape)
• Marketing objectives and goals
• Current marketing activities and performance data
• Website analytics and access credentials
• Social media account information
• Advertising platform credentials and access
• Brand guidelines and marketing materials
• Product or service information
• Target audience demographics and psychographics
• Budget information and financial constraints
• Historical performance data and benchmarks
• Stakeholder contact information
• Communication preferences

Payment and Billing Information:

For financial transactions, we collect:

• Billing address
• Company VAT number (if applicable)
• Purchase order numbers
• Invoice delivery preferences
• Payment method information (processed securely through third-party payment processors—we do not store complete credit card details)
• Transaction history and payment records
• Bank account details (for Direct Debit or BACS payments)

Communications and Correspondence:

We retain records of:

• Email correspondence with you
• Phone call logs and notes (where permitted and relevant to service provision)
• Meeting notes and action items
• Chat or instant message conversations
• Support tickets and helpdesk interactions
• Feedback, complaints, and testimonials you provide
• Survey responses and research participation

Event and Webinar Registrations:

If you register for events, webinars, training sessions, or workshops we organize, we collect:

• Name and contact details
• Company information
• Dietary requirements or accessibility needs (for in-person events)
• Professional interests and learning objectives
• Attendance records and engagement data

Job Applications:

If you apply for employment with us, we collect:

• CV/resume and cover letter
• Employment history and references
• Educational qualifications
• Professional certifications and memberships
• Right to work documentation
• Equal opportunities monitoring data (optional and anonymized)

2.2 Data We Collect Automatically

Website Usage Data:

When you visit Our Site, we automatically collect certain information through cookies and similar technologies:

• IP address (anonymized where possible)
• Browser type and version
• Operating system
• Device type (desktop, tablet, mobile)
• Screen resolution
• Referring website or source
• Pages you visit on Our Site
• Time spent on each page
• Links you click
• Search terms you use on Our Site
• Date and time of your visit
• Geographic location (country and city level, derived from IP address)
• Language preferences

Technical and Diagnostic Data:

For maintaining and improving Our Site, we collect:

• Error logs and crash reports
• Performance metrics and load times
• Feature usage statistics
• API calls and responses
• Browser capabilities and supported features

Marketing and Analytics Data:

Through marketing technologies and analytics platforms, we collect:

• Campaign source and medium (how you found us)
• Marketing campaign interactions
• Email open rates and click-through rates
• Advertising engagement metrics
• Conversion events (form submissions, downloads, etc.)
• Attribution data across marketing channels
• A/B test participation and segment assignments

2.3 Data We Receive from Third Parties

Business Intelligence and Lead Data:

We may receive information about you from:

• Business directories and databases
• Industry associations and membership organizations
• Professional networking platforms (like LinkedIn)
• Data enrichment services that supplement basic contact information with additional business context
• Conference and event organizers (where you've attended industry events)

This information typically includes business contact details, company information, professional roles, and publicly available business information. We only obtain such data from reputable sources that have appropriate consent or legal basis for sharing the information.

Social Media Platforms:

If you interact with us on social media or choose to connect your social media accounts with Our Site, we may receive:

• Public profile information
• Social media handles and usernames
• Publicly posted content and interactions
• Friend or follower lists (where relevant and permitted)

Analytics and Advertising Partners:

We receive aggregated and/or anonymized data from:

• Google Analytics and similar analytics platforms
• Advertising networks and platforms
• Social media advertising (Facebook Pixel, LinkedIn Insight Tag, etc.)
• Marketing automation platforms

Referral Partners:

If someone refers you to us or recommends our services, we may receive:

• Your name and contact information
• Context about your business or needs
• Permission status for us to contact you

2.4 Special Categories of Personal Data

General Policy:

We do not routinely collect Special Categories of Personal Data (such as health information, racial or ethnic origin, political opinions, religious beliefs, trade union membership, genetic or biometric data, sex life, or sexual orientation).

Limited Exceptions:

In rare circumstances, we may process Special Categories of Personal Data:

Accessibility and Dietary Requirements:

If you attend our in-person events and inform us of dietary requirements (which may indicate religious beliefs) or accessibility needs (which may indicate health conditions), we process this data solely to accommodate your needs at the event.

Diversity Monitoring:

If you apply for employment, we may collect diversity monitoring information on a voluntary basis. This data is:

• Completely optional
• Anonymized and separated from your application
• Used only for equal opportunities monitoring
• Not used in hiring decisions

Legal Basis:

When we process Special Categories of Personal Data, we rely on:

• Your explicit consent
• Substantial public interest (for diversity monitoring)
• Necessary for reasons of substantial public interest in the context of employment law

You can withdraw consent for processing Special Categories of Personal Data at any time by contacting us.

2.5 Data We Do Not Collect

To provide clarity and reassurance, we want to be explicit about data we do not collect:

• Financial account passwords or complete credit card details (payment information is processed securely through PCI-compliant payment processors)
• Sensitive personal information unrelated to our business relationship (medical records, criminal records, etc.)
• Children's data (we do not knowingly collect data from anyone under 16)
• Data through covert means (we do not use hidden tracking, keystroke logging, or deceptive practices)

---

3. How and Why We Use Your Personal Data

We process your personal data only where we have a lawful basis to do so under UK GDPR. Below we explain the purposes for which we use your personal data and the lawful bases we rely upon.

3.1 Legal Bases for Processing

Under UK GDPR, we must have a lawful basis for processing your personal data. The lawful bases we rely upon are:

Consent:

You have given clear, informed consent for us to process your personal data for a specific purpose. You can withdraw consent at any time.

Contract:

Processing is necessary for us to perform a contract with you or to take steps before entering into a contract at your request.

Legal Obligation:

Processing is necessary for us to comply with legal obligations we are subject to under UK or EU law.

Vital Interests:

Processing is necessary to protect someone's life (rarely applicable in our context).

Public Task:

Processing is necessary to perform a task in the public interest or for official functions (not typically applicable to our business).

Legitimate Interests:

Processing is necessary for our legitimate interests or those of a third party, except where those interests are overridden by your rights and freedoms. When we rely on legitimate interests, we carefully balance our interests against your rights.

3.2 Purposes and Legal Bases

Providing Our Services to Clients

Purpose: To deliver the digital marketing services you've engaged us to provide, including:

• Managing SEO campaigns and optimizations
• Running and optimizing PPC advertising campaigns
• Creating and publishing content
• Managing social media accounts
• Building and maintaining websites
• Providing analytics and reporting
• Offering strategic advice and consultation

Legal Basis: Contract (necessary to perform our services under our agreement with you)

Data Used: Service engagement information, website access, advertising account access, performance data, communications

Responding to Enquiries and Communications

Purpose: To respond to your questions, enquiries, requests for information, and other communications with us.

Legal Basis: - Legitimate Interests (our interest in responding to enquiries and building business relationships) - Contract (where your enquiry relates to entering into a contract)

Data Used: Contact information, enquiry details, correspondence records

Creating and Managing Your Account

Purpose: To create, maintain, and manage any account you create on Our Site, including:

• Authentication and access control
• Storing your preferences and settings
• Providing access to client portals and resources
• Managing your subscription to communications

Legal Basis: - Contract (necessary to provide account services) - Legitimate Interests (efficient account management and customer service)

Data Used: Account registration data, login credentials, preferences, usage history

Processing Payments and Managing Billing

Purpose: To process payments for our services, issue invoices, maintain financial records, and manage any payment issues or disputes.

Legal Basis:

• Contract (necessary to complete transactions)
• Legal Obligation (maintaining financial records for tax and accounting purposes)

Data Used: Payment information, billing addresses, transaction history, VAT numbers, purchase orders

Improving Our Site and Services

Purpose: To understand how Our Site is used and how our services are received, enabling us to:

• Improve website functionality and user experience
• Develop new features and services
• Fix bugs and technical issues
• Optimize performance and loading times
• Understand user journey and behavior patterns

Legal Basis: Legitimate Interests (our interest in providing a high-quality website and continuously improving our services)

Data Used: Website usage data, technical data, analytics data, feedback and survey responses

Marketing and Business Development

Purpose: To market our services to you, including:

• Sending newsletters and email updates about our services
• Inviting you to events, webinars, and training
• Sharing relevant industry insights and content
• Notifying you of new services or special offers
• Conducting market research

Legal Basis:

• Consent (for direct marketing to individuals)
• Legitimate Interests (for marketing to businesses and for market research)

Data Used: Contact information, engagement history, communication preferences, company information

Important: You can opt out of marketing communications at any time using the unsubscribe link in emails or by contacting us.

Security and Fraud Prevention

Purpose: To protect Our Site, our systems, our business, and our clients from:

• Fraudulent activity and cyber attacks
• Unauthorized access and data breaches
• Misuse of our services
• Violation of our Terms and Conditions
• Legal claims and disputes

Legal Basis:

• Legitimate Interests (protecting our business, systems, and clients)
• Legal Obligation (where required by law)

Data Used: Technical data, IP addresses, access logs, usage patterns, communications

Compliance and Legal Requirements

Purpose: To comply with our legal and regulatory obligations, including:

• Tax and accounting requirements
• Anti-money laundering regulations
• Employment law compliance
• Health and safety obligations
• Responding to legal requests and court orders
• Defending or bringing legal claims

Legal Basis: Legal Obligation, Legitimate Interests (in protecting our legal rights)

Data Used: All relevant personal data necessary for compliance purposes

Event Management

Purpose: To organize and manage events, webinars, and training sessions, including:

• Registration and attendance tracking
• Communicating event details and updates
• Accommodating accessibility needs and dietary requirements
• Recording sessions (where appropriate and with notice)
• Following up after events

Legal Basis:

• Contract (where events are part of our service)
• Consent (for recording and for special categories of data)
• Legitimate Interests (efficient event management)

Data Used: Registration information, attendance records, preferences, feedback

Recruitment and Employment

Purpose: To manage job applications and, if you become an employee:

• Assessing candidate suitability
• Conducting background checks and references
• Managing employment relationships
• Payroll and benefits administration
• Training and development
• Performance management

Legal Basis:

• Contract (employment relationship)
• Legal Obligation (employment law compliance)
• Legitimate Interests (recruitment and HR management)

Data Used: Application materials, employment records, performance data

Business Operations and Administration

Purpose: To run our business efficiently, including:

• Managing relationships with suppliers and partners
• Internal record keeping and file management
• Business planning and strategy
• Quality assurance and training
• Insurance and risk management
• Professional services (accounting, legal advice)

Legal Basis: Legitimate Interests (efficient business operations)

Data Used: Business contact information, contracts, communications, transaction records

3.3 Automated Decision-Making and Profiling

Our Approach:

We do not use automated decision-making or profiling that produces legal effects concerning you or similarly significantly affects you.

Limited Automated Processing:

We may use automated systems for:

• Spam filtering and email management
• Basic customer segmentation for marketing (e.g., industry sector, company size)
• Website personalization (showing relevant content based on browsing behavior)

Human Oversight:

Any significant decisions affecting you (such as whether to take you on as a client, pricing, or service recommendations) involve human review and judgment.

Your Rights:

If our approach to automated processing changes, we will:

• Update this Privacy Policy
• Notify affected individuals
• Provide meaningful information about the logic involved
• Offer the right to human intervention and review

3.4 Marketing Communications

Types of Marketing:

Direct Marketing to Existing Clients:

If you're a client, we may send you information about similar services to those you've purchased, based on our legitimate interests, unless you opt out.

Direct Marketing to Prospects:

If you've enquired about our services or provided consent, we may send marketing communications about our services.

Email Marketing:

We send newsletters, updates, case studies, and promotional emails to those who have:

• Provided explicit consent (for individuals)
• Enquired about our services (soft opt-in for business contacts)
• Are existing clients (for service-related updates)

Telephone Marketing:

We may contact business prospects by telephone based on legitimate interests. We respect the Telephone Preference Service (TPS) and Corporate Telephone Preference Service (CTPS).

Social Media and Online Advertising:

We may show you targeted advertisements on social media and other platforms based on:

• Your visits to Our Site (remarketing)
• Your demographic and interest profile
• Lookalike audiences based on our existing customers

Your Control:

You can opt out of marketing at any time by:

• Clicking unsubscribe links in emails
• Adjusting cookie preferences for online advertising
• Contacting us directly at [email protected]
• Registering with preference services (TPS, CTPS, MPS)

Opting out of marketing does not affect:

• Transactional communications (invoices, service notifications)
• Essential account communications
• Responses to your enquiries
• Legally required communications

---

4. How Long We Keep Your Personal Data

We retain personal data only for as long as necessary to fulfill the purposes for which it was collected and to comply with legal, regulatory, accounting, and reporting requirements.

4.1 General Retention Principles

Purpose Limitation:

Once personal data is no longer needed for its original purpose, we delete or anonymize it, unless we're required to retain it for legal reasons.

Legal Requirements:

Certain types of data must be retained for specific periods under UK law (e.g., financial records for tax purposes).

Your Rights:

You can request deletion of your data at any time, though we may need to retain certain information for legal compliance.

4.2 Specific Retention Periods

Website Visitors and Enquiries:

• Contact form enquiries: 3 years from last contact
• Email correspondence (non-clients): 3 years from last meaningful interaction
• Website analytics data: 26 months (aligned with Google Analytics standard retention)
• Cookie data: As specified in cookie settings (typically up to 24 months)
• IP addresses and logs: 12 months for security purposes

Newsletter Subscribers and Marketing Contacts:

• Active subscribers: Until you unsubscribe
• Inactive subscribers: 3 years from last engagement (opens, clicks, or interactions)
• Marketing prospect data: 3 years from last meaningful interaction or campaign response
• Suppression lists (unsubscribed contacts): Retained indefinitely to honor your opt-out preference

Client Service Data:

• Active client records: Duration of relationship plus 7 years
• Project files and deliverables: 7 years after project completion
• Service agreements and contracts: Duration of contract plus 7 years
• Performance data and reports: 7 years after service termination
• Communications with clients: 7 years after last communication
• Client invoices and financial records: 7 years (required by HMRC for tax purposes)

Rationale for 7-year retention: This period aligns with UK tax law requirements and statute of limitations for contract claims (6 years, plus 1 year buffer).

Account Information:

• Active accounts: Duration of account plus 90 days
• Deleted accounts: Immediate deletion, except where legal retention required
• Account activity logs: 3 years for security and fraud prevention

Event and Webinar Participants:

• Registration information: 3 years from event date
• Attendance records: 3 years from event date
• Post-event communications: 1 year from event date
• Recording permissions: Duration of recording availability plus 1 year

Job Applications:

• Unsuccessful applications: 12 months from application date
• Interview records: 12 months from interview date
• Employee records: Duration of employment plus 7 years
• Right to work documentation: Duration of employment plus 2 years (legal requirement)

Special Categories of Personal Data:

• Dietary/accessibility requirements: Deleted within 30 days after event
• Diversity monitoring data: Anonymized immediately; aggregated reports retained for 3 years
• Other special categories: As required by law or deleted when no longer necessary

Legal Claims and Disputes:

Where data is relevant to actual or potential legal claims:

• During active litigation: Duration of proceedings plus 1 year
• Potential claims: Within statute of limitations period (typically 6 years for contract claims)
• Settled matters: 7 years from settlement

4.3 Data Deletion and Anonymization

Secure Deletion:

When retention periods expire, we:

• Permanently delete data from active systems
• Remove data from backups during the next backup cycle
• Securely destroy any physical records
• Confirm deletion to third-party processors

Anonymization:

Instead of deletion, we may anonymize data by:

• Removing all identifiable information
• Aggregating data into statistics
• Ensuring data cannot be re-identified

Anonymized data is no longer personal data and can be retained indefinitely for research, analytics, and business intelligence purposes.

4.4 Your Right to Request Earlier Deletion

You have the right to request deletion of your personal data before the standard retention period expires (the “right to erasure” or “right to be forgotten”).

When we must delete your data:

• The data is no longer necessary for its original purpose
• You withdraw consent (where consent was the legal basis)
• You object to processing based on legitimate interests and we have no overriding grounds
• The data was unlawfully processed
• Deletion is required for legal compliance

When we may refuse deletion:

• We need the data to comply with legal obligations
• The data is needed to establish, exercise, or defend legal claims
• The data is needed for archiving, research, or statistical purposes in the public interest

How to request deletion:

Contact us at [email protected] with subject “Right to Erasure Request”. We'll respond within 30 days.

---

5. How We Protect Your Personal Data

Data security is of paramount importance to us. We implement comprehensive technical and organizational measures to protect your personal data against unauthorized access, accidental loss, destruction, or damage.

5.1 Technical Security Measures

Encryption:

• In Transit: All data transmitted to and from Our Site uses TLS/SSL encryption (HTTPS)
• At Rest: Sensitive data stored on our systems is encrypted using industry-standard encryption algorithms
• Backups: All backup files are encrypted before storage
• Email: We use encrypted email services for sensitive communications where appropriate

Network Security:

• Firewalls: Multi-layered firewall protection on all systems
• Intrusion Detection: Real-time monitoring for suspicious activity and potential security breaches
• DDoS Protection: Distributed Denial of Service attack mitigation
• Network Segmentation: Separation of different types of data and systems to limit breach impact

Access Controls:

• Authentication: Strong password requirements enforced (minimum length, complexity, regular changes)
• Multi-Factor Authentication (MFA): Required for access to sensitive systems and data
• Role-Based Access: Staff can only access data necessary for their role
• Access Logging: All access to personal data is logged and regularly reviewed
• Automatic Lockout: Accounts are automatically locked after multiple failed login attempts

System Security:

• Regular Updates: Operating systems, applications, and security software kept current with latest patches
• Antivirus/Antimalware: Comprehensive protection on all endpoints and servers
• Vulnerability Scanning: Regular automated and manual security assessments
• Penetration Testing: Periodic independent security testing to identify vulnerabilities
• Secure Development: Security-by-design principles in any custom software development

Data Backup and Recovery:

• Regular Backups: Automated daily backups of all systems containing personal data
• Offsite Storage: Backups stored in secure, geographically separate locations
• Backup Testing: Regular restoration tests to ensure backup integrity
• Disaster Recovery Plan: Documented procedures for responding to major incidents

Secure Data Disposal:

• Digital Data: Secure wiping or cryptographic erasure of deleted data
• Physical Media: Destruction of hard drives and physical storage media according to certified standards
• Document Destruction: Secure shredding of paper documents containing personal data

5.2 Organizational Security Measures

Staff Training and Awareness:

• Mandatory Training: All staff receive data protection training upon joining and annually thereafter
• Role-Specific Training: Additional training for staff with access to sensitive data
• Phishing Awareness: Regular testing and education on social engineering threats
• Incident Response Training: Staff know how to recognize and report potential security incidents

Access Management:

• Need-to-Know Principle: Staff only access personal data necessary for their role
• Regular Access Reviews: Periodic audits of who has access to what data
• Immediate Revocation: Access removed immediately when staff leave or change roles
• Visitor Controls: Guests and visitors to our premises are supervised and cannot access systems

Confidentiality Agreements:

• Staff Contracts: All employees sign confidentiality clauses in employment contracts
• Contractors and Vendors: Third parties sign confidentiality agreements before accessing any personal data
• Ongoing Obligations: Confidentiality obligations continue after relationships end

Policies and Procedures:

• Data Protection Policy: Comprehensive internal policy governing data handling
• Information Security Policy: Technical security standards and requirements
• Incident Response Plan: Documented procedures for responding to data breaches
• Acceptable Use Policy: Rules governing staff use of systems and data
• Clean Desk Policy: Requirements to secure documents and lock screens
• Regular Policy Review: All policies reviewed and updated annually

Physical Security:

• Secure Premises: Office access controlled by locks, access cards, or codes
• Visitor Management: Sign-in procedures and visitor badges
• Alarm Systems: Intruder alarms on all premises containing personal data
• CCTV: Security cameras in appropriate locations (with privacy considerations)
• Secure Storage: Locked cabinets for any physical documents containing personal data

Vendor Management:

• Due Diligence: Security assessment before engaging any data processor
• Contractual Requirements: Data Processing Agreements with all processors
• Regular Audits: Review of processor security and compliance
• Sub-Processor Approval: We maintain control over sub-processor arrangements

5.3 Payment Security

PCI DSS Compliance:

We comply with Payment Card Industry Data Security Standards (PCI DSS) for handling payment card information.

Third-Party Payment Processors:

We use PCI DSS Level 1 compliant payment processors (such as Stripe, PayPal, or GoCardless) for handling payment transactions. We do not store complete credit card details on our own systems.

Information We Store:

We may retain:

• Last 4 digits of card numbers (for reference)
• Card type (Visa, Mastercard, etc.)
• Expiry dates
• Payment transaction IDs and receipts

Direct Debit and Bank Transfers:

When processing Direct Debits or bank transfers:

• Bank details are encrypted in storage
• Access is restricted to authorized finance staff
• Transmission uses secure, encrypted channels

5.4 Limitations and Your Responsibilities

No Absolute Security:

Despite our comprehensive security measures, you should be aware that:

• No method of transmission over the internet is 100% secure
• No electronic storage system is completely impenetrable
• Determined attackers with sufficient resources might breach any security system

Your Responsibilities:

To help us protect your data, you should:

• Use Strong Passwords: Create unique, complex passwords for any accounts
• Enable MFA: Use multi-factor authentication where available
• Keep Credentials Confidential: Never share passwords or access credentials
• Be Cautious with Emails: Be wary of phishing attempts claiming to be from us
• Use Secure Connections: Avoid accessing sensitive information over public Wi-Fi
• Keep Software Updated: Maintain current security software on your devices
• Report Issues: Contact us immediately if you suspect unauthorized access or security concerns

Email Security:

Email is not a completely secure medium. For highly sensitive information, consider:

• Using encrypted email services
• Password-protecting attached documents
• Contacting us by phone for very sensitive matters

---

6. Who We Share Your Personal Data With

We respect your privacy and do not sell, rent, or trade your personal data to third parties for their marketing purposes. However, we do share your personal data with certain trusted third parties in limited circumstances, as described below.

6.1 Service Providers and Data Processors

We engage carefully selected third-party service providers to help us operate our business and provide services to you. These providers process personal data on our behalf, under our instruction, and subject to strict contractual obligations.

Categories of Service Providers:

Website and Technology Infrastructure:

• Web Hosting Providers: Store Our Site data and content
• Cloud Storage Services: Secure storage of documents and files
• Content Delivery Networks (CDNs): Improve website performance and loading times
• Domain and DNS Providers: Manage our domain names and DNS services

Communication and Customer Relationship Management:

• Email Service Providers: Send and manage email communications (e.g., Google Workspace, Microsoft 365)
• Email Marketing Platforms: Manage newsletters and marketing campaigns (e.g., Mailchimp, Campaign Monitor)
• CRM Systems: Manage client relationships and track interactions (e.g., HubSpot, Salesforce)
• Project Management Tools: Collaborate on client projects (e.g., Asana, Monday.com, Trello)
• Video Conferencing: Conduct meetings and consultations (e.g., Zoom, Microsoft Teams, Google Meet)

Analytics and Performance Monitoring:

• Google Analytics: Website analytics and user behavior analysis
• Google Search Console: Website search performance monitoring
• Heatmap Tools: Understand how users interact with Our Site (e.g., Hotjar)
• Performance Monitoring: Track website uptime and performance

Advertising and Marketing Technologies:

• Google Ads: Manage and optimize PPC campaigns for clients
• Facebook/Meta: Social media advertising and analytics
• LinkedIn: Professional networking and B2B advertising
• Advertising Networks: Display and programmatic advertising
• Remarketing Platforms: Show relevant ads to people who've visited Our Site

Payment Processing:

• Payment Gateways: Process credit card and online payments (e.g., Stripe, PayPal)
• Direct Debit Providers: Manage recurring payments (e.g., GoCardless)
• Accounting Software: Financial record keeping (e.g., Xero, QuickBooks)

Security and Fraud Prevention:

• Security Monitoring Services: Detect and prevent cyber threats
• Backup Services: Secure, encrypted data backups
• Authentication Services: Secure login and identity verification

Professional Services:

• Accountants and Auditors: Financial compliance and tax services
• Legal Advisors: Legal compliance and advice
• Business Consultants: Strategic advice and business development
• IT Support: Technical support and system maintenance

Data Processing Agreements:

We have Data Processing Agreements (DPAs) in place with all service providers that process personal data on our behalf. These agreements:

• Define the scope and purpose of processing
• Require processors to implement appropriate security measures
• Prohibit processors from using data for their own purposes
• Require notification of any data breaches
• Grant us audit rights
• Require secure deletion of data when no longer needed

Sub-Processors:

Some of our processors may use sub-processors (e.g., cloud hosting providers using data center operators). We maintain oversight of these arrangements and ensure appropriate safeguards are in place throughout the processing chain.

6.2 Client-Authorized Third Parties

When providing services to clients, we may need to interact with third-party platforms and services on your behalf, with your authorization:

Advertising Platforms:

• Google Ads, Microsoft Advertising, social media ad platforms

Social Media Accounts:

• Facebook, Instagram, LinkedIn, Twitter, TikTok, YouTube

Analytics and SEO Tools:

• Google Analytics, Google Search Console, third-party SEO platforms

Website and E-Commerce Platforms:

• WordPress, Shopify, Wix, Squarespace, etc.

Email Marketing Systems:

• Your email marketing or marketing automation platforms

In these cases:

• You authorize our access through platform-specific permission systems
• We act under your instruction as your agent or data processor
• You retain ultimate control and ownership of accounts
• We comply with platform terms of service

6.3 Legal and Regulatory Authorities

We may disclose your personal data to legal, regulatory, or governmental authorities when required or permitted by law:

Mandatory Disclosures:

• Law Enforcement: In response to valid legal requests (warrants, subpoenas, court orders)
• Regulatory Authorities: To comply with regulations (ICO, HMRC, Companies House, etc.)
• Tax Authorities: For tax compliance and reporting requirements
• Legal Proceedings: In connection with litigation or legal disputes

Discretionary Disclosures:

• Fraud Prevention: To prevent, detect, or investigate fraud or other criminal activity
• Legal Rights: To protect our legal rights, property, or safety or that of others
• Public Interest: When disclosure serves an important public interest

Transparency Commitment:

Where legally permitted, we will:

• Notify you before disclosing your data to authorities (unless prohibited or notification would undermine the purpose)
• Review requests for legal validity
• Disclose only the minimum data necessary
• Challenge overly broad or inappropriate requests

6.4 Business Transfers

Mergers, Acquisitions, and Sales:

If we sell, merge, or reorganize our business, or sell any part of our business, personal data may be transferred to potential or actual purchasers or merger partners.

Protection of Your Data:

In such circumstances:

• We will ensure the receiving party is subject to data protection obligations at least as protective as this Privacy Policy
• You will be notified of any such transfer (where practicable)
• The new owner will be permitted to use your data only for the same purposes as originally collected
• Your rights under data protection law continue to apply

Due Diligence:

During due diligence processes, we may share limited data with potential purchasers or investors under strict confidentiality agreements.

6.5 Anonymized and Aggregated Data

Non-Personal Data:

We may share anonymized, aggregated, or statistical data that cannot identify you individually with:

• Industry publications and research organizations
• Benchmarking and competitive intelligence services
• Investors and business partners
• Public reports and case studies

Example: We might share statistics like “Our SEO clients see an average 45% increase in organic traffic over 12 months” without revealing any individual client's data.

True Anonymization:

We ensure that anonymized data:

• Cannot be used to re-identify individuals
• Is aggregated sufficiently to prevent singling out
• Does not include indirect identifiers that could be combined with other data to identify individuals

6.6 With Your Consent

We may share your personal data with other third parties where you have given specific consent for us to do so. This might include:

• Referral partners you've agreed to be introduced to
• Joint marketing initiatives with partners
• Co-hosted events or webinars
• Industry associations or membership organizations

You can withdraw such consent at any time by contacting us.

6.7 What We Don't Do

No Selling of Data:

We do not sell, rent, or trade your personal data to third parties for monetary or other valuable consideration.

No Third-Party Marketing (Without Consent):

We do not share your personal data with third parties for their own marketing purposes unless you've explicitly consented.

No Indiscriminate Sharing:

We do not share your data widely or unnecessarily. Sharing is limited to specific purposes outlined in this Privacy Policy.

---

7. International Data Transfers

7.1 Our Approach to International Transfers

UK-Based Operations:

We are a UK-based company and our primary operations and data processing take place within the United Kingdom.

Some International Processing:

However, some of the third-party service providers we use may process data outside the UK and European Economic Area (EEA), particularly:

• Cloud services with global infrastructure (e.g., Google, Microsoft, Amazon Web Services)
• Marketing platforms with US headquarters (e.g., Mailchimp, HubSpot)
• Communication tools (e.g., Zoom, Slack)

7.2 Safeguards for International Transfers

When we transfer personal data outside the UK/EEA, we ensure appropriate safeguards are in place:

Adequacy Decisions:

We may transfer data to countries that the UK Government has determined provide adequate data protection, including:

• EEA countries (deemed adequate by default)
• Countries with adequacy decisions (e.g., currently none post-Brexit, but this may change)

Standard Contractual Clauses (SCCs):

For transfers to countries without adequacy decisions, we use Standard Contractual Clauses approved by the UK Information Commissioner's Office. These are legal contracts that:

• Require the recipient to protect your data to UK/European standards
• Grant you enforceable rights as a third-party beneficiary
• Provide mechanisms for supervision and enforcement

Alternative Transfer Mechanisms:

Where appropriate, we may also rely on:

• Binding Corporate Rules: For transfers within corporate groups with approved BCRs
• Certifications: Such as adherence to approved codes of conduct or certification mechanisms
• Specific Consent: In limited circumstances, with your explicit informed consent

Supplementary Measures:

Following guidance from European data protection authorities, we implement supplementary measures where necessary, such as:

• Additional encryption
• Pseudonymization or anonymization
• Access controls and authentication
• Legal agreements restricting onward transfers

7.3 US Transfers and Privacy Framework

Current Situation:

Following the invalidation of the EU-US Privacy Shield, transfers to the United States require careful attention.

Our Approach:

For US-based service providers:

• We conduct transfer impact assessments
• We implement Standard Contractual Clauses
• We add supplementary security measures
• We select providers with strong privacy commitments
• We monitor legal and regulatory developments

Future Developments:

We monitor developments regarding:

• The EU-US Data Privacy Framework and UK participation
• New adequacy decisions
• Guidance from the ICO and European Data Protection Board

7.4 Your Rights Regarding International Transfers

You have the right to:

• Be informed about international transfers (this Privacy Policy provides that information)
• Request details about the safeguards in place for specific transfers
• Object to transfers if you believe adequate protection is not provided
• Lodge a complaint with the ICO if you're concerned about international transfers

For More Information:

If you have questions or concerns about international data transfers, please contact our Data Protection Officer at [email protected].

---

8. Your Data Protection Rights

Under the UK GDPR and Data Protection Act 2018, you have extensive rights regarding your personal data. We are committed to facilitating the exercise of these rights.

8.1 Right to Be Informed

What It Means:

You have the right to clear, transparent information about how we use your personal data.

How We Fulfill This Right:

This Privacy Policy and our communications provide comprehensive information about our data processing practices.

8.2 Right of Access (Subject Access Request)

What It Means:

You have the right to obtain:

• Confirmation that we process your personal data
• Access to your personal data
• Information about how we use your data

How to Exercise:

Submit a Subject Access Request by emailing [email protected] with subject “Subject Access Request”

What We Need From You:

• Proof of identity (to prevent unauthorized disclosure)
• Specific details about the information you're requesting (if you want specific data rather than everything)
• Any reference numbers, dates, or other information that helps us locate your data

Our Response:

• We respond within 30 days (1 month) of receiving a valid request
• We provide information in a commonly used electronic format (PDF, etc.) unless you request otherwise
• There is no fee for the first request
• If requests are manifestly unfounded, excessive, or repetitive, we may charge a reasonable fee or refuse the request

What We Provide:

• Copy of your personal data
• Information about processing purposes
• Categories of data
• Recipients or categories of recipients
• Retention periods
• Your rights (correction, erasure, etc.)
• Right to complain to ICO
• Source of the data (if not collected from you)
• Whether automated decision-making is used

8.3 Right to Rectification

What It Means:

You have the right to have inaccurate personal data corrected and incomplete data completed.

How to Exercise:

Contact us at [email protected] explaining what information is inaccurate or incomplete and providing the correct information.

Our Response:

• We respond within 30 days
• We correct inaccurate data
• We add supplementary information for incomplete data
• We notify third parties to whom we've disclosed the data (where practicable)
• Free of charge

Examples:

• Correcting a misspelled name
• Updating your job title or company
• Adding missing contact details

8.4 Right to Erasure (“Right to Be Forgotten”)

What It Means:

In certain circumstances, you have the right to have your personal data deleted.

When This Right Applies:

• The data is no longer necessary for its original purpose
• You withdraw consent (where consent was the legal basis)
• You object to processing and there are no overriding legitimate grounds
• The data was unlawfully processed
• Erasure is required for legal compliance
• The data was collected in relation to information society services offered to children

When We Can Refuse:

• We need the data to comply with legal obligations
• The data is needed to establish, exercise, or defend legal claims
• The data is needed for archiving in the public interest, scientific/historical research, or statistical purposes
• We have other overriding legitimate grounds

How to Exercise:

Email [email protected] with subject “Right to Erasure Request”

Our Response:

• We respond within 30 days
• If we agree to erasure, we delete the data and notify relevant third parties
• If we refuse, we explain why and inform you of your right to complain to the ICO

8.5 Right to Restrict Processing

What It Means:

In certain circumstances, you can ask us to restrict (but not delete) your personal data, meaning we store it but don't use it.

When This Right Applies:

• You contest the accuracy of the data (restriction while we verify)
• Processing is unlawful but you prefer restriction to erasure
• We no longer need the data but you need it for legal claims
• You've objected to processing (restriction while we verify our legitimate grounds)

Effect of Restriction:

• We can store the data
• We can process it only with your consent, for legal claims, to protect others' rights, or for important public interest

How to Exercise:

Email [email protected] with subject “Right to Restriction Request” and explain the grounds

Our Response:

• We respond within 30 days
• We apply or lift restrictions as appropriate
• We inform you before lifting any restriction

8.6 Right to Data Portability

What It Means:

You have the right to receive your personal data in a structured, commonly used, machine-readable format, and to transmit it to another controller.

When This Right Applies:

• Processing is based on consent or contract
• Processing is carried out by automated means

This right does NOT apply to:

• Processing based on legal obligations or legitimate interests
• Manual or paper-based records

How to Exercise:

Email [email protected] with subject “Data Portability Request”

What We Provide:

• Data in a commonly used format (CSV, JSON, XML, or similar)
• Data we've processed based on your consent or contract
• Where technically feasible, we can transmit data directly to another controller at your request

Our Response:

• We respond within 30 days
• Free of charge

Example: If you want to move your email marketing list from our CRM to a new provider, we can provide the data in a format the new provider can import.

8.7 Right to Object

What It Means:

You have the right to object to processing of your personal data in certain circumstances.

Direct Marketing:

• You have an absolute right to object to direct marketing at any time
• We must stop processing your data for marketing purposes
• Use unsubscribe links in emails or contact us directly

Legitimate Interests Processing:

• You can object to processing based on our legitimate interests
• You must provide reasons relating to your particular situation
• We must stop processing unless we can demonstrate compelling legitimate grounds that override your interests

Research and Statistics:

• You can object to processing for research or statistical purposes
• We must stop unless the processing is necessary for a public interest task

How to Exercise:

Email [email protected] with subject “Right to Object” and explain your grounds

Our Response:

• For marketing: We stop immediately
• For legitimate interests: We respond within 30 days, either stopping processing or explaining our overriding grounds
• Free of charge

8.8 Rights Related to Automated Decision-Making and Profiling

What It Means:

You have the right not to be subject to decisions based solely on automated processing (including profiling) that produce legal effects or similarly significantly affect you.

Our Practice:

• We do not currently use automated decision-making or profiling that produces legal or similarly significant effects
• Significant decisions (client acceptance, pricing, service recommendations) involve human judgment

If This Changes:

• We will notify you clearly
• Obtain your explicit consent where required
• Provide meaningful information about the logic involved
• Offer the right to human intervention
• Allow you to contest the decision

8.9 How to Exercise Your Rights

Contact Methods:

Email (Preferred):

[email protected]
Subject line: “[Type of Request] - [Your Name]”

Post:

Data Protection Officer
Delta Internet Limited
9 Fairburn Close, Borehamwood, Hertfordshire, WD6 5EZ, United Kingdom

What to Include in Your Request:

• Your full name
• Contact details (email and/or postal address)
• Type of request (access, erasure, etc.)
• Specific details about your request
• Proof of identity (to prevent unauthorized requests)
• Any reference numbers, account details, or information that helps us locate your data

Identity Verification:

To protect your privacy and prevent unauthorized disclosure, we may request identification before responding to your request:

• Photo ID (driving licence, passport)
• Utility bill or bank statement showing your address
• Other information to confirm your identity

Our Response Timeline:

• Standard response: Within 30 days (1 month) of receiving a valid request
• Complex requests: We may extend by a further 2 months, but we'll inform you within the first month
• Free of charge: Except for manifestly unfounded, excessive, or repetitive requests

If We Need More Information:

• We'll contact you promptly if we need clarification or additional information
• The response timeline is paused until we receive the information

If We Refuse Your Request:

• We'll explain why within 30 days
• Inform you of your right to complain to the ICO
• Inform you of your right to judicial remedy

8.10 Right to Complain

To the Information Commissioner's Office (ICO):

If you believe we've not handled your data properly or violated your rights, you can lodge a complaint with the UK's supervisory authority:

Information Commissioner's Office (ICO)
Address: Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
Telephone: 0303 123 1113
Website: www.ico.org.uk
Report online: www.ico.org.uk/make-a-complaint

Before Complaining to the ICO:

We encourage you to contact us first at [email protected]. We take complaints seriously and will work to resolve any issues. However, you have the right to complain directly to the ICO at any time.

Judicial Remedy:

You also have the right to seek a judicial remedy through the courts if you believe your data protection rights have been infringed.

---

9. Cookies and Similar Technologies

9.1 What Are Cookies?

Cookies are small text files stored on your device (computer, smartphone, tablet) when you visit websites. They contain information that is transferred to your device's hard drive and enable the website to remember information about your visit.

Types of Cookies:

Session Cookies: Temporary cookies that expire when you close your browser

Persistent Cookies: Remain on your device for a set period or until you delete them

First-Party Cookies: Set by the website you're visiting

Third-Party Cookies: Set by a different domain than the website you're visiting (e.g., advertising networks)

9.2 How We Use Cookies

Cookie Consent:

Essential Cookies (Strictly Necessary):

These cookies are necessary for Our Site to function. They cannot be switched off.

Purpose:

• Enable basic site functionality
• Remember your cookie preferences
• Secure login and authentication
• Support site security and fraud prevention

Example cookies:

• Session ID cookies
• Security tokens
• Cookie consent preferences

Legal basis: Strictly necessary for site operation (no consent required under PECR)

Performance and Analytics Cookies:

These cookies collect information about how you use Our Site to help us improve it.

Purpose:

• Understand how visitors use Our Site
• Identify popular content and pages
• Detect and diagnose technical problems
• Measure advertising effectiveness
• Conduct A/B testing

Services we use:

• Google Analytics: Tracks website usage and generates reports
  • Cookies: _ga, _gid, _gat
  • Retention: 2 years (_ga), 24 hours (_gid), 1 minute (_gat)
  • More info: https://policies.google.com/privacy

Legal basis: Consent (required under PECR)

Functionality Cookies:

These cookies allow Our Site to remember choices you make and provide enhanced features.

Purpose:

• Remember your preferences (language, region)
• Customize content based on your interests
• Provide interactive features
• Remember login details (if you choose)

Legal basis: Consent (required under PECR)

Advertising and Targeting Cookies:

These cookies track your browsing habits to show you relevant advertisements and measure campaign effectiveness.

Purpose:

• Deliver targeted advertising
• Track ad performance and conversions
• Build audience profiles
• Enable remarketing (showing ads to previous visitors)
• Measure return on advertising spend

Services we use:

• Google Ads: Conversion tracking and remarketing
  • Cookies: _gcl_*, test_cookie, various DoubleClick cookies
  • Facebook Pixel: Conversion tracking and custom audiences
  • Cookies: _fbp, fr
  • LinkedIn Insight Tag: Conversion tracking and matched audiences
  • Cookies: li_sugr, UserMatchHistory, bcookie
  • Other advertising networks: As appropriate for our campaigns

  Legal basis: Consent (required under PECR)

  9.3 Managing Your Cookie Preferences

  Browser Settings:

  You can control cookies through your browser settings:

  Google Chrome:

  Settings > Privacy and Security > Cookies and other site data

  Mozilla Firefox:

  Options > Privacy & Security > Cookies and Site Data

  Safari:

  Preferences > Privacy > Cookies and website data

  Microsoft Edge:

  Settings > Privacy, search and services > Cookies and site data

  Disabling Cookies:

  You can set your browser to:

  • Block all cookies
  • Block third-party cookies only
  • Delete cookies when you close your browser
  • Notify you before cookies are set

  Impact of Disabling Cookies:

  Please note that disabling cookies may:

  • Prevent some features of Our Site from working properly
  • Affect your user experience
  • Require you to re-enter information
  • Prevent us from remembering your preferences

  Essential cookies cannot be disabled as they're necessary for Our Site to function.

  Opt-Out Tools:

  Google Analytics Opt-Out:

  Install the Google Analytics Opt-out Browser Add-on: https://tools.google.com/dlpage/gaoptout

  Advertising Opt-Outs:

  • Your Online Choices (EU): https://www.youronlinechoices.com
  • Network Advertising Initiative: https://optout.networkadvertising.org
  • Digital Advertising Alliance: https://www.aboutads.info/choices

  Platform-Specific Opt-Outs:

  • Facebook: Ad Preferences in your Facebook settings
  • Google: Ad Settings at https://adssettings.google.com
  • LinkedIn: Ad Preferences in your LinkedIn account settings

  9.4 Third-Party Cookies

  What They Are:

  Third-party cookies are set by domains other than Our Site, typically by:

  • Analytics providers (Google Analytics)
  • Advertising networks (Google Ads, Facebook)
  • Social media platforms (for social sharing buttons)
  • Content delivery networks
  • Video hosting platforms (YouTube, Vimeo)

  Our Control:

  We have limited control over third-party cookies. They're governed by the privacy policies of the third parties setting them.

  Your Control:

  You can manage third-party cookies through:

  • Your browser settings (block all third-party cookies)
  • Platform-specific opt-outs (see above)
  • Our cookie consent tool

  9.5 Similar Technologies

  Local Storage:

  We may use HTML5 local storage or other browser storage technologies to store preferences and support site functionality. You can clear local storage through your browser settings.

  Web Beacons (Tracking Pixels):

  Small invisible images embedded in emails or web pages that tell us:

  • Whether you've opened an email
  • Whether you've viewed a particular web page
  • When and from what IP address you accessed content

  Used for: Email campaign analytics, conversion tracking, site analytics

  Fingerprinting:

  We do not use device or browser fingerprinting techniques.

  9.6 Social Media Features

  Social Sharing Buttons:

  Our Site includes social media features such as:

  • Facebook Like button
  • Twitter Share button
  • LinkedIn Share button

  How They Work:

  • These features may set cookies
  • They collect your IP address and which page you're visiting
  • They may collect information even if you don't click the button (if you're logged into the social platform)

  Privacy:

  These features are hosted either on Our Site or directly by the social media platforms. Your interactions are governed by the privacy policies of those platforms:

  • Facebook: https://www.facebook.com/privacy
  • Twitter: https://twitter.com/privacy
  • LinkedIn: https://www.linkedin.com/legal/privacy-policy

  9.7 Email Tracking

  Marketing Email Tracking:

  Our marketing emails may include tracking technologies that tell us:

  • Whether you opened the email
  • Which links you clicked
  • Your device and email client
  • Approximate location (country/city)

  Purpose:

  • Measure campaign effectiveness
  • Understand subscriber engagement
  • Personalize future communications
  • Remove inactive subscribers

  Opting Out:

  • Unsubscribe from marketing emails (doesn't affect transactional emails)
  • Disable image loading in your email client (prevents open tracking)
  • Use email clients with tracking protection

  9.8 Do Not Track Signals

  Our Response to DNT:

  Currently, there is no industry consensus on responding to “Do Not Track” browser signals. Our Site does not respond to DNT signals. Instead, we:

  • Provide comprehensive cookie controls
  • Honor opt-out preferences set through our cookie tool
  • Respect advertising opt-outs through industry tools

  9.9 Updates to Cookie Practices

  We may update our use of cookies and similar technologies. When we make material changes:

  • We'll update this Privacy Policy
  • We may display a notice on Our Site
  • We may ask for renewed consent if required by law

  Last Cookie Policy Update: 27-03-2019

  ---

  10. Additional Information

  10.1 Changes to This Privacy Policy

  Regular Reviews:

  We review this Privacy Policy regularly to ensure it remains accurate and up-to-date with:

  • Changes in our data processing activities
  • New legal or regulatory requirements
  • Technological developments
  • Best practice guidance

  How We Notify You:

  When we update this Privacy Policy:

  • We update the “Last Updated” date at the top
  • Material changes are highlighted on Our Site
  • We may send email notifications to registered users or clients
  • For significant changes, we may require re-consent

  Your Continued Use:

  Your continued use of Our Site after changes are posted constitutes acceptance of the updated Privacy Policy.

  Accessing Previous Versions:

  If you need to reference a previous version of this Privacy Policy, contact us at [email protected].

  10.2 Links to Third-Party Websites

  External Links:

  Our Site contains links to third-party websites, resources, and services, including:

  • Industry publications and news sites
  • Partner websites
  • Social media platforms
  • Tool and resource providers
  • Client websites (in case studies or portfolio)

  Not Our Responsibility:

  We are not responsible for:

  • The privacy practices of third-party websites
  • The content of external sites
  • The security of third-party sites
  • How third parties collect, use, or share your data

  Your Due Diligence:

  Before providing personal information to any third-party website:

  • Review their privacy policy
  • Understand their data practices
  • Verify the site's legitimacy and security
  • Use caution with sensitive information

  No Endorsement:

  Links to third-party sites do not constitute endorsement of those sites or their privacy practices.

  10.3 Social Media

  Our Social Media Presence:

  We maintain profiles on social media platforms such as:

  • LinkedIn
  • Facebook
  • Twitter/X
  • Instagram
  • YouTube

  Platform Privacy Policies Apply:

  When you interact with us on social media:

  • The platform's privacy policy governs their data collection and use
  • We have limited control over data collected by the platform
  • Platforms may collect data about your interactions even if you don't follow us

  What We See:

  Through social media platforms, we may see:

  • Your profile information (to the extent you've made it public)
  • Your interactions with our content (likes, shares, comments)
  • Aggregated analytics about our audience

  What We Do:

  • We respond to messages and comments
  • We may use social media management tools (which have access to public interactions)
  • We don't use social media data for purposes beyond social media engagement

  Your Privacy on Social Media:

  To protect your privacy on social media:

  • Review and adjust your privacy settings on each platform
  • Be cautious about what you share publicly
  • Read platform privacy policies
  • Consider what information you include in interactions with businesses

  10.4 Security Incidents and Data Breaches

  Our Commitment:

  Despite our robust security measures, no system is completely immune to security incidents. If a data breach occurs that affects your personal data, we are committed to:

  Prompt Assessment:

  • Quickly determine the nature and scope of the breach
  • Assess the risk to individuals' rights and freedoms
  • Identify affected individuals and data types

  Regulatory Notification:

  • Report to the ICO within 72 hours (if required by UK GDPR)
  • Provide information about the breach, its likely consequences, and mitigation measures

  Individual Notification:

  • Notify affected individuals without undue delay if the breach poses high risk
  • Provide clear information about:
    • What happened
    • What data was affected
    • Likely consequences
    • Steps we're taking
    • Steps you should take to protect yourself
    • How to contact us for more information

  Remediation:

  • Take immediate steps to contain and mitigate the breach
  • Investigate root causes
  • Implement additional safeguards to prevent recurrence
  • Provide support to affected individuals

  Your Role:

  If you become aware of any actual or suspected security incident or unauthorized access:

  • Notify us immediately at [email protected]
  • Change any compromised passwords
  • Monitor your accounts for suspicious activity
  • Follow our guidance for protecting yourself

  10.5 Data Protection Impact Assessments

  When We Conduct DPIAs:

  For new processing activities that are likely to result in high risk to individuals' rights and freedoms, we conduct Data Protection Impact Assessments (DPIAs). This includes:

  • Using new technologies
  • Large-scale processing of sensitive data
  • Systematic monitoring
  • Automated decision-making with significant effects
  • Processing vulnerable individuals' data

  DPIA Process:

  • Describe the processing activity and its purposes
  • Assess necessity and proportionality
  • Identify and assess risks to individuals
  • Identify measures to mitigate risks
  • Consult our Data Protection Officer
  • Document findings and decisions

  If a DPIA indicates high risk that cannot be sufficiently mitigated, we consult with the ICO before proceeding.

  10.6 Your California Privacy Rights (If Applicable)

  CCPA Disclosures:

  While we're a UK company, if we have California residents' data, we comply with the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA).

  California Resident Rights:

  • Right to Know: What personal information we collect, use, disclose, and sell
  • Right to Delete: Request deletion of personal information
  • Right to Opt-Out: Opt out of “sale” or “sharing” of personal information
  • Right to Correct: Correct inaccurate personal information
  • Right to Limit Use: Limit use and disclosure of sensitive personal information
  • Right to Non-Discrimination: Not be discriminated against for exercising rights

  Our Practices:

  • We do not “sell” personal information as defined by CCPA
  • We do not “share” personal information for cross-context behavioral advertising without consent
  • We do not knowingly sell or share personal information of minors under 16

  Exercising California Rights:

  California residents can exercise their rights by contacting us at [email protected] with subject “California Privacy Rights Request.”

  Authorized Agents:

  California residents may designate an authorized agent to make requests on their behalf. We require:

  • Written authorization from the consumer
  • Verification of the agent's identity and authority

  10.7 Contact Information for Privacy Questions

  General Privacy Enquiries:

  Email: [email protected]
  Subject: “Privacy Enquiry”

  Data Protection Officer:

  Email: [email protected]
  Subject: “For the Attention of the Data Protection Officer”
  Post: Data Protection Officer, Delta Internet Limited, 9 Fairburn Close, Borehamwood, Hertfordshire, WD6 5EZ, United Kingdom

  Exercising Your Rights:

  Email: [email protected]
  Subject: “[Type of Request] - [Your Name]”

  Security Incidents:

  Email: [email protected]
  Subject: “Security Incident Report - URGENT”

  Telephone:

  44-175-396-3005 (Monday-Friday, 9:00 AM - 5:30 PM GMT)

  We Aim to Respond Within:

  • General enquiries: 2-3 business days
  • Rights requests: 30 days (as required by law)
  • Security incidents: Immediately

  ---

  11. Summary of Key Points

  What Data We Collect:

  Contact details, website usage data, service-related information, payment details, communications

  Why We Collect It:

  To provide services, improve our website, communicate with you, comply with legal obligations

  Legal Bases:

  Consent, contract, legitimate interests, legal obligations

  Who We Share With:

  Service providers (with Data Processing Agreements), legal authorities (when required), with your consent

  Your Rights:

  Access, rectification, erasure, restriction, portability, object, complain to ICO

  How Long We Keep It:

  Varies by data type; typically 3-7 years, or as required by law

  International Transfers:

  We use appropriate safeguards (Standard Contractual Clauses) for transfers outside UK/EEA

  Cookies:

  We use essential, analytics, functionality, and advertising cookies. You control non-essential cookies.

  Security:

  Comprehensive technical and organizational measures to protect your data

  Contact Us:

  [email protected] for all privacy-related questions and requests

  ---

  Document Information

  Company Information:

  Delta Internet Limited
  Company Registration Number: 11734615
  Registered Office: 9 Fairburn Close, Borehamwood, Hertfordshire, WD6 5EZ, United Kingdom
  Email: [email protected]
  Telephone: 44-175-396-3005
  Website: deltainternetltd.com

  ---

  © Delta Internet Limited, 2025. All rights reserved.

  This Privacy Policy is protected by copyright. Unauthorized reproduction or distribution is prohibited.

  Thank you for trusting us with your personal information.