Privacy Policy
This policy was last reviewed and updated: 12 March 2026
1. Who we are
Clarus Digital Ltd (“we”, “us”, or “our”) is a UK-registered digital marketing and creative agency. We are the Data Controller for the personal data we collect and process.
Company registration number: 15417042
Registered address: 3rd Floor, 86–90 Paul Street, London, EC2A 4NE
Also trading from: Unit 7 Freedom Works, Hove Business Centre, Fonthill Road, Hove, BN3 6HA
Email: [email protected]
Phone: 01273 042470
Website: https://clarusdigital.co.uk
2. Legal framework
This Privacy Policy is governed by the following UK legislation:
- UK General Data Protection Regulation (UK GDPR)
- Data Protection Act 2018
- Data (Use and Access) Act 2025 — which received Royal Assent on 19 June 2025 and introduced updates including a new ‘recognised legitimate interest’ lawful basis and a mandatory data protection complaints process (required by June 2026)
- Privacy and Electronic Communications Regulations 2003 (PECR) — as amended by the Data (Use and Access) Act 2025
The Information Commissioner’s Office (ICO) is the UK’s independent supervisory authority for data protection. Further information is available at: https://ico.org.uk.
3. What personal data we collect
We may collect and process the following categories of personal data:
3.1 Data you provide directly
- Your name, job title, and organisation
- Contact details including email address, phone number, and postal address
- Information provided via our website contact forms or enquiry submissions
- Communications you send to us by email, letter, or telephone
- Payment and billing information (processed securely via our accountancy and payment providers)
- Any other information you voluntarily provide in the course of doing business with us
3.2 Data collected automatically
- IP addresses and browser/device information when you visit our website
- Pages visited, time on site, and referring URLs (via Google Analytics)
- Cookie data — please see our Cookie Policy at https://clarusdigital.co.uk/cookie-policy/ for full details
3.3 Data from third parties
- Contact information from publicly available sources or professional networking platforms where you have made your details available
- Referral information where a third party has introduced you to us with your knowledge
4. Our lawful basis for processing
Under the UK GDPR, we must have a lawful basis for processing your personal data. Depending on the context, we rely on the following:
- Contract — processing is necessary to perform a contract with you, or to take steps at your request before entering into one (e.g. delivering our services, sending invoices)
- Legitimate interests — processing is in our legitimate business interests and does not override your rights (e.g. responding to enquiries, improving our services, website analytics, direct marketing to existing clients)
- Legal obligation — processing is necessary to comply with a legal requirement (e.g. HMRC reporting, fraud prevention)
- Consent — where you have freely given, specific, and informed consent (e.g. subscribing to marketing communications or agreeing to non-essential cookies). You may withdraw consent at any time.
5. How we use your personal data
We collect and use your personal data only where it is necessary, fair, and lawful to do so. Specifically, we use it to:
- Provide and manage the services you have engaged us for
- Communicate with you about your account, projects, or enquiries
- Send invoices, process payments, and maintain our financial records
- Respond to your enquiries and provide customer support
- Send you relevant marketing communications about our services (existing clients, or where you have consented)
- Improve and develop our website, services, and internal processes
- Comply with our legal, regulatory, and contractual obligations
- Protect the security of our business and prevent fraud
If you do not wish us to use your data in these ways, it may mean we are unable to provide some or all of our services to you.
6. Who we share your data with
We do not sell your personal data. We may share it with the following categories of recipients, only to the extent necessary:
- Our team members and associates — employees and contracted freelancers who need access to deliver our services
- Technology and service providers — including cloud software providers, email platforms, project management tools, and website hosting providers. All are subject to data processing agreements
- Payment and accountancy providers — to process invoices and comply with financial regulations
- HMRC and regulatory authorities — where required by law
- Third-party advertising platforms — such as Google and Meta, where you have consented to relevant cookies or where we manage campaigns on behalf of clients
Where we share data with any third party not listed above, we will seek your prior consent unless the data is fully anonymised.
7. International data transfers
We process your personal data primarily in the UK. Some of our third-party technology providers (such as Google and cloud platform providers) may process data in countries outside the UK. Where this occurs, we ensure appropriate safeguards are in place in accordance with UK GDPR transfer requirements, such as the UK’s International Data Transfer Agreement (IDTA) or equivalent approved mechanisms.
For further information on international transfers, please contact us at [email protected].
8. How long we keep your data
We retain personal data only for as long as necessary for the purposes it was collected, or as required by law. Our general retention approach is:
- Client and contract data — retained for the duration of our business relationship and for up to 7 years afterwards, in line with HMRC requirements for financial records
- Enquiry and contact data — retained for up to 2 years from the date of last contact where no contract is formed
- Marketing data — retained until you withdraw consent or unsubscribe
- Website analytics data — retained in accordance with Google Analytics default settings (26 months), subject to cookie consent preferences
When data is no longer required, it is securely deleted or anonymised.
9. Your rights
Under the UK GDPR and Data Protection Act 2018, you have the following rights in relation to your personal data:
Right of access (Subject Access Request)
You have the right to request a copy of the personal data we hold about you. We will respond within one calendar month. We may ask you to verify your identity before releasing information.
Right to be informed
You have the right to receive clear, transparent information about how we collect and use your data. This Privacy Policy fulfils that obligation.
Right to rectification
If the personal data we hold about you is inaccurate or incomplete, you can ask us to correct it.
Right to erasure (‘right to be forgotten’)
You can request that we delete your personal data where there is no compelling reason for us to continue holding it. This right does not apply where we are required to retain data by law.
Right to restrict processing
You can ask us to suspend processing of your data in certain circumstances, for example while accuracy is being contested. We may still hold the data but will not process it.
Right to data portability
Where processing is based on consent or contract and carried out by automated means, you can request a copy of your data in a machine-readable format.
Right to object
You have the right to object to processing based on legitimate interests or for direct marketing purposes. We will stop processing unless we can demonstrate compelling legitimate grounds.
Rights related to automated decision-making
We do not currently make solely automated decisions about individuals that have legal or similarly significant effects. If this changes, we will update this policy and inform you accordingly.
To exercise any of your rights, please contact us at [email protected]. There is no charge for most requests. We reserve the right to charge a reasonable fee or decline requests that are manifestly unfounded or excessive.
10. How we protect your data
We take the security of your personal data seriously. Our measures include:
- Storing personal data on secure, access-controlled systems
- Using encrypted communication channels for sensitive information
- Limiting access to personal data to those who need it to do their job
- Requiring contractors and third-party processors to maintain appropriate security standards under written data processing agreements
- Regularly reviewing our security practices and updating them as needed
In the event of a personal data breach that is likely to result in a high risk to your rights and freedoms, we will notify you without undue delay. We also have a legal obligation to report certain breaches to the ICO within 72 hours of becoming aware of them.
11. Cookies
Our website uses cookies and similar technologies. Full details of the cookies we use, our lawful basis for doing so, and how to manage your preferences are set out in our Cookie Policy, which is available at: https://clarusdigital.co.uk/cookie-policy/.
12. Links to third-party websites
Our website may contain links to external websites, including social media platforms. We are not responsible for the privacy practices or content of those websites. We strongly encourage you to review the privacy policies of any third-party site you visit before providing your personal information.
13. Data protection complaints process
In line with the Data (Use and Access) Act 2025, we operate a formal data protection complaints process. If you have a concern about how we handle your personal data:
- Step 1: Contact us directly by email at [email protected], setting out the nature of your concern. We will acknowledge your complaint promptly and aim to respond within 30 calendar days.
- Step 2: If you are not satisfied with our response, you have the right to escalate your complaint to the Information Commissioner’s Office (ICO).
Information Commissioner’s Office (ICO) Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF Telephone: 0303 123 1113 Website: https://ico.org.uk/make-a-complaint/
14. ICO registration
Most organisations that process personal data are required to register with the ICO and pay an annual data protection fee (typically £52 per year for small organisations). You can verify our registration or check your own obligations at: https://ico.org.uk/for-organisations/data-protection-fee/.
15. Changes to this Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, the services we offer, or applicable law. Any updates will be published on our website at https://clarusdigital.co.uk/privacy-policy/ with a revised date at the top. Where changes are significant — particularly changes to where your data is processed or to the purposes for which we use it — we will contact you directly to let you know.
16. How to contact us
For any questions about this Privacy Policy, to exercise your rights, or to make a data protection complaint, please contact our Data Controller:
Clarus Digital Ltd 3rd Floor, 86–90 Paul Street London, EC2A 4NE
Email: [email protected]
Phone: 01273 042470
Website: https://clarusdigital.co.uk/contact-us/
Clarus Digital Ltd — Company Reg. 15417042 — https://clarusdigital.co.uk
This policy was prepared on 12 March 2026.