top of page

Privacy Policy

Your Privacy
We collect personal data when you use this website. Some personal data is provided directly by users; some is collected automatically.
Data we collect may include:

  • Usage data

  • Email address

  • First name

  • Last name

  • Phone number

  • Company name

  • IP address

We use this data to:

  • Improve our website by analysing user behaviour

  • Contact users who have asked us to do so

  • Interact with users on external social networks and platforms

  • If we collect any other data, we will explain this at the point of collection. Clientbase Media is not responsible for any third-party data submitted by users.

How and Where Your Data Is Stored
At Clientbase Media, we process and store your data in accordance with the UK GDPR and take reasonable security measures to prevent unauthorised access.
Your data will be stored on our data processors’ secure servers. Authorised employees may access your data from outside the UK/EEA where necessary.


Keeping Your Data Safe
The internet is not entirely free from security risks. While we take security seriously and train our team to protect user data, we cannot guarantee absolute security. Any data sent to us is at the user’s own risk.
Payments made through this website (if applicable) are encrypted.


Your Data and Public Authorities
We may be legally required to disclose personal data to public authorities.


Your Rights
You have the right to:

  • Request access to the personal data we hold about you

  • Request correction or deletion of your personal data

  • Object to or restrict certain processing

  • Withdraw consent where consent is the basis for processing

To exercise your rights, contact info@clientbasemedia.co.uk. We will respond within one month.


Links to Other Websites
This privacy policy applies only to this website. Third-party websites we link to have their own privacy policies. If you arrive at our site via a third-party link, that third party may share limited information with us subject to their policy.


Changes to This Privacy Policy
We may update this policy from time to time. Changes will appear on this page. Your continued use of the website after changes are posted indicates acceptance of the updated policy.


GDPR Data and Information Policy
We are transparent about how we hold and use data.
Information We Hold Client Information -
Information enabling us to deliver marketing services, which may include:

  • Names, phone numbers, email addresses, business address (or home address if working from home)

  • Website logins (where supplied)

  • Social media logins (where supplied)

  • Domain and hosting logins (where supplied)

  • Advertising account logins (where supplied)

  • Analytics logins (where supplied)

This information is typically gathered via an onboarding questionnaire at the start of a campaign. The questionnaire is stored in Google Drive (spreadsheets and documents) and accessible to relevant campaign staff.


Elements may also be stored in our CRM, accounting software, project management software, and internal communications tools (for example: Keap/Infusionsoft, Xero, Teamwork/Asana, Slack, Gmail, Google Drive). Each provider’s data-processing terms are available on their websites.


Leads and Contacts
If you request a marketing review, sign up for resources or updates, subscribe to our training emails, or enquire about our services, we may retain some or all of the following:

  • Name

  • Address (if provided)

  • Email address

  • Phone number (if provided)

  • Business information (e.g., sector, size, goals)

How we collect this information:

  • Website forms (e.g., marketing review questionnaires, resource sign-ups, newsletter/training subscriptions)

  • Direct enquiries by email or phone

Lead information is shared internally with staff responsible for sales, marketing, and accounting.

 

Data Consent and Legal Bases
We make clear on our forms how submitted data will be used and that consent can be withdrawn at any time.

  • Clients: The primary legal basis for processing is Contract.

  • Leads/Contacts: The legal basis is Consent and/or Legitimate Interest, depending on context.

Data and Privacy Notice
We store information you submit in our email and CRM systems so we can send relevant information, training, or service updates.


You can withdraw consent at any time by using the unsubscribe link in our emails. To request erasure of your data, reply to any email or contact info@clientbasemedia.co.uk. We will process your request within one month.


Data Policy
Clientbase Media only collects information necessary to deliver the services requested. This information is accessible to the campaign team and other staff who need it for accounting, administration, or service delivery.


We also collect information from contacts and leads to provide relevant training, marketing advice, and sales recommendations. This information is available to staff across the company where necessary.


Individuals can request details of the information we hold about them and can request deletion at any time.
All client, lead, or contact information is held only in designated cloud applications (e.g., Google Drive, CRM, Gmail, Slack, project management software). Information must not be stored locally on personal devices outside these controlled systems. Staff receive training on this requirement.


Risks and Impact Assessment
Risk: Staff computer or account compromised; contact information accessed
Impact: Client data leaked; potential unauthorised access to websites or personal data
Mitigation: Data stored in cloud services with strong access controls; multi-factor authentication where available; staff follow password hygiene and change passwords regularly.

 

  • Risk: Staff member leaves and retains access to data

  • Impact: Unauthorised disclosure or misuse of data

  • Mitigation: Offboarding processes promptly remove access to all systems.

Training
All staff are trained on:

  • Password and account security

  • Data handling and storage methods

  • Device security and acceptable use

Breach Notification
A personal data breach is any destruction, loss, alteration, unauthorised disclosure of, or access to personal data transmitted, stored, or otherwise processed.
If a staff member becomes aware of a breach, they must immediately notify their manager. Following notification, we will:

  1. Assess the impact of the breach

  2. Notify relevant parties and, where required, the ICO within the statutory timeframe

  3. Investigate the cause

  4. Remedy vulnerabilities and update processes to reduce future risk

Right of Access
If an individual requests access to their personal data, the request should be forwarded to our Data Protection Officer (or privacy lead). We will:

  • Confirm the data being processed

  • Provide access to relevant records stored in our systems

We respond to requests within one month.


Data Disposal
Individuals have the right to erasure. Upon a valid request, we will delete records held for that individual or company, including:

  • CRM records

  • Campaign documents and files

  • Internal communication records relating to the individual/company

Data Processor Contracts
We maintain written agreements with our data processors governing the processing of personal data.
Data Protection Impact Assessments (DPIAs)
We conduct DPIAs when introducing new software or processes that will store or process personal data. DPIAs describe processing operations, purposes, necessity, risks, and controls to reduce those risks.

Information Security Policy
All staff must follow these guidelines:

  • Do not store personal data on unmanaged personal devices

  • Use strong, unique passwords and change them regularly and whenever requested by management

  • Collect and retain only the data necessary to carry out the requested work

  • Immediately escalate any data access requests, erasure requests, suspected breaches, or related matters to the privacy lead

Contact for all privacy matters: info@clientbasemedia.co.uk

bottom of page