Privacy Policies

Last updated: June 2026


1. Introduction


We are committed to protecting your personal data and respecting your privacy. This Privacy Policy explains how we collect, use, store, and share your personal information when you interact with us, whether through our website, services, or any other means of communication.

This policy is governed by the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. Please read it carefully.


2. Who We Are


We are eBiscuits Limited, a digital marketing company registered in England and Wales (Company No. 07648734), with our registered address at 75 Maygrove Road, London, NW6 2EG.

For the purposes of data protection law, we are the data controller of your personal information.

If you have any questions about this policy or how we handle your data, please contact our Data Protection Officer (or designated privacy lead) at:

Email: henry@ebiscuits.co.uk Post: eBiscuits Limited, 35 Eastwood Road, Bramley, GU5 0DY


3. What Personal Data We Collect


Depending on how you interact with us, we may collect the following categories of personal data:

Identity & Contact Data

  • Full name, job title, and company name
  • Email address, telephone number, and postal address

Technical Data

  • IP address, browser type and version, time zone, browser plug-in types
  • Device information and operating system
  • Pages visited, traffic sources, and clickstream data

Usage & Behavioural Data

  • How you use our website and services
  • Campaign interaction data (email opens, clicks, conversions)
  • Cookie and tracking pixel data (see our Cookie Policy)

Marketing & Communications Data

  • Your preferences for receiving marketing from us
  • Records of your consent

Financial Data

  • Billing information, bank account or payment card details (processed securely through our payment providers)

Client Campaign Data

  • Data provided to us by clients in order to carry out marketing services on their behalf (in which case we act as a data processor)


4. How We Collect Your Personal Data


We collect data through the following means:

  • Direct interactions — when you fill in a form, contact us, sign a contract, or subscribe to our services
  • Automated technologies — cookies, server logs, web beacons, and similar technologies when you visit our website
  • Third parties — advertising platforms (e.g. Google Ads, Meta), CRM tools, analytics providers, and publicly available sources such as LinkedIn
  • Client instructions — data provided by clients for the purpose of running marketing campaigns on their behalf


5. How We Use Your Personal Data


We will only use your personal data where we have a lawful basis to do so. The purposes and corresponding legal bases are:

PurposeLawful BasisTo provide our services and fulfil contractsPerformance of a contractTo manage client relationships and billingPerformance of a contract / Legal obligationTo send service communications and updatesLegitimate interests / ContractTo send marketing communications (where opted in)ConsentTo analyse website usage and improve our servicesLegitimate interestsTo comply with legal and regulatory obligationsLegal obligationTo prevent fraud and ensure securityLegitimate interests / Legal obligation

Where we rely on legitimate interests, we have assessed that our interests are not overridden by your rights and freedoms. You have the right to object to this processing (see Section 9).


6. Cookies and Tracking Technologies


We use cookies and similar tracking technologies on our website. These may include analytics cookies (e.g. Google Analytics), advertising cookies, and functional cookies.

You will be asked for your consent to non-essential cookies when you first visit our site. You may withdraw or manage your cookie preferences at any time via our Cookie Settings link in the footer.



7. Who We Share Your Data With


We do not sell your personal data. We may share it with:

  • Service providers and sub-processors — including cloud hosting providers, email platforms, analytics tools, CRM software, and payment processors, all of whom are contractually bound to handle data securely
  • Advertising platforms — such as Google, Meta, LinkedIn, and others, in connection with campaign delivery (subject to their own privacy policies)
  • Professional advisers — solicitors, accountants, and auditors under duties of confidentiality
  • Regulatory and law enforcement authorities — where required by law or to protect legal rights
  • Prospective buyers — in the event of a merger, acquisition, or sale of our business, subject to appropriate confidentiality obligations


8. International Data Transfers


Where we transfer your personal data outside the UK, we ensure that appropriate safeguards are in place in accordance with UK GDPR, such as:

  • Transfers to countries with an adequacy decision from the UK Government
  • Use of the International Data Transfer Agreement (IDTA) or equivalent standard contractual clauses
  • Transfers to processors that participate in a recognised compliance framework


9. Your Rights


Under UK GDPR, you have the following rights in relation to your personal data:

  • Right of access — to request a copy of the data we hold about you
  • Right to rectification — to request correction of inaccurate or incomplete data
  • Right to erasure — to request deletion of your data in certain circumstances
  • Right to restrict processing — to ask us to pause processing in certain circumstances
  • Right to data portability — to receive your data in a structured, commonly used format
  • Right to object — to object to processing based on legitimate interests or for direct marketing purposes
  • Rights related to automated decision-making — not to be subject to solely automated decisions that significantly affect you

To exercise any of these rights, please contact us at privacy@[yourcompany].co.uk. We will respond within one calendar month. There is no fee for making a request, though we may charge a reasonable fee or refuse requests that are manifestly unfounded or excessive.


10. Marketing Communications


We will only send you direct marketing communications where you have given your consent, or where we have a legitimate interest to do so (e.g. existing clients being informed of similar services).

You may opt out of marketing communications at any time by:

  • Clicking the unsubscribe link in any email we send
  • Emailing us at henry@ebscuits.co.uk


11. Data Retention


We retain personal data only for as long as is necessary for the purposes outlined in this policy, or as required by law. Our standard retention periods are:

  • Client and contract records — 7 years from the end of the contract (for legal and tax purposes)
  • Marketing contact records — until consent is withdrawn or for 2 years following last engagement
  • Website analytics data — up to 26 months
  • Job applicant data — 6 months from the conclusion of a recruitment process (unless the applicant is hired)


12. Data Security


We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, accidental loss, destruction, or damage. These include encryption, access controls, regular security assessments, and staff training.

In the event of a data breach that is likely to result in a risk to your rights and freedoms, we will notify the Information Commissioner's Office (ICO) within 72 hours and inform affected individuals without undue delay.


13. Children's Data


Our services are not directed at individuals under the age of 13, and we do not knowingly collect personal data from children. If you believe we have inadvertently collected data from a child, please contact us immediately.


14. Complaints


If you are unhappy with how we have handled your personal data, please contact us in the first instance at henry@ebiscuits.co.uk.

You also have the right to lodge a complaint with the Information Commissioner's Office (ICO):

Website: www.ico.org.uk Telephone: 0303 123 1113 Post: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF


15. Changes to This Policy


We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will notify you of material changes by posting the updated policy on our website with a revised "last updated" date. Where required by law, we will seek your consent to material changes.



This Privacy Policy was last reviewed in June 2026.

eBiscuits Privacy Policies.