Privacy Policy

1. Introduction

Northrule Ltd ("we," "our," or "us") is committed to protecting your privacy and personal data. This Privacy Policy explains how we collect, use, store, and protect your information when you use our website or services.

We are the data controller for the personal data we process about you. This Privacy Policy complies with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

2. Company Information

Data Controller: Northrule Ltd
Registered in: England and Wales

3. Information We Collect

3.1 Information You Provide Directly

When you contact us or use our services, we may collect:

  • Contact Information: Name, email address, phone number, business name, postal address
  • Business Information: Industry, company size, website URL, current marketing challenges
  • Communication Records: Messages, emails, phone call notes, meeting records
  • Service Requirements: Project specifications, goals, preferences, and feedback
  • Payment Information: Billing address, payment method details (processed securely through third-party payment providers)

3.2 Information Collected Automatically

When you visit our website, we may automatically collect:

  • Technical Information: IP address, browser type and version, operating system, device information
  • Usage Data: Pages visited, time spent on pages, click patterns, referral sources
  • Analytics Data: Website performance metrics, user behaviour patterns (via Google Analytics and similar tools)
  • Cookie Data: Information stored through cookies and similar tracking technologies

3.3 Information from Third Parties

We may receive information about you from:

  • Professional Networks: LinkedIn and other business platforms
  • Referral Sources: Other clients or business partners who recommend our services
  • Public Sources: Publicly available business information and directories
  • Analytics Providers: Google Analytics, social media insights, advertising platforms

4. How We Use Your Information

We process your personal data for the following purposes:

4.1 Service Provision (Legal Basis: Contract Performance)

  • Delivering website design, SEO, digital marketing, and related services
  • Managing projects and client relationships
  • Providing customer support and technical assistance
  • Processing payments and managing invoicing

4.2 Communication (Legal Basis: Contract Performance and Legitimate Interest)

  • Responding to enquiries and service requests
  • Sending project updates and service notifications
  • Providing technical support and guidance
  • Managing client feedback and testimonials

4.3 Marketing (Legal Basis: Consent and Legitimate Interest)

  • Sending marketing emails about our services (with your consent)
  • Creating case studies and testimonials (with your permission)
  • Improving our services based on client feedback
  • Developing relevant content and resources

4.4 Website Improvement (Legal Basis: Legitimate Interest)

  • Analysing website usage to improve user experience
  • Identifying technical issues and security threats
  • Optimising website performance and functionality
  • Understanding visitor preferences and behaviour

4.5 Legal Compliance (Legal Basis: Legal Obligation)

  • Maintaining business records as required by law
  • Complying with tax and accounting requirements
  • Responding to legal requests and regulatory requirements

5. Cookies and Tracking Technologies

5.1 Types of Cookies We Use

  • Essential Cookies: Necessary for website functionality and security
  • Analytics Cookies: Google Analytics to understand website usage (anonymised data)
  • Performance Cookies: Monitor website performance and identify technical issues
  • Marketing Cookies: Track marketing campaign effectiveness (with your consent)

5.2 Cookie Control

You can control cookies through your browser settings. However, disabling certain cookies may affect website functionality. We use Google Analytics with anonymised IP addresses to respect your privacy.

5.3 Third-Party Cookies

Our website may include content from third parties (Google Maps, social media widgets) that may set their own cookies. These are governed by the respective third parties' privacy policies.

6. How We Share Your Information

We do not sell your personal data. We may share your information in the following circumstances:

6.1 Service Providers

We work with trusted third-party providers who help us deliver our services:

  • Hosting Providers: For website hosting and data storage
  • Email Services: For client communication and marketing (with appropriate safeguards)
  • Analytics Providers: Google Analytics (with data anonymisation)
  • Payment Processors: Secure payment handling (they do not store your payment details beyond transaction processing)
  • Project Management Tools: For managing client projects and communications

6.2 Legal Requirements

We may disclose your information if required by law, court order, or to protect our legal rights and interests.

6.3 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred to the new entity (with appropriate privacy protections).

6.4 Consent-Based Sharing

We may share your information for other purposes with your explicit consent, such as featuring your testimonial on our website.

7. Data Security

We implement appropriate technical and organisational measures to protect your personal data:

  • Encryption: Data transmission and storage encryption
  • Access Controls: Limited access to personal data on a need-to-know basis
  • Regular Backups: Secure data backup procedures
  • Security Updates: Regular software and security updates
  • Staff Training: Privacy and security training for all team members
  • Third-Party Security: We ensure our service providers maintain appropriate security standards

8. Data Retention

We retain your personal data only as long as necessary for the purposes outlined in this policy:

  • Client Data: Retained for the duration of our business relationship plus 7 years for accounting and legal requirements
  • Marketing Data: Retained until you withdraw consent or we determine it's no longer relevant
  • Website Analytics: Anonymised data may be retained indefinitely for business insights
  • Communication Records: Retained for 3 years after last contact for customer service purposes

9. Your Rights

Under UK data protection law, you have the following rights:

9.1 Right of Access

You can request a copy of the personal data we hold about you.

9.2 Right to Rectification

You can ask us to correct inaccurate or incomplete personal data.

9.3 Right to Erasure ("Right to be Forgotten")

You can request deletion of your personal data in certain circumstances.

9.4 Right to Restrict Processing

You can ask us to limit how we use your personal data in certain situations.

9.5 Right to Data Portability

You can request your personal data in a portable format to transfer to another service provider.

9.6 Right to Object

You can object to processing based on legitimate interests or for marketing purposes.

9.7 Rights Related to Automated Decision-Making

We do not use automated decision-making or profiling that significantly affects you.

9.8 How to Exercise Your Rights

To exercise any of these rights, please contact us using the details provided in Section 12. We will respond within one month of receiving your request.

10. Marketing Communications

10.1 Email Marketing

We may send you marketing emails about our services if:

  • You have given us consent, or
  • You are an existing client and the marketing relates to similar services (with an easy opt-out option)

10.2 Opting Out

You can unsubscribe from marketing emails at any time by:

  • Clicking the unsubscribe link in any email
  • Contacting us directly
  • Updating your preferences if you have an account with us

11. International Transfers

We primarily process data within the UK. If we need to transfer your data outside the UK, we will:

  • Ensure adequate protection through appropriate safeguards
  • Obtain your consent where required
  • Use approved transfer mechanisms such as adequacy decisions or standard contractual clauses

12. Children's Privacy

Our services are not intended for individuals under 16 years of age. We do not knowingly collect personal data from children under 16. If we become aware that we have collected such data, we will delete it promptly.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will:

  • Post the updated policy on our website
  • Notify you of significant changes via email if you are a client
  • Update the "Last Updated" date at the top of this policy

14. Complaints

If you have concerns about how we handle your personal data, you can:

  1. Contact us directly using the details below
  2. File a complaint with the Information Commissioner's Office (ICO):
    • Website: ico.org.uk
    • Phone: 0303 123 1113
    • Post: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF

15. Contact Us

For any questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact us.

We aim to respond to all privacy-related enquiries within 5 working days.

© 2025 Northrule Ltd. All rights reserved.