Privacy Policy

Who we are

South32 Global Ltd is a digital marketing agency registered in England and Wales under Company Number 14668758. Our registered office is located in London, United Kingdom.

For the purposes of applicable data protection legislation, South32 Global Ltd is the data controller. This means we determine the purposes and means of processing your personal data when you interact with our website, services, and communications.

Data we collect

We may collect and process the following categories of personal data, depending on how you interact with us.

2.1 Information you provide directly

• Full name, email address, telephone number, and company name when you submit a contact form or enquiry.
• Correspondence records when you communicate with us by email, telephone, or through our website.
• Billing and invoicing details if you become a client, including business address and payment references.
• CVs, cover letters, and professional history submitted through our careers page.

2.2 Information collected automatically

• Technical data such as your IP address, browser type and version, operating system, and device information.
• Usage data including pages visited, time spent on pages, click patterns, referring URLs, and navigation paths.
• Cookie identifiers and similar tracking technologies (see Section 5 below).

2.3 Information from third parties

We may receive data from analytics providers, advertising networks, and publicly available sources such as Companies House or LinkedIn. This data is used solely for business development and service delivery.

How we use your data

We process personal data only for specified, explicit, and legitimate purposes. These include the following.

• Service delivery. To provide, manage, and improve the digital marketing services you have engaged us for.
• Communication. To respond to enquiries, provide project updates, and send relevant information you have requested.
• Marketing. To send newsletters, industry insights, and promotional content where you have given consent or where we have a legitimate interest (with an option to opt out at any time).
• Website improvement. To analyse how visitors use our site so we can improve user experience, content, and functionality.
• Legal compliance. To meet our obligations under applicable laws, regulations, and professional standards.
• Recruitment. To assess and process job applications submitted through our careers page.
• Security. To detect and prevent fraud, unauthorised access, and other security incidents.

Legal basis for processing

Under the UK GDPR, we must have a lawful basis for processing your personal data. We rely on the following grounds, depending on the context.

4.1 Consent (Article 6(1)(a))

Where you have given clear, affirmative consent for us to process your data for a specific purpose. For example, when you subscribe to our newsletter or accept non-essential cookies. You can withdraw consent at any time.

4.2 Contractual necessity (Article 6(1)(b))

Where processing is necessary to perform a contract with you, or to take pre-contractual steps at your request. This applies when we deliver services you have engaged us to provide.

4.3 Legitimate interests (Article 6(1)(f))

Where processing is necessary for our legitimate business interests, provided those interests are not overridden by your rights and freedoms. Examples include improving our services, marketing to existing clients, and maintaining the security of our systems. We conduct a balancing test for each use case.

4.4 Legal obligation (Article 6(1)(c))

Where processing is necessary to comply with a legal obligation, such as tax reporting, regulatory requirements, or responding to lawful requests from public authorities.

Cookies and similar technologies

Our website uses cookies and similar tracking technologies to distinguish you from other users. This helps us provide a good browsing experience and allows us to improve our site.

5.1 Essential cookies

These are required for the website to function properly. They enable core features such as page navigation, access to secure areas, and form submissions. You cannot opt out of these cookies.

5.2 Analytics cookies

We use analytics tools (including Google Analytics) to understand how visitors interact with our website. These cookies collect information in an aggregated, anonymised form. Data collected includes pages visited, session duration, and traffic sources.

5.3 Marketing cookies

These cookies track your activity across websites to deliver targeted advertising and measure campaign effectiveness. They are placed by third-party advertising platforms and are only set with your explicit consent.

5.4 Managing cookies

You can manage your cookie preferences at any time through your browser settings. Please note that disabling certain cookies may affect the functionality of our website. For more detailed information, please see our dedicated Cookie Policy.

Our use of cookies complies with the Privacy and Electronic Communications Regulations 2003 (PECR) as well as the UK GDPR.

Third parties and data sharing

We do not sell your personal data to third parties. We may share your information in the following limited circumstances.

6.1 Service providers

We work with carefully selected third-party providers who process data on our behalf. These include hosting providers, email delivery services, analytics platforms, CRM systems, and payment processors. Each provider is bound by a data processing agreement and is required to process data only on our instructions.

6.2 Advertising and analytics partners

Where you have consented, we may share data with advertising platforms (such as Google Ads and Meta) and analytics providers to deliver and measure the effectiveness of marketing campaigns.

6.3 Professional advisers

We may share data with our accountants, lawyers, and auditors where necessary for them to provide professional services to us.

6.4 Legal requirements

We may disclose personal data where required by law, by a court order, or by a regulatory authority. We may also share data where necessary to protect our legal rights, enforce our terms of service, or ensure the safety of our users.

International data transfers

Some of our third-party service providers are based outside the United Kingdom. Where personal data is transferred outside the UK, we ensure appropriate safeguards are in place in accordance with UK GDPR requirements. These safeguards include:

• Transfers to countries with an adequacy decision issued by the UK Secretary of State.
• Standard Contractual Clauses (SCCs) approved by the Information Commissioner's Office (ICO).
• Other lawful transfer mechanisms recognised under UK data protection law.

You may contact us for further details on the specific safeguards applied to any international transfer of your data.

Data retention

We retain personal data only for as long as is necessary to fulfil the purposes for which it was collected, or as required by law. Our standard retention periods are as follows.

• Client data. Retained for the duration of the client relationship and for six years after the relationship ends, in line with HMRC requirements and limitation periods.
• Enquiry and contact form data. Retained for up to 24 months from the date of last interaction, unless the enquiry results in a client engagement.
• Newsletter subscribers. Retained until you unsubscribe or request deletion.
• Job applications. Retained for 12 months from the date of application. If your application is successful, your data becomes part of your personnel record.
• Website analytics data. Retained in anonymised or aggregated form for up to 26 months.
• Cookie data. Retained for the duration specified in our Cookie Policy, typically between 30 days and 13 months depending on the cookie.

When personal data is no longer required, we securely delete or anonymise it in accordance with our data retention procedures.

Your rights under UK GDPR

Under the UK General Data Protection Regulation, you have the following rights in relation to your personal data.

• Right of access. You can request a copy of the personal data we hold about you (commonly known as a Subject Access Request).
• Right to rectification. You can request that we correct any inaccurate or incomplete personal data.
• Right to erasure. You can request that we delete your personal data where there is no compelling reason for continued processing.
• Right to restrict processing. You can request that we limit how we process your data in certain circumstances.
• Right to data portability. You can request that we transfer your data to another organisation, or directly to you, in a structured, commonly used, machine-readable format.
• Right to object. You can object to processing based on legitimate interests or direct marketing at any time.
• Right to withdraw consent. Where processing is based on consent, you may withdraw that consent at any time without affecting the lawfulness of processing carried out before withdrawal.
• Rights related to automated decision-making. You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects or similarly significantly affects you.

To exercise any of these rights, please contact us using the details provided in Section 12 below. We will respond to your request within one month. In exceptional circumstances, we may extend this period by a further two months, in which case we will notify you and explain the reason.

There is no fee for making a request, unless the request is manifestly unfounded or excessive. In such cases, we may charge a reasonable administrative fee or refuse the request.

Children's privacy

Our services are not directed at individuals under the age of 18. We do not knowingly collect personal data from children. If we become aware that we have inadvertently collected data from a child, we will take steps to delete it as soon as reasonably practicable.

Changes to this policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or regulatory guidance. Any material changes will be communicated by posting a revised version on this page with an updated "Last updated" date.

We encourage you to review this page periodically. Continued use of our website and services after any changes constitutes acceptance of the revised policy.

Contact and complaints

If you have any questions about this Privacy Policy, wish to exercise your data protection rights, or have concerns about how we handle your personal data, please contact us.

If you are not satisfied with our response, or believe we are processing your personal data in a way that is not lawful, you have the right to lodge a complaint with the Information Commissioner's Office (ICO).

We would appreciate the opportunity to address your concerns before you approach the ICO, so please contact us in the first instance.