BrandFlowX Marketing Agency Website logo
Home About Us Services Contact Get Consultation

Privacy Policy

Your privacy is fundamental to our business. This policy explains how we collect, use, and protect your personal information when you visit our website or use our services.

Last updated:

Table of Contents

1 Introduction & Scope 2 Information We Collect 3 How We Use Your Information 4 Information Sharing & Disclosure 5 Your Rights & Choices
6 Data Security & Protection 7 Cookies & Tracking Technologies 8 Data Retention 9 International Data Transfers 10 Policy Updates & Contact

1 Introduction & Scope

BrandFlowX Marketing Agency Ltd ("we," "our," or "us") is committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website brandflowx.company or engage with our marketing services.

This policy applies to all information collected through our website, mobile applications, email communications, social media platforms, and offline interactions related to our business activities. By using our services or providing your information, you consent to the data practices described in this policy.

Our Commitment to You

We believe in transparency and want you to understand exactly how your data is used. We collect only the information necessary to provide you with exceptional marketing services, and we never sell your personal data to third parties for commercial purposes.

This policy complies with applicable privacy laws including the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and other relevant data protection regulations. If you have any questions about this policy or our data practices, please contact us using the information provided in the "Contact Information" section below.

2 Information We Collect

We collect information to provide better services to all our clients and website visitors. The types of information we collect include:

Personal Information

  • Name and contact details (email, phone, address)
  • Job title and company information
  • Professional credentials and certifications
  • Social media profiles and links

Technical Information

  • IP address and location data
  • Browser type and version
  • Device information and operating system
  • Pages visited and time spent on site

Business Information

When you engage our marketing services, we may collect additional information necessary for project planning and execution:

  • • Business objectives and target audience details
  • • Brand guidelines and existing marketing materials
  • • Budget information and project timelines
  • • Performance metrics and campaign results
  • • Feedback and communications related to our services

All information is collected directly from you when you:

Direct Communication

Service Use

Website Analytics

3 How We Use Your Information

We use the information we collect for legitimate business purposes that benefit our clients and improve our services. Our primary uses include:

Service Delivery & Support

We use your information to deliver marketing services, communicate about projects, and provide ongoing support. This includes managing client accounts, processing payments, and maintaining project documentation.

Marketing & Analytics

With your consent, we analyze usage patterns to improve our website functionality, develop new services, and create more effective marketing campaigns. This helps us understand which content and services are most valuable to our clients.

Communication & Updates

We use your contact information to send you important service-related communications, project updates, newsletters (with consent), and respond to your inquiries. You can opt out of marketing communications at any time.

Legal & Compliance

We may use your information to comply with legal obligations, protect our rights, prevent fraud, and ensure the security of our systems and your data. This includes maintaining records for tax and accounting purposes.

Legal Basis for Processing

Under GDPR, we process your data based on legitimate interests (service delivery), consent (marketing communications), contract performance (project management), and legal obligations (record keeping). We ensure that all processing activities are necessary and proportionate to achieve our stated purposes.

4 Information Sharing & Disclosure

We understand that your personal information is valuable and private. We do not sell your personal data to third parties. However, we may share your information in limited circumstances as described below:

Trusted Service Providers

We work with carefully selected partners who help us deliver our services:

  • • Cloud hosting and data storage providers
  • • Email and communication platforms
  • • Payment processing services
  • • Analytics and marketing tools

All partners are contractually bound to protect your data

Legal Requirements

We may disclose information when required by law:

  • • Court orders and legal processes
  • • Government investigations
  • • Regulatory compliance
  • • Protection of rights and safety

We will notify you unless legally prohibited

Business Transfers

In the event of a merger, acquisition, or sale of our business, your information may be transferred to the new entity. We will notify you of any such change and ensure that the new entity continues to protect your privacy under terms at least as protective as this policy.

Third-Party Integrations

Our website may contain links to third-party services or integrate with external platforms:

Service Purpose Data Shared
Google Analytics Website traffic analysis Anonymous usage data
Email Platforms Newsletter delivery Contact details (with consent)
Payment Processors Secure transactions Payment information (encrypted)
Social Media Content sharing Only when you choose to share

5 Your Rights & Choices

We believe you should have control over your personal information. Depending on your location, you have the following rights regarding your data:

Access & View

Request a copy of all personal information we hold about you, including details of how it's used.

Correct & Update

Update or correct any inaccurate or incomplete information in your profile or account settings.

Delete

Request the deletion of your personal information, subject to certain legal exceptions and retention requirements.

Portability

Receive your data in a structured, machine-readable format to transfer to another service provider.

Restrict Processing

Limit how we process your data while you verify or contest the accuracy of your information.

Object

Object to processing of your personal information for direct marketing or legitimate business interests.

How to Exercise Your Rights

To exercise any of these rights, please contact us using the information provided below. We will respond to your request within 30 days (or as required by local law).

For EU/UK Residents

You have additional rights under GDPR/UK GDPR, including the right to lodge a complaint with your local data protection authority.

For California Residents

You have rights under CCPA/CPRA, including the right to know what personal information is sold or disclosed and the right to opt-out of sale.

Communication Preferences

You can control how we communicate with you:

6 Data Security & Protection

The security of your personal information is our top priority. We implement comprehensive security measures to protect your data against unauthorized access, alteration, disclosure, or destruction.

Technical Safeguards

  • Encryption

    All data transmission uses SSL/TLS encryption. Stored data is encrypted at rest using industry-standard algorithms.

  • Access Controls

    Multi-factor authentication and role-based access controls ensure only authorized personnel can access your data.

  • Regular Audits

    Security assessments and vulnerability scans are conducted regularly to identify and address potential weaknesses.

Organizational Measures

  • Staff Training

    All employees receive regular training on data protection best practices and privacy compliance requirements.

  • Incident Response

    We have established procedures for detecting, investigating, and responding to security incidents promptly.

  • Documentation

    Detailed security policies and procedures are maintained and regularly updated to reflect best practices.

Security Best Practices

While we implement robust security measures, you can also help protect your information:

  • Use strong, unique passwords for your accounts
  • Enable two-factor authentication when available
  • Log out of shared or public computers
  • Be cautious about sharing sensitive information
  • Report suspicious emails or activities
  • Keep your contact information current

Data Breach Notification

In the unlikely event of a data breach affecting your personal information, we will:

  • • Investigate the incident and assess the impact
  • • Notify relevant authorities within 72 hours (as required by law)
  • • Contact you directly if the breach poses a high risk to your rights and freedoms
  • • Take steps to mitigate any harm and prevent future occurrences

7 Cookies & Tracking Technologies

Our website uses cookies and similar tracking technologies to enhance your browsing experience, analyze website traffic, and understand user preferences. This section explains what cookies are, how we use them, and how you can control them.

What Are Cookies?

Cookies are small text files that are stored on your device when you visit a website. They help websites remember your preferences and improve functionality. We use both session cookies (deleted when you close your browser) and persistent cookies (saved on your device for a set period).

Types of Cookies We Use

Essential Cookies

These cookies are necessary for our website to function properly. They enable basic features like page navigation, secure login, and access to protected areas.

Examples: Session management, security tokens, load balancing

Duration: Session or up to 1 year

Performance Cookies

These cookies collect anonymous information about how visitors use our website, helping us identify popular pages and improve user experience.

Examples: Google Analytics, page load times, error tracking

Duration: Up to 2 years

Functional Cookies

These cookies remember your preferences and choices to provide a more personalized experience when you return to our website.

Examples: Language settings, theme preferences, form data

Duration: Up to 1 year

Marketing Cookies

These cookies track your browsing activity to help us deliver more relevant advertisements and measure the effectiveness of our marketing campaigns.

Examples: Social media pixels, advertising networks, conversion tracking

Duration: Up to 2 years

Managing Your Cookie Preferences

You have several options for controlling cookies on our website:

Browser Settings

Most browsers allow you to control cookies through their settings. You can block all cookies, delete existing ones, or receive notifications when new cookies are set.

Cookie Consent Banner

When you first visit our website, you can customize your cookie preferences using our consent banner. You can change these settings at any time.

Opt-Out Tools

For marketing cookies, you can use opt-out tools provided by advertising networks and industry associations.

Important Note

Disabling certain cookies may affect the functionality of our website or limit your ability to access certain features. Essential cookies cannot be disabled as they are necessary for the website to function properly.

8 Data Retention

We retain your personal information only for as long as necessary to fulfill the purposes outlined in this privacy policy, comply with legal obligations, resolve disputes, and enforce our agreements.

Retention Principles

Our data retention practices are guided by the following principles:

  • Minimization: We collect only the data necessary for specified purposes
  • Purpose Limitation: Data is used only for the purposes for which it was collected
  • Accuracy: We maintain accurate and up-to-date records
  • Security: Data is protected throughout its lifecycle
Data Type Retention Period Reason for Retention Disposal Method
Client Account Information Duration of service + 7 years Legal compliance, tax records, project continuity Secure deletion
Marketing Communications Until consent withdrawn + 30 days Marketing preferences, consent records Immediate deletion
Website Analytics Data 26 months (Google Analytics) Usage analysis, service improvement Automated deletion
Support Communications 3 years after last contact Customer service, issue resolution Secure deletion
Employment Applications 1 year after submission Future opportunities, recruitment records Secure deletion
Technical Logs 90 days Security monitoring, troubleshooting Automated rotation

Factors Affecting Retention

  • Legal and regulatory requirements
  • Duration of business relationship
  • Nature and sensitivity of data
  • Potential legal claims or disputes

Data Deletion Process

  • Automated deletion based on retention schedules
  • Manual review for complex cases
  • Secure overwriting of storage media
  • Documentation of deletion activities

Data Archiving

When data retention periods expire, some information may be archived in compliance with legal requirements. Archival data is stored securely with restricted access and eventually deleted according to applicable laws. If you request deletion of your data, we will remove it from active systems and ensure it is not used for any new purposes.

9 International Data Transfers

BrandFlowX operates globally and may transfer your personal information across international borders. This section explains how we ensure that your data remains protected during international transfers.

Why International Transfers Occur

We may transfer your data internationally for several legitimate business purposes:

  • • Cloud storage and data hosting services located in different countries
  • • Collaboration with international service providers and partners
  • • Backup and disaster recovery systems in multiple locations
  • • Client projects that require global team coordination

Adequacy Decisions

We transfer data to countries that the European Commission has recognized as providing adequate protection for personal data, including:

  • • European Economic Area (EEA) countries
  • • United Kingdom (post-Brexit adequacy decision)
  • • Canada, Japan, South Korea
  • • Other countries with adequacy decisions

Standard Contractual Clauses

For transfers to countries without adequacy decisions, we use European Commission-approved Standard Contractual Clauses (SCCs) that provide appropriate safeguards.

  • • Module 1: Controller to Controller transfers
  • • Module 2: Controller to Processor transfers
  • • Module 3: Processor to Processor transfers

Additional Safeguards

Beyond legal mechanisms, we implement technical and organizational measures to protect your data during international transfers:

Encryption

Access Controls

Monitoring

Data Transfer Locations

We may transfer your data to the following locations for business operations:

Primary Data Centers

  • • United Kingdom (primary operations)
  • • European Union (client services)
  • • United States (cloud services)
  • • Australia (Asia-Pacific operations)

Service Provider Locations

  • • Ireland (data hosting)
  • • Canada (backup services)
  • • Singapore (Asia-Pacific support)
  • • Brazil (Latin American operations)

Your Rights Regarding Transfers

If your personal data is transferred internationally, you have the right to:

  • • Request information about international transfers we make
  • • Obtain copies of the safeguards we have in place
  • • Exercise your rights regarding transferred data
  • • Lodge complaints with relevant supervisory authorities

10 Policy Updates & Contact Information

We may update this Privacy Policy periodically to reflect changes in our practices, technology, legal requirements, or other factors. We encourage you to review this policy regularly to stay informed about how we protect your information.

How We Notify You of Changes

When we make material changes to this policy, we will notify you through:

  • • Email notification to registered users
  • • Prominent notice on our website homepage
  • • Updates to the "Last Updated" date at the top of this policy
  • • In-app notifications for our service users

Version History

v2.1 January 15, 2024
v2.0 September 1, 2023
v1.5 March 10, 2023
v1.0 January 1, 2023

Recent Updates

  • Enhanced cookie consent management
  • Updated international transfer safeguards
  • Expanded user rights under CPRA
  • Clarified data retention periods

Contact Information

Data Protection Officer

BrandFlowX Marketing Agency Ltd

Data Protection Department

85 Strand, Westminster

London WC2R 0DW

United Kingdom

Business Hours

Monday - Friday 9:00 - 18:00
Saturday
Sunday

Response Time

We aim to respond to all privacy-related inquiries within:

  • • General inquiries: 2 business days
  • • Data subject requests: 30 days
  • • Security incidents: 24 hours

Regional Supervisory Authorities

If you are located in certain regions, you have the right to lodge a complaint with your local data protection authority:

European Union/EEA

Contact your national data protection authority. You can find contact information at: edpb.europa.eu

United Kingdom

Information Commissioner's Office (ICO)
Phone: 0303 123 1113
Website: ico.org.uk

Thank you for taking the time to review our Privacy Policy.

If you have any questions or concerns, please don't hesitate to contact us. We're here to help protect your privacy and ensure your data is handled with the utmost care and respect.

© 2024 BrandFlowX Marketing Agency Ltd. All rights reserved.

This Privacy Policy is governed by the laws of England and Wales.

Terms of Service Cookie Policy Contact Us