YDMS LogoYDMS - York Digital Marketing Services

Privacy Policy

Last Updated: 2025-04-28

At a Glance

This summary provides key points from our Privacy Policy. For full details, please read the entire policy.

  • Who We Are & What We Do: York Digital Marketing Services Ltd. is the data controller. We collect and process personal data primarily to provide and improve our marketing services, operate our website effectively, and communicate with clients and contacts.
  • Data Collected & Purposes: We gather contact details, business information, technical data (like IP addresses), website usage information, and marketing preferences. We use this data for service delivery, website analysis and functionality, security, legal compliance, and communications. Our full policy details specific uses, retention periods, and the lawful bases we rely on (e.g., Contract, Legitimate Interests, Consent, Legal Obligation).
  • Your Rights & Choices: Under UK data protection law, you have rights including access, rectification, erasure, data portability, and the right to object to certain processing. You can exercise these rights by contacting our Data Protection Lead using the details provided in this policy.
  • Cookies & Tracking: Essential cookies/technologies operate automatically for website function. Non-essential cookies and tracking technologies (used for analytics, B2B identification etc.) require your explicit opt-in consent via our cookie consent banner. You can manage or withdraw your consent at any time via the "Cookie Settings" link.
  • Security & Review: We implement technical and organisational measures to help safeguard your data. We conduct impact assessments for high-risk processing and review this policy regularly to ensure ongoing compliance.

1. Introduction

At York Digital Marketing Services Ltd. ("we", "our", "us", "the Agency"), located at 20 Mayfair House, YO1 9QJ, we take your privacy seriously. This Privacy Policy explains how we collect, use, disclose, transfer, and safeguard your personal information when you visit our website ([Your Website Address]), interact with us, or use our services.

Please read this Privacy Policy carefully. By accessing our website or using our services, you acknowledge you have been informed about how we handle your personal data as described herein. This policy should be read in conjunction with our Cookie Policy.

2. Information We Collect

We may collect personal information that identifies you or relates to you as an identifiable individual. This includes information you provide directly to us, information we collect automatically when you use our website, and information we may receive from third parties. Categories of personal information we may collect include:

  • Contact Information: Such as name, email address, phone number, and business address.
  • Business Information: Such as company name, job title, industry.
  • Technical Information: Such as Internet Protocol (IP) address (which may be used to infer your approximate location or identify your business), browser type and version, time zone setting, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access this website.  
  • Usage Data: Information about how you use our website (e.g., pages visited, time spent on pages, clicks, interactions) and services, collected via cookies and similar tracking technologies (see Section 5).  
  • Marketing and Communications Information: Your preferences in receiving marketing from us and your communication preferences.  
  • Information you provide: Any other information you choose to provide in forms, surveys, correspondence, or other interactions.

3. How We Use Your Information

We use the information we collect for various purposes, linked to our lawful bases for processing (see Section 4):

  • Providing and Managing Services: To fulfil our contractual obligations to clients, manage accounts, and deliver our marketing services. (Basis: Contractual Necessity, Legitimate Interests)
  • Website Operation and Improvement: To ensure our website functions correctly, to analyse usage patterns, improve website content and user experience, and for security monitoring. (Basis: Legitimate Interests, Consent for non-essential cookies/tracking)
  • Communication: To respond to your inquiries, provide customer support, send service updates, and deliver information you request. (Basis: Contractual Necessity, Legitimate Interests, Consent where applicable)
  • Marketing and Business Development: To send you marketing communications about our services, promotions, and relevant industry insights where permitted by law (you can opt-out at any time). To identify potential business prospects (e.g., via B2B identification tools like Leadinfo) and understand our audience better. (Basis: Legitimate Interests, Consent)
  • Compliance and Legal Obligations: To comply with applicable laws, regulations, court orders, or governmental requests, and to establish, exercise, or defend legal claims. (Basis: Legal Obligation, Legitimate Interests)
  • Protecting Rights and Preventing Fraud: To protect the rights, property, or safety of the Agency, our clients, or others, and to detect and prevent fraudulent activity. (Basis: Legitimate Interests)

4. Lawful Basis for Processing

Under UK data protection law, we must have a valid lawful basis for processing your personal data. We rely on the following bases depending on the specific context and purpose of the processing:

  • Consent: Where you have given us clear consent to process your personal data for a specific purpose (e.g., subscribing to a newsletter, consenting to non-essential cookies). You can withdraw your consent at any time.  
  • Contractual Necessity: Where processing is necessary for the performance of a contract we have with you (e.g., providing services to you as a client) or to take steps at your request before entering into such a contract.  
  • Legal Obligation: Where processing is necessary for us to comply with the law (e.g., retaining financial records for tax purposes).
  • Legitimate Interests: Where processing is necessary for our legitimate interests or the legitimate interests of a third party, provided these interests are not overridden by your rights and interests. Examples include improving our services, operating our website effectively, certain marketing activities, B2B prospect identification, and fraud prevention. Where we rely on legitimate interests, we conduct balancing tests, and you have the right to object to this processing.  
We identify the primary lawful basis for key activities in Section 3 above. If you have questions about the lawful basis for specific processing, please contact us.

5. Cookies and Tracking Technologies

Our website uses cookies and similar tracking technologies (such as tracking scripts and pixels provided by services like Leadinfo and HubSpot) to collect Technical Information and Usage Data, distinguish you from other users, provide functionality, improve our site, and help us identify business visitors (B2B identification).

  • Types of Technologies: We use strictly necessary technologies (essential for website function) and non-essential technologies (for performance, functionality, analytics, and marketing/B2B identification).
  • Consent Required: Non-essential cookies and tracking technologies will only be activated if you provide your explicit consent via our cookie consent banner, which is presented on your first visit. You can manage or withdraw your consent at any time via the "Cookie Settings" link on our website. Activating these technologies before consent is given is contrary to legal requirements, and we are implementing measures to ensure compliance.
  • Further Information: For detailed information on the specific cookies and trackers we use, their purposes, duration, and how to manage your preferences, please see our Cookie Policy.

6. Data Retention

We will retain your personal information only for as long as necessary to fulfil the purposes for which we collected it, including for the purposes of satisfying any legal, accounting, or reporting requirements.  

To determine the appropriate retention period, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure, the purposes for which we process it, whether we can achieve those purposes through other means, and the applicable legal requirements.  

  • Specific Periods: We retain client and financial data necessary for legal and tax compliance for 7 years following the end of our business relationship. Website analytics data gathered via tools like Google Analytics or HubSpot analytics is typically retained for 26 months. Contact information for marketing purposes is retained until you opt-out or withdraw consent, subject to periodic review. Data from B2B identification tools may be held for the duration it remains relevant for business development purposes, subject to your rights.

7. Data Security

We implement reasonable technical and organisational security measures designed to protect your personal information from accidental or unlawful destruction, loss, alteration, unauthorised disclosure, or access. However, please be aware that no method of transmission over the Internet or electronic storage is 100% secure, and we cannot guarantee absolute security.

Furthermore, we are committed to the principle of Privacy by Design, proactively embedding data protection considerations into our services, website development, and business processes. In line with UK data protection law, we conduct Data Protection Impact Assessments (DPIAs) before undertaking processing likely to result in a high risk to individuals' rights and freedoms, ensuring appropriate measures are in place to mitigate those risks. Our data protection practices are overseen by our internal Data Protection Lead.

8. Third-Party Disclosure

We do not sell or trade your personal information. We may share your personal information with trusted third parties only in the ways described in this Privacy Policy or where you have provided consent. These include:

  • Service Providers: Companies that provide services on our behalf, such as website hosting (e.g., Vercel), CRM/CMS platforms (e.g., HubSpot), email marketing services, analytics providers, and B2B identification services (e.g., Leadinfo). These providers are contractually bound to protect your data and use it only for the purposes we specify.
  • Legal and Regulatory Authorities: If required by law, regulation, legal process, or governmental request.
  • Professional Advisors: Such as lawyers, auditors, and insurers, where necessary in the course of the professional services they render to us.  
  • Business Transfers: In connection with any merger, sale of company assets, financing, or acquisition of all or a portion of our business by another company.  

9. International Data Transfers

As we operate internationally and use global service providers, your personal information may be transferred to, stored, and processed in countries outside of the UK. Specifically, data may be transferred to countries within the European Economic Area (EEA) and the United States of America (USA).

Where we transfer your data outside the UK, we ensure a similar degree of protection is afforded to it by implementing appropriate safeguards as required by UK data protection law. This may include:

  • Transferring data to countries deemed to provide an adequate level of protection for personal data by the UK Government (such as countries in the EEA).
  • Using specific contracts approved by the UK Government which give personal data the same protection it has in the UK, such as the International Data Transfer Agreement (IDTA) or the Addendum to the EU Standard Contractual Clauses (SCCs).
  • For transfers to the USA, potentially relying on the UK Extension to the EU-US Data Privacy Framework (also known as the UK-US Data Bridge), where applicable to the recipient.
  • We take steps to ensure that any third-party service providers processing your data outside the UK also have appropriate safeguards in place.

10. Your Rights

Under UK data protection law, you have certain rights regarding your personal information. Subject to certain exemptions, these include:

  • The right to access: You can request copies of your personal data.
  • The right to rectification: You can ask us to correct inaccurate or incomplete information.  
  • The right to erasure (to be forgotten): You can ask us to delete your personal data in certain circumstances.
  • The right to restrict processing: You can ask us to limit the processing of your personal data in certain circumstances.
  • The right to data portability: You can ask that we transfer the personal data you gave us to another organisation, or to you, in certain circumstances.  
  • The right to object to processing: You can object to processing where we rely on legitimate interests as our lawful basis.
  • Rights related to automated decision making and profiling: We currently do not conduct solely automated decision-making that has legal or similarly significant effects.
Exercising Your Rights: To exercise any of these rights, please contact us using the details provided below. We will respond to your request in accordance with applicable data protection laws.  

Right to Complain: You also have the right to lodge a complaint with the UK's supervisory authority for data protection issues, the Information Commissioner's Office (ICO). Their contact details are:

  • Website: ICO
  • Helpline: 0303 123 1113  

We would, however, appreciate the chance to deal with your concerns before you approach the ICO, so please contact us in the first instance.  

11. Data Protection Responsibilities

While York Digital Marketing Services Ltd. has not formally appointed an external Data Protection Officer under the criteria set out in the UK GDPR, we have assigned internal responsibility for overseeing compliance with data protection law. The point of contact for any data protection queries or concerns is listed below.

12. Changes to This Privacy Policy

We may update our Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. Any changes will be posted on this page with an updated "Last Updated" date. We encourage you to review this Privacy Policy periodically.  

13. Contact Us

If you have any questions about this Privacy Policy, our data protection practices, or wish to exercise your rights, please contact us at:

  • Email: contact@ydms.co.uk
  • Mail: Data Protection Lead, York Digital Marketing Services Ltd., 20 Mayfair House, YO1 9QJ