Privacy Policy

1. Who we are

Company name: Retail Asset Marketing Ltd t/a Blackline Creative
Registered address: Old Truman Brewery, 91 Brick Lane, London, E1 6QL
Email: info@blacklinecreative.co.uk
Website: www.blacklinecreative.co.uk

Retail Asset Marketing Ltd t/a Blackline Creative is the Data Controller for personal data collected through this website and in the course of our own business relationships.

2. What personal data we collect

We collect only limited personal data directly from our website and communications.
This may include:
• Name and email address (if you contact us)
• Business contact information, such as job title, company name and business phone number.
• Any information you choose to include in correspondence with us

We do not collect data through forms, user accounts, or payment systems on our website.

3. Client data processed on behalf of clients

When delivering marketing services, data strategy, and campaign execution, we may process personal data on behalf of our clients.
This can include:
• Customer or subscriber email addresses
• Campaign performance data
• Segmentation and analytics data

In these circumstances:
• Our clients are the Data Controllers
• We act as a Data Processor
• We process personal data strictly under the client’s written instructions
• We do not own, control, or reuse client data
• We do not market to individuals using client data

We have data processing agreements in place with our clients and apply appropriate security and international transfer safeguards when handling personal data on their behalf.
Responsibility for consent, privacy notices, and compliance with marketing regulations sits with the Data Controller (our client).

4. Lawful basis for processing

We process personal data under the following legal bases:
• Legitimate interests – for example, responding to enquiries and managing ongoing business relationships.
• Contract – when processing is necessary to enter into or perform a contract with you or your organisation.
• Legal obligation – to meet accounting, tax and other legal requirements.
• Consent – where you or our clients have chosen to receive certain types of marketing communications, and consent is required.

5. How we use personal data

We use personal data for:
• Responding to enquiries
• Managing business relationships
• Delivering services
• Data analysis and insight work
• Campaign execution
• Legal and administrative purposes

We never sell personal data.

6. Use of Mailchimp and third-party services

We use Mailchimp for campaign deployment and email communication on behalf of clients.
Mailchimp may store and process data outside the UK, including in the United States.
Safeguards such as Standard Contractual Clauses are used to ensure adequate protection.
We may also use trusted suppliers for:
• Hosting
• Security
• IT services
• Analytics

These suppliers include UK and EEA-based providers of cloud hosting, security and analytics services and are contractually required to protect personal data and act only on our instructions.

7. Cookies and analytics

We use cookies and similar technologies on our website to make it work properly, to understand how it is used, and to improve our content and services.
Some of these cookies are essential for the site to function. Others, such as analytics and marketing cookies, help us measure website performance and understand how visitors interact with our pages.

When you first visit our site, you will see a banner explaining that we use cookies and giving you the option to accept or reject non-essential cookies. You can change your preferences at any time by using the cookie banner or your browser settings.

If you disable or reject certain cookies, some parts of the website may not function correctly.

8. International data transfers

Where data is transferred outside the UK or EEA, we ensure:
• Appropriate safeguards are in place
• Data protection standards are maintained
• Transfers comply with UK GDPR regulations

9. How long we keep data

We only retain personal data as long as necessary for its purpose, including:
• Client correspondence: up to 7 years
• Financial records: as required by law
• Marketing data: as directed by clients
• Enquiry data: reviewed periodically and deleted when no longer required

10. Data security

We apply appropriate technical and organisational measures to keep data secure, including:
• Access control
• Password protection
• Encryption
• Secure systems and cloud services
• Staff training

11. Your rights

You have the right to:
• Access your personal data
• Correct inaccurate data
• Request deletion
• Restrict processing
• Object to processing
• Request data portability
• Withdraw consent where applicable

To exercise any of these rights or ask questions about this Privacy Policy, please contact us using the details in the ‘Who we are’ section.

12. Complaints

If you believe your data has been mishandled, you may complain to:
Information Commissioner’s Office (ICO)
Website: ico.org.uk
Phone: 0303 123 1113

13. Changes to this policy

We may update this policy from time to time.
Latest versions will always be published on our website.