Privacy Policy

Illuminate Digital Ltd is a UK registered company providing Pay Per Click services to clients.

This Privacy Policy applies only to your use of our Site.

What data do we collect?

All personal data collected by our site is stored securely in accordance with the principles laid out by law. We process various types of personal data depending on the nature of our relationship with you. These include:

  1. For Clients and Prospective Clients:
  • Contact Information: Name, job title, email address, phone number.
  • Business Information: Company name, address, financial details for invoicing.
  • Marketing Preferences: Preferences for communication and campaign targeting.

 

  1. For Website Visitors:
  • Technical Information: IP address, browser type, operating system, and device identifiers collected via cookies or similar technologies.
  • Behavioural Data: Pages visited, time spent on our website, and referral sources.

 

  1. For Employees and Contractors:
  • Employment Data: Bank details, National Insurance number, performance records.
  • Sensitive Data: Health information (for statutory reporting or reasonable adjustments).

How do we collect personal data

We collect personal data through the following methods:

 

Direct Interactions: When you contact us, complete forms, or engage in our services.

Automated Technologies: Via cookies, tracking pixels, and analytics software on our website.

Third Parties: From public databases, referrals, or social media platforms when you interact with our content.

Security and third party data

We are committed to ensuring that your information is secure. To prevent unauthorised access or disclosure we have put in place suitable electronic and physical procedures to safeguard and secure the information we collect online. By signing up for newsletter or submitting enquiries and selecting the checkbox, one consents to their submitted data being collected and stored for these purposes, but possible to remove their info as suited.

We use three third parties to process personal data on our behalf. These third parties have been carefully chosen and all of them comply with the current legislation. These third parties are EU-U.S Privacy Shield compliant.

  1. Google for analytics and remarketing
  2. Mailchimp for mailing list subscription and removal
  3. Facebook for remarketing

We will also report any unlawful data breach of this website’s database or the database(s) of any of our third party data processors to any and all relevant persons and authorities within 72 hours of the breach if it is apparent that personal data stored in an identifiable manner has been stolen.

Purpose and legal basis for processing

We ensure all data processing activities comply with legal requirements under UK GDPR:

Purpose Legal Basis
Delivering contracted services Performance of a contract
Marketing communications (opt-in only) Consent
Analytics to improve user experience Legitimate interests (with anonymisation where feasible)
Regulatory compliance (e.g., HMRC) Legal obligation
Protecting against fraud or misuse Legitimate interests

 

Cookies

We use cookies to enhance website functionality and gather analytics.

  • Essential Cookies: Required for website operation.
  • Performance Cookies: Collect anonymised data for analytics.
  • Marketing Cookies: Used for retargeting and tracking ad performance.
  • Managing Cookies: You can control cookie settings through your browser or visit https://illuminatedigital.co.uk/cookie-policy/

We use Google Analytics (GA) to track website user interaction. We use this data to determine the number of people using our site, to better understand how they find and use our web pages and to see their journey through the website.

Although GA records user data such as your geographical location, device, internet browser and operating system, none of this information personally identifies you to us. GA also records your computer’s IP address but Google does not grant us access to this. GA makes use of cookies, details of which can be found on Google’s developer guides. We use Google AdWords Remarketing to advertise trigger across the Internet. AdWords remarketing will display relevant ads tailored to you based on what parts of the TriggerApp website you have viewed by placing a cookie on your machine. The cookie is used to say “This person visited this page, so show them ads relating to that page.” Google AdWords Remarketing allows us to tailor our marketing to better suit your needs and only display ads that are relevant to you.

We also use the Facebook pixel to determine people who have visited our site and use this for remarketing purposes. Facebook Remarketing allows us to tailor our marketing to better suit your needs and only display ads that are relevant to you.

Disabling cookies on your internet browser will stop GA and Facebook from tracking any part of your visit to pages within this website.

Sharing and disclosure of data

We respect your privacy and will only share data when necessary:

Trusted Service Providers:

  • IT infrastructure providers (e.g., cloud hosting).
  • Marketing software platforms (e.g., email automation).

 

Legal or Regulatory Requirements:

  • Disclosure to HMRC, ICO, or other authorities when mandated.

 

Client Collaboration:

  • Sharing campaign performance data when working collaboratively with other agencies.

 

All third-party providers undergo a rigorous due diligence process to ensure compliance with data protection laws.

Data retention policy

We retain personal data only for as long as necessary to fulfil the purposes outlined in this policy:

 

Client Data: Retained for six years after the conclusion of services, in line with tax record requirements.

Marketing Data: Retained until consent is withdrawn or five years after last interaction.

Employee Data: Retained for seven years post-employment, unless legal obligations require longer.

Your rights

Under UK GDPR, you have the following rights regarding your personal data:

 

Right to Access: Request a copy of your data and supplementary information.

Right to Rectification: Correct inaccurate or incomplete data.

Right to Erasure: Request deletion of your data (subject to lawful limitations).

Right to Restrict Processing: Limit the ways your data is used.

Right to Data Portability: Transfer data to another organisation in a structured format.

Right to Object: Opt out of direct marketing or processing based on legitimate interests.

Right to Withdraw Consent: At any time, where processing relies on consent.

Right to Complain: File a complaint with the Information Commissioner’s Office (ICO).

Security Measures

We employ industry-standard security measures to safeguard your data

Technical Measures:

  • Data Encryption: AES-256 for storage; TLS 1.3 for transmission.
  • Access Control: Multi-factor authentication (MFA) and role-based permissions.
  • Regular Audits: Biannual penetration testing and vulnerability assessments.

Organisational Measures:

  • Employee Training: All staff undergo annual GDPR training.
  • Incident Response Plan: Established procedures for breach detection, containment, and reporting.
  • Data Minimisation: Only essential data is collected and processed.

Data breach management

In the unlikely event of a data breach:

Detection: Continuous monitoring identifies anomalies.

Containment: Systems are isolated, and affected parties notified immediately.

Reporting: Breaches involving personal data are reported to the ICO within 72 hours.

Prevention: Post-incident reviews ensure updated controls and training.

We employ industry-standard security measures to safeguard your data

Technical Measures:

  • Data Encryption: AES-256 for storage; TLS 1.3 for transmission.
  • Access Control: Multi-factor authentication (MFA) and role-based permissions.
  • Regular Audits: Biannual penetration testing and vulnerability assessments.

Organisational Measures:

  • Employee Training: All staff undergo annual GDPR training.
  • Incident Response Plan: Established procedures for breach detection, containment, and reporting.
  • Data Minimisation: Only essential data is collected and processed.

Updates to this policy

This policy is reviewed whenever signifcant changes occur. The latest version will be available on our website.

Contact Information

For privacy-related queries or concerns, contact:

  • Data Protection Officer: Jo Phipps
  • Email: josephine@illuminatedigital.co.uk
  • Address: Hartfield Crescent, London, SW19 3RZ

If you believe we have failed to address your concerns, you may lodge a complaint with the ICO at www.ico.org.uk.