Privacy Policy
Catspace Marketing Ltd ("Catspace", "we", "us", "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, store, and protect your personal data when you visit our website (catspacemarketing.co.uk), use our services, or contact us.
This Privacy Policy complies with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and where applicable, the EU General Data Protection Regulation (EU GDPR – Regulation 2016/679).
Data Controller
The data controller responsible for your personal data is:
Glasgow, Scotland, G3 7PR, United Kingdom
Personal Data We Collect
We may collect and process the following categories of personal data:
2.1 Information you provide directly
- Identification data: name, surname, business name, job title
- Contact data: email address, phone number, postal address
- Communication data: messages you send via WhatsApp, email, or contact forms
- Service-related data: information about your business that you share to receive our services (Google Business Profile details, photos of your venue, etc.)
- Payment data: processed by our payment provider Stripe - we do not store your card details directly
2.2 Information collected automatically
When you visit our website, we may automatically collect:
- Technical data: IP address, browser type and version, device type, operating system, screen resolution
- Usage data: pages visited, time spent on each page, click patterns, referral source
- Cookies and tracking: see our Cookies Policy for details
Why We Collect Your Data (Legal Basis)
Under UK GDPR Article 6, we process your data on the following legal bases:
For consent-based processing, you can withdraw your consent at any time by contacting us or unsubscribing from our newsletter.
How Long We Keep Your Data
We retain your personal data only for as long as necessary for the purposes described above:
- Prospect data (inquiries that did not lead to a contract): up to 3 years from last contact
- Client data (active clients): for the duration of our commercial relationship + 10 years after the end of the relationship (UK accounting and tax obligations)
- Newsletter subscribers: until you unsubscribe
- Website analytics data: up to 14 months (Google Analytics standard)
- Cookies: see our Cookies Policy for individual cookie lifespans
Who We Share Your Data With
We do not sell your personal data. We may share it with the following categories of recipients, only when strictly necessary:
Our service providers (data processors), bound by confidentiality and data protection agreements:
We also work with email marketing tools (newsletter delivery) and our web hosting provider, both bound by similar agreements.
Legal authorities: if required by law, court order, or to protect our rights.
International Data Transfers
Some of our service providers (e.g., Google, Meta, Stripe) may process your data outside the United Kingdom or European Economic Area, particularly in the United States.
When such transfers occur, we ensure appropriate safeguards are in place, such as:
- Standard Contractual Clauses (SCCs) approved by the UK Information Commissioner's Office (ICO) and the European Commission
- Adequacy decisions for transfers to countries deemed to provide adequate data protection
Your Rights
Under UK GDPR and EU GDPR, you have the following rights regarding your personal data:
Request a copy of the personal data we hold about you.
Ask us to correct inaccurate or incomplete data.
Ask us to delete your personal data ("right to be forgotten"), subject to legal exceptions.
Ask us to limit how we use your data.
Receive your data in a structured, machine-readable format.
Object to processing based on legitimate interests, or to direct marketing.
Where processing is based on consent, withdraw it at any time.
Right to Lodge a Complaint
If you believe we have not handled your personal data in accordance with the law, you have the right to lodge a complaint with a supervisory authority:
Data Security
We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, loss, alteration, or disclosure, including:
- HTTPS encryption for all data in transit
- Access controls limiting personal data to authorized personnel only
- Regular security updates of our systems and software
- Confidentiality agreements with our service providers
However, no system is 100% secure. We cannot guarantee absolute security, but we commit to using industry-standard practices.
Children's Privacy
Our services are intended for businesses (B2B) and not directed at children under 16. We do not knowingly collect personal data from children.
If you believe a child has provided us with personal data, please contact us immediately so we can delete it.
Changes to This Privacy Policy
We may update this Privacy Policy from time to time. The "Last updated" date at the top of this page indicates when the latest version takes effect. We encourage you to review this page periodically.
For significant changes, we will notify you by email (if you are a client or newsletter subscriber) or via a prominent notice on our website.
Contact
For any question or request related to this Privacy Policy or your personal data:
Glasgow, Scotland, G3 7PR, United Kingdom