Services
Work
About
News
Close
Get in touch
Home
Services
Work
About
News
Get in touch

privacy policy

Table of content
1. Introduction
2. Data We Collect
3. How We Use Your Data
4. Legal Basis for Processing
5. Sharing Your Information
6. International Transfers
7. Data Retention
8. Your Rights
9. Security Measures
10. Updates to This Policy

Effective from 14 April 2026

We understand that privacy notices can feel lengthy. We've included short summaries at the start of each section so you can get the essentials quickly. If you need anything clarified, get in touch at hello@therippleagency.co.uk.

1. Introduction

Summary: This section explains who we are, what this notice covers, and how it applies to your use of our services.

This Privacy Policy describes how The Ripple Agency ("we", "us", "our") collects, processes, stores, and safeguards personal data when you use our website, enquire about our services, or engage with us as a client or contact.

The Ripple Agency is the data controller responsible for your personal data. We operate in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

By accessing our website or engaging with our services, you acknowledge and accept the terms described in this policy. If you have any questions, please contact us before using our services.

2. Data We Collect

Summary: We collect information you share with us directly, as well as information gathered automatically through your device and browser when you visit our site.

Information you provide directly

  • Your name, email address, phone number, and organisation name when you fill in an enquiry form or get in touch
  • Information shared during discovery calls, client onboarding, or project work
  • Payment or billing details where relevant to services provided
  • Any content, files, or materials you share with us as part of a project

Information collected automatically

  • Technical data such as your IP address, browser type, device identifiers, and operating system
  • Usage data including pages visited and how you arrived at our website
  • Cookie and analytics data where applicable (see Section 11)

3. How We Use Your Data

Summary: We process your data to deliver our services, communicate with you, improve our website, and meet our legal obligations.

We use the personal data we collect to:

  • Respond to enquiries and provide information about our services
  • Deliver website design, branding, and digital marketing services to clients
  • Manage ongoing client relationships and project communications
  • Send relevant updates or resources where you have consented to receive them
  • Improve the performance and usability of our website
  • Monitor for and prevent fraud or misuse
  • Comply with our legal and regulatory obligations

4. Legal Basis for Processing

Summary: We only process your personal data where we have a valid legal reason to do so under UK GDPR.

Depending on the context, we rely on one or more of the following lawful bases:

  • Contract: Where processing is necessary to deliver services you have requested, or to take steps before entering into a contract
  • Legitimate interests: Where we have a genuine business reason, such as responding to enquiries or maintaining our website, provided this does not override your rights
  • Consent: Where you have given clear agreement, for example to receive marketing communications or accept non-essential cookies
  • Legal obligation: Where processing is required to comply with applicable law

5. Sharing Your Information

Summary: We only share your data where necessary, and only with parties that meet data protection standards.

We do not sell your personal data. We may share information with:

  • Trusted third-party service providers who support our operations, such as website hosting, project management tools, and email platforms. These providers act only on our instructions and are subject to data protection obligations
  • Professional advisers such as accountants or legal advisers where required
  • Regulatory or law enforcement bodies where we are legally required to disclose information
  • A successor business in the event of a merger, acquisition, or restructuring, subject to appropriate safeguards

6. International Transfers

Summary: Some tools we use may process data outside the UK. We ensure appropriate safeguards are in place.

Where personal data is transferred outside of the United Kingdom, we take steps to ensure it receives an equivalent level of protection. This may include relying on the UK's adequacy regulations, standard contractual clauses, or other approved transfer mechanisms. If you would like more information, please contact us at hello@therippleagency.co.uk.

7. Data Retention

Summary: We keep your personal data only for as long as necessary, then securely delete or anonymise it.

Retention periods vary depending on the type of data:

  • Enquiry and contact data: up to 2 years from last contact, unless a client relationship follows
  • Client project data: up to 6 years following the end of a project, in line with standard legal and business requirements
  • Financial and billing records: 6 years, in line with HMRC requirements
  • Website analytics data: in accordance with the settings of the analytics platform used (typically 14–26 months)

Once data is no longer required, it is securely deleted or anonymised.

8. Your Rights

Summary: You have rights over your personal data under UK GDPR, including access, correction, deletion, and the right to object.

As a UK data subject, you have the right to:

  • Access a copy of the personal data we hold about you
  • Rectification of any inaccurate or incomplete data
  • Erasure of your personal data in certain circumstances
  • Restrict processing in certain situations
  • Data portability where applicable
  • Object to processing based on legitimate interests or for direct marketing

To exercise any of these rights, contact us at hello@therippleagency.co.uk. We will respond within one calendar month.

You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk or by calling 0303 123 1113.

9. Security Measures

Summary: We take reasonable technical and organisational steps to protect your personal data.

We implement appropriate measures to prevent unauthorised access, disclosure, alteration, or loss of personal data, including:

  • Secure, encrypted storage and data transmission where appropriate
  • Restricted access to personal data on a need-to-know basis
  • Use of reputable, security-reviewed third-party platforms and tools
  • Regular review of our data handling practices

No method of transmission over the internet is completely secure. If you have concerns, please get in touch.

10. Updates to This Policy

Summary: We may update this policy from time to time and will notify you of significant changes.

We review and update this Privacy Policy periodically. The effective date at the top of this document will always reflect the most recent version. Where changes are significant, we will take reasonable steps to inform you. Continued use of our website or services after an update constitutes your acceptance of the revised policy.

11. Cookies and Analytics

Summary: We may use cookies and analytics tools to understand how our website is used.

Our website may use cookies — small text files stored on your device — to help it function correctly and to understand how visitors use the site.

Essential cookies are necessary for the website to work and cannot be switched off.

Analytics cookies, if used, collect anonymous information about pages viewed, time spent on the site, and how users arrived. These are only set where you have given your consent.

You can manage or withdraw consent to non-essential cookies at any time through your browser settings. For more information about cookies generally, visit allaboutcookies.org.

12. Contact Us

If you have any questions about this policy or how we handle your personal data, please get in touch:

The Ripple Agency hello@therippleagency.co.uk