Privacy Policy

Last updated: 29 December 2025

1. Introduction

BRANDOX LTD (“we”, “our”, or “us”) respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, store, and share personal data when you visit our website, submit an enquiry, or otherwise interact with us.

This policy is intended to meet the transparency requirements under the UK General Data Protection Regulation (“UK GDPR”) and the Data Protection Act 2018.

2. Who We Are

Controller: BRANDOX LTD is the “data controller” for personal data processed through this website.

Contact email: hello@brandox.agency

If you prefer to contact us by post for privacy matters, you may write to our registered office address.

3. Personal Data We Collect

We may collect and process the following categories of personal data:

3.1 Information you provide directly

  • Identity and contact details: name, email address, company name, job title, phone number (if provided).
  • Enquiry content: information you include in messages, briefs, or requests submitted through forms or email.
  • Business information: brand name, website URL, campaign objectives, budgets or timelines (if you choose to provide them).

3.2 Information collected automatically

When you browse our website, we may collect limited technical information, such as:

  • IP address (or approximate location derived from IP)

  • device type, browser type, operating system

  • pages visited and referral source

  • date/time of visits and basic usage patterns

This information is used to operate, secure, and improve the website.

4. How We Use Your Personal Data

We use your personal data for the following purposes:

  • To respond to enquiries and communicate with you about requested information or services.

  • To provide our services, including onboarding, project delivery, and client support.

  • To operate and secure our website, prevent fraud, and troubleshoot technical issues.

  • To improve our website and services, including understanding what content is useful to visitors.

  • To comply with legal obligations, including recordkeeping and regulatory requirements.

5. Legal Bases for Processing Under UK GDPR

We process personal data only when a lawful basis applies. Depending on the context, our lawful bases include:

  • Consent: where you choose to submit an enquiry form or opt in to receive marketing communications. You can withdraw consent at any time.

  • Contract: where processing is necessary to take steps at your request before entering into a contract, or to perform a contract with you.

  • Legitimate interests: where processing is necessary for our legitimate interests (for example, responding to business enquiries, improving our services, maintaining website security), provided these interests are not overridden by your rights.

  • Legal obligation: where we must process data to comply with applicable laws.

6. Cookies and Similar Technologies

Our website may use cookies or similar technologies to ensure functionality, analyse site usage, and improve performance. Some cookies are essential for the website to work correctly.

If we use analytics or advertising cookies (for example, to understand traffic sources or campaign performance), we will do so in accordance with applicable cookie rules and, where required, request your consent through a cookie banner or preferences tool.

You can control cookies through your browser settings and, where available, our cookie preferences tool. Disabling certain cookies may affect website functionality.

7. Sharing Your Personal Data

We do not sell or rent your personal data. We may share data with trusted third parties only where necessary, such as:

  • Website hosting and website platform providers (for example, Squarespace)

  • Email and communication providers

  • Analytics providers (if enabled)

  • Professional advisers (accountants, legal advisers) where necessary

  • Regulators or authorities where required by law

Where we use service providers, we take steps to ensure appropriate contractual protections are in place.

8. International Transfers

Some of our service providers may process personal data outside the UK. Where this occurs, we take reasonable steps to ensure appropriate safeguards are used, such as adequacy regulations, standard contractual clauses, or equivalent lawful transfer mechanisms.

9. Data Retention

We retain personal data only as long as necessary for the purposes described in this policy, including legal, accounting, or reporting requirements. Typical retention periods may include:

  • Enquiry data: up to 12 months after last contact, unless you become a client or request deletion earlier.

  • Client records and project communications: for the duration of the client relationship and for a reasonable period afterwards to meet legal, tax, and contractual requirements.

Retention may vary depending on the nature of the request and our legal obligations.

10. Your Rights

Under UK GDPR, you may have the right to:

  • Request access to your personal data (a “subject access request”).

  • Request rectification of inaccurate or incomplete data.

  • Request erasure of your personal data in certain circumstances.

  • Request restriction of processing in certain circumstances.

  • Object to processing based on legitimate interests, including objection to direct marketing.

  • Request data portability where processing is based on consent or contract and carried out by automated means.

  • Withdraw consent at any time where we rely on consent.

To exercise your rights, contact us at hello@brandox.agency. We may need to verify your identity before responding.

11. Complaints

If you have concerns about how we handle your personal data, you can contact us first and we will try to resolve the issue.

You also have the right to lodge a complaint with the UK supervisory authority:

Information Commissioner’s Office (ICO).

12. Children’s Privacy

Our website and services are not directed to children and we do not knowingly collect personal data from children.

13. Security

We implement appropriate technical and organisational measures to protect personal data. However, no online transmission is completely secure. You should ensure you use secure networks and keep your own devices protected.

14. Third-Party Links

Our website may include links to third-party websites. We are not responsible for the privacy practices of those websites. Please review their privacy policies before submitting information.

15. Updates to This Policy

We may update this Privacy Policy from time to time. The latest version will always be posted on this page with the “Last updated” date.