Privacy Policy

Last updated: 15 August 2025

 

Who we are
Boof Digital (“we”, “us”, “our”) is a UK-based digital agency and technology services provider headquartered in Manchester. We design, build and secure digital products and provide ongoing technology, creative and marketing services.

 

Contact us:
Boof Digital
Manchester M40 8EF, UK
Phone: +44 7300 828129
Email: support@boofdigital.com

 

1. Introduction

We respect your privacy and are committed to protecting your personal data. This policy explains what personal data we collect, why we collect it, how we use it, who we share it with, and the rights you have regarding your data.

This policy applies to personal data we process in connection with our websites, services, client engagements, recruitment, marketing and support.

 

2. Personal data we collect

We may collect and process the following personal data depending on the context:

Contact & identity data

• • Name, job title, organisation, postal address, email address, phone number.

Credentials & account data

• • Login details, usernames and passwords (securely stored).

Communications

• • Enquiries, messages, support tickets, meeting notes, call recordings where applicable.

Transaction & contract data

• • Contract details, billing and invoicing information, payment receipts.

Usage & technical data

• • IP address, device data, browser type, pages viewed, referring site, time on site, analytics data.

Marketing data

• • Communication preferences, interests, consent records.

Client project data

• • Project briefs, files, designs, deliverables and any personal data included in client materials (processed under contract).

Recruitment data

• • CVs, portfolios, interview notes and references from job applicants.

Special categories

• • We do not routinely collect special category data (e.g., health, race, religion). If ever required, we will ask for explicit consent or rely on a legal basis permitting such processing.

 

3. How we collect personal data

• • Directly from you (via contact forms, emails, calls, proposals, client onboarding).

• • From your organisation or authorised third parties (e.g., referrals, partner introductions).

• • Automatically via our website (cookies and analytics).

• • From public sources and professional networks (for business development and recruitment).

4. Why we process personal data (purposes)

We process personal data for the following purposes:

• • To respond to enquiries, provide proposals and deliver services.

• • To perform our contract with you (project delivery, billing, support).

• • To manage client relationships and communications.

• • To run and improve our website and services (analytics, performance, product improvement).

• • To send marketing and promotional communications where permitted.

• • To recruit and manage job applicants.

• • To comply with legal and regulatory obligations (tax records, legal claims).

• • To protect our business and ensure security (fraud prevention, incident response).

5. Lawful basis for processing

Under UK GDPR, our lawful bases include:

• • Performance of a contract: to deliver services you have requested.

• • Legal obligation: to comply with laws, e.g., tax and accounting.

• • Legitimate interests: for business development, fraud prevention, service improvement, and security (we balance these interests against your rights).

• • Consent: where we ask for explicit consent (e.g., marketing emails, newsletters). You can withdraw consent at any time.

 

6. Cookies and similar technologies

We use cookies and similar technologies to operate the site, analyse usage, and serve relevant content. Cookies fall into categories:

• • Essential cookies: required for site functionality.

• • Performance & analytics cookies: track usage and help us improve the site.

• • Functional cookies: remember preferences.

• • Marketing cookies: deliver personalised advertising and track campaign performance.

You can manage cookie preferences via your browser or our cookie banner/settings. For more details, see our Cookie Policy (linkable page).

 

7. Sharing personal data (recipients)

We may share personal data with:

• • Service providers / processors: hosting providers, email platforms, analytics, payment processors, CRM systems, and other suppliers who support our operations.

• • Professional advisers: legal, finance, or other professional advisors when necessary.

• • Subcontractors: partners working on projects (e.g., freelancers, agencies) under contract and confidentiality obligations.

• • Legal & regulatory authorities: if required by law or to protect our rights.

We require third parties to use appropriate safeguards and process data in accordance with applicable data protection laws.

 

8. International transfers

Some processing may involve transferring data outside the UK (for example, to cloud providers or service partners). When we do so, we ensure appropriate safeguards such as: adequacy decisions, Standard Contractual Clauses (SCCs), or other lawful transfer mechanisms to protect your personal data.

 

9. Data retention

We retain personal data only as long as necessary for the purposes set out above, and to comply with legal, tax and accounting obligations.

Typical retention periods (examples):

• • Sales & client records: up to 7 years after contract end (for accounting/tax and legal purposes).

• • Leads & marketing data: up to 2 years from last interaction unless you opt in to further contact.

• • Support tickets & correspondence: 1–3 years depending on relevance.

• • Recruitment data: up to 6 months after application (unless longer retention is agreed).

• • Analytics & logs: retention periods are defined by the analytics provider; aggregated/anonymised data may be kept longer.

If you ask us to delete your data and there is no overriding legal requirement to retain it, we will delete or anonymise it within a reasonable period.

 

10. Security measures

We implement appropriate technical and organisational measures to protect personal data, including encryption in transit, access controls, secure development practices, regular security testing, and staff training. While we work to protect your data, no internet transmission is 100% secure – we cannot guarantee absolute security.

 

11. Your rights

Subject to applicable law, you have the right to:

• • Access the personal data we hold about you.

• • Rectify inaccurate or incomplete data.

• • Erase your personal data (right to be forgotten) where legally permitted.

• • Restrict processing in certain circumstances.

• • Object to processing for direct marketing or where we rely on legitimate interests.

• • Data portability: receive your data in a structured, commonly used format where technically feasible.

• • Withdraw consent at any time when processing is based on consent.

To exercise any right, contact us at support@boofdigital.com. We may ask for information to verify your identity. We will respond within statutory timeframes.

If you remain unsatisfied after contacting us, you have the right to lodge a complaint with the UK Information Commissioner’s Office (ICO) – www.ico.org.uk.

 

12. Marketing communications & opt-out

We only send marketing emails where you have given consent or where we reasonably consider there is a legitimate interest (e.g., existing client communications). Every marketing email includes an unsubscribe link. You can also contact support@boofdigital.com to opt out.

 

13. Children

Our services are not targeted at children under 16. We do not knowingly collect personal data from children. If you believe we have collected data from a child, please contact us and we will promptly delete it where appropriate.

 

14. Data breaches

If a personal data breach is likely to result in a risk to rights and freedoms, we will notify the ICO and affected individuals in accordance with legal requirements and our internal breach response plan.

 

15. Third-party links

Our website may link to third-party sites. This policy does not apply to external websites; please review their privacy policies before providing personal data.

 

16. Changes to this policy

We may update this policy to reflect changes in law, technology, or business practices. When we make material changes we will post a prominent notice and update the “Last updated” date above.

 

17. Contact us

If you have questions, want to exercise your rights, or need further information about our privacy practices, contact:

Boof Digital
support@boofdigital.com
+44 7300 828129
Manchester M40 8EF, UK

 

18. Legal disclaimer

This policy explains our privacy practices and is not legal advice. For legal advice tailored to your organisation’s circumstances, please consult a qualified legal professional.