Our Privacy Policy
Last updated: 29 September 2025
1. Introduction & Who We Are
Magenta MAD (“we”, “us”, “our”) is a marketing agency based in the United Kingdom. We are the data controller in respect of your personal data, unless otherwise stated.
This policy describes how we collect, use, share, transfer, and protect personal data in connection with our services, website, marketing, and client work, and your rights in relation to that data, in accordance with UK GDPR and the Data Protection Act 2018.
If you have any questions or concerns about data protection, or if you don’t want us to process your data anymore, please contact our Data Protection Contact:
Jayde Pope, Director of Magenta Marketing And Design Ltd
Email: jayde@magentamad.uk
2. Scope & Definitions
Personal data (or “personal information”) means any information relating to an identified or identifiable natural person.
Processing means any operation performed on personal data (collection, use, storage, disclosure, etc.).
Special category data means race, ethnic origin, political opinions, religious beliefs, trade union membership, genetic/biometric data, health, sexual orientation.
This policy applies to:
-
Visitors, users, leads, and potential customers interacting with our website and marketing (e.g. via contact forms, subscriptions)
-
Clients, prospects, suppliers, contractors, employees (as applicable)
-
Data collected automatically (via cookies, analytics)
-
Data shared with or processed by third parties on our behalf
We do not intentionally collect or process special category data unless explicitly stated and only with appropriate safeguards.
3. What Personal Data We Collect & How
3.1 Data You Provide
-
Contact information: name, email address, phone number (if you submit forms or contact us)
-
Business information: company name, job title, business address
-
Marketing preferences (e.g. whether you consent to receive newsletters)
-
Content you submit: messages, feedback, uploads
3.2 Data Collected Automatically
IP address, browser type/version, device identifiers
Referrer URL, pages viewed, time & date stamps, clickstream, interaction data
Analytics data (via Google Analytics, HubSpot)
Cookies and similar tracking technologies
3.3 Data from Third Parties
-
From your public social media profiles (if you connect them)
-
From third-party lead generation or enrichment services
-
From our integrations (e.g. when you subscribe via Mailchimp or HubSpot)
4. Legal Basis for Processing (UK GDPR Article 6)
We rely on one or more of the following lawful bases, depending on the context of the processing:
Processing Activity | Lawful Basis |
|---|---|
Complying with legal obligations (e.g. record keeping, tax) | Legal obligation |
Internal business administration, security, fraud prevention | Legitimate interests |
Legitimate marketing to existing clients or contacts | Legitimate interests (when balanced with your rights) |
Sending marketing emails/newsletters (where you have opted in) | Consent |
Providing you with requested services, responding to enquiries | Performance of a contract / taking steps before contract |
If we ever process special category data, we will rely on appropriate additional conditions (e.g. explicit consent or employment-related exceptions).
You have the right to withdraw consent where processing is based on consent; this will not affect processing based on other lawful bases.
5. How We Use Personal Data
We use personal data for purposes including (but not limited to):
-
Responding to enquiries, providing services, and fulfilling contracts
-
Sending newsletters, marketing campaigns, promotional materials
-
Analytics, monitoring website usage and performance
-
Optimising and personalising content and user experience
-
CRM and client relationship management (via HubSpot etc.)
-
Fraud prevention, security, billing, record keeping
-
Meeting legal, tax, audit, and regulatory obligations
6. Sharing / Disclosing Personal Data
We may share your data with:
Third-party service providers / processors, including:
-
Website hosting and CMS (Wix)
-
Analytics providers (Google Analytics)
-
Email marketing / automation (Mailchimp, HubSpot)
-
CRM platforms (HubSpot)
-
Advertising networks and other marketing partners
-
Payment and billing providers, if relevant
-
Professional advisors (legal, accounting, auditing)
-
Law enforcement, regulators, or courts, if legally required or to protect rights
-
Acquirers / successor entities, in the event of merger, sale, or reorganisation
Whenever we engage a third-party processor, we ensure there is a data processing agreement in place requiring compliance with data protection law and requiring them to implement appropriate security measures.
7. International Transfers of Personal Data
Because we use some third-party tools and services based (or with servers) outside the UK/EEA, data may be transferred to countries without an “adequacy decision.” We take the following safeguards:
-
Wix may store and process data in data centres located in the United States, Ireland, and elsewhere. Wix uses Standard Contractual Clauses (SCCs) or other legal mechanisms for transfers outside adequacy territories.
-
Mailchimp commits to transferring and processing European / UK data under SCCs and under the EU-U.S and UK Data Privacy Framework as applicable.
Where applicable, we put in place SCCs and additional technical, organisational safeguards to ensure an adequate level of protection.
We will inform you about the risks of transfers to third countries and your rights in respect of such transfers, on request.
8. Data Security & Breach Response
We implement appropriate technical and organisational measures to protect personal data against unauthorised or unlawful processing, and against accidental loss, destruction, or damage.
Examples of security measures include:
-
Encryption in transit (TLS) and at rest
-
Access controls and authentication mechanisms
-
Regular security testing, vulnerability scanning, monitoring
-
Segregation of data, logging, audit trails
-
Incident response plans and disaster recovery
If a personal data breach occurs that is likely to result in a risk to individuals’ rights and freedoms, we will notify the UK Information Commissioner’s Office (ICO) within 72 hours (unless the breach is unlikely to result in risk), and communicate the breach to affected individuals as required by law.
9. Data Storage & Retention
Our company is hosted on the Wix.com platform. Wix.com provides us with the online platform that allows us to sell our products and services to you. Your data may be stored through Wix.com’s data storage, databases and the general Wix.com applications. They store your data on secure servers behind a firewall.
All direct payment gateways offered by Wix.com and used by our company adhere to the standards set by PCI-DSS as managed by the PCI Security Standards Council, which is a joint effort of brands like Visa, MasterCard, American Express and Discover. PCI-DSS requirements help ensure the secure handling of credit card information by our store and its service providers.
We retain personal data for no longer than necessary for the purposes for which it was processed, including to satisfy legal, accounting, or reporting requirements.
Typical retention periods:
-
Marketing contacts and subscribers: up to 3–5 years (unless unsubscribed)
-
Client and project records: 6 years (for legal / tax audits)
-
Inactive leads: 2 years
-
Analytics / log data: anonymised or aggregated after 1–2 years
When data is no longer needed, we securely delete or anonymise it.
10. Your Rights
Under UK GDPR, you have the following rights (where applicable):
-
Right to access your personal data
-
Right to correct inaccurate or incomplete data
-
Right to erase (right to be forgotten)
-
Right to restrict processing
-
Right to data portability
-
Right to object to processing (including marketing)
-
Right to withdraw consent (for processing based on consent)
-
Right to complain to the ICO or other supervisory authority
To invoke any of these rights, please contact us using the contact details above. We will respond without undue delay and in any event within one month (or, if more complex, up to three months, with explanation).
11. Cookies, Tracking & Similar Technologies
We use cookies, pixels, tags, and other tracking technologies to collect and store information.
Cookie name | Purpose | Duration | Cookie Type |
|---|---|---|---|
google-analytics | Helps us understand user behavior, improve site content and user experience, and track website traffic. | 2 years | Opt-in |
client-session-bind | Cookie for API protection | Session | Essential |
server-session-bind | Cookie for API protection | Session | Essential |
_wixAB3|* | Cookie for site experiments | 6 months | Essential |
fedops.logger.sessionId | Tracking session errors and issues (resilience) | 12 months | Essential |
bSession | Used for system effectiveness measurement | 24 hours | Essential |
SSR-caching | Performance cookie for rendering | 24 hours | Essential |
TS* | Cookies for attack detection | Session | Essential |
svSession | Session cookie for identification | 12 months | Essential |
hs | Security Cookie for Hive (legacy) | Session | Essential |
XSRF-TOKEN | Cookie for fraud detection of calls | Session
| Essential |
We show a cookie consent banner that lets users accept or reject non-essential cookies, and allows granular choice. You can also disable cookies via browser settings, but that may affect site functionality.
The following links explain how to access cookie settings in various browsers:
To opt out of being tracked by Google Analytics across all websites, visit this link: http://tools.google.com/dlpage/gaoptout.
12. Children’s Data
Our website is not directed at children (under 16). We do not knowingly collect personal data from children. If you believe we have inadvertently collected data from a child, please contact us and we will delete it.
13. Changes to This Policy
We reserve the right to modify this privacy policy at any time, so please review it frequently. Changes and clarifications will take effect immediately upon their posting on the website. If we make material changes to this policy, we will notify you here that it has been updated, so that you are aware of what information we collect, how we use it, and under what circumstances, if any, we use and/or disclose it.
14. Jurisdiction & Governing Law
This policy is governed by the laws of England and Wales. Any dispute arising out of or relating to this policy or our processing activities will be subject to the jurisdiction of the courts of England.