Legal
Privacy Policy
How we collect, use, store and protect personal data — and the rights you have over it. Written to be read, not to be survived.
Last updated: 1 July 2026
Who we are
The Content Marketing Agency Limited ("we", "us", "our") is a company registered in England and Wales. Our registered office and place of business is Origin 3, Genesis Office Park, Europarc, Grimsby, DN37 9TZ, England. We are the data controller for the personal data described in this policy.
You can contact us about anything in this policy by email at support@contentgrowthagency.org.
What this policy covers
This policy explains what personal data we collect through this website and through our work with clients, why we collect it, what we do with it, how long we keep it and what rights you have over it. It applies to visitors to this website, people who contact us, subscribers to our newsletter, clients and job applicants.
It does not cover other websites we link to. When you follow a link away from this site, that organisation's own privacy policy applies.
The data we collect
We collect only what we need. In practice that means:
Data you give us
- Enquiry and consultation forms. Your name, work email address, company name, telephone number if you provide it, the service you are interested in, an indicative budget if you choose to share one, and whatever you write in the message field.
- Newsletter signup. Your email address, and your name if you provide it.
- Guide and resource requests. Your name, email address and which resource you asked for.
- Data requests. The information needed to identify you and act on the request.
- Job applications. Your CV, covering message and anything else you choose to send us.
Data we collect automatically
- Analytics data, but only if you consent to analytics cookies. This is page-level, aggregated and does not identify you by name. If you decline, we do not set analytics cookies and we do not collect this data.
- Server logs. Our hosting provider records standard technical information — IP address, browser type, time of request — for security and to keep the service running. These are retained for a short period and are not used for marketing.
Data we do not collect
We do not run advertising or retargeting pixels on this website. We do not build advertising profiles. We do not buy personal data from third parties, and we do not use purchased or scraped contact lists.
Why we use your data, and our lawful basis
Under UK GDPR we must have a lawful basis for each use of your data. Ours are as follows.
| What we do | Why | Lawful basis |
|---|---|---|
| Respond to your enquiry | To answer your question and, if relevant, prepare a proposal | Legitimate interests; steps prior to entering a contract |
| Deliver client work | To perform the engagement you have contracted us for | Performance of a contract |
| Send the newsletter | To send you the content you asked for | Consent (withdrawable at any time) |
| Send a requested guide | To deliver what you asked for, plus one follow-up asking whether it was useful | Consent |
| Analytics | To understand which pages are useful and improve the site | Consent (via the cookie banner) |
| Keep records and accounts | To meet our legal and tax obligations | Legal obligation |
| Recruitment | To assess your application | Legitimate interests; steps prior to entering a contract |
| Site security | To protect the site from abuse and spam | Legitimate interests |
Where we rely on legitimate interests, we have considered whether our interest is overridden by your rights, and we have concluded that responding to an enquiry you sent us, and keeping our site secure, are things you would reasonably expect. You can object to processing based on legitimate interests at any time.
How long we keep it
| Data | Retention period |
|---|---|
| Enquiries that do not become clients | 24 months, then deleted |
| Client records and deliverables | 7 years after the engagement ends (accounting and legal requirements) |
| Newsletter subscribers | Until you unsubscribe, plus a suppression record so we do not email you again |
| Guide requests | 12 months |
| Unsuccessful job applications | 6 months, unless you ask us to keep them longer |
| Analytics data | 14 months, aggregated |
| Server logs | 30 days |
Who we share it with
We do not sell your personal data. We do not share it with advertisers. We do not trade contact lists.
We do use a small number of service providers who process data on our behalf under a written agreement. These currently include our website host, our email service provider, our analytics provider and our accountants. Each is bound to use the data only for the purpose we specify.
We may also disclose data where we are legally required to do so — for example in response to a valid request from a regulator, or where necessary to establish or defend a legal claim.
International transfers
Some of our service providers are based outside the UK. Where personal data is transferred outside the UK, we rely on either an adequacy decision by the UK government or the International Data Transfer Agreement (or the UK Addendum to the EU Standard Contractual Clauses), together with a transfer risk assessment. You may ask us for details of the safeguards in place for any specific transfer.
Your rights
Under UK GDPR you have the right to:
- Access the personal data we hold about you, and receive a copy of it.
- Rectification — have inaccurate data corrected.
- Erasure — have your data deleted, where there is no overriding reason for us to keep it.
- Restriction — ask us to stop processing your data while a dispute is resolved.
- Portability — receive your data in a structured, commonly used, machine-readable format.
- Objection — object to processing based on legitimate interests, and to direct marketing at any time.
- Withdraw consent — where we rely on consent, you can withdraw it at any time without affecting processing carried out before you withdrew.
Use our Data Request form or email support@contentgrowthagency.org. We acknowledge requests within five working days and respond in full within one month. There is no charge.
If you are unhappy with our response you can complain to the Information Commissioner's Office at ico.org.uk. We would ask you to raise it with us first, so that we have a chance to put it right.
Security
We use encryption in transit (HTTPS), access controls, and the principle of least privilege — people on our team have access only to the data they need to do their job. Client system access is named, time-limited and revocable by you at any time.
No system is perfectly secure. If a personal data breach occurs that is likely to result in a risk to your rights and freedoms, we will notify the ICO within 72 hours and, where the risk is high, we will tell you directly and without undue delay.
Children
This website and our services are directed at businesses and are not intended for children. We do not knowingly collect personal data from anyone under 18. If you believe we have done so, contact us and we will delete it.
Changes to this policy
We may update this policy from time to time. The date at the top of the page tells you when it last changed. Where a change materially affects how we use data you have already given us, we will tell you directly rather than relying on you to notice.
Contact us about this policy
If you have a question about this document, write to us at support@contentgrowthagency.org or by post at The Content Marketing Agency Limited, Origin 3, Genesis Office Park, Europarc, Grimsby, DN37 9TZ, England. We reply to every enquiry within one working day.