LEGAL
Privacy Policy
Effective: 30 March 2026
Last updated: 30 March 2026
UK GDPR compliant
EC Stream Marketing & PR is committed to protecting your personal data and ensuring transparency in how it is collected, used, and safeguarded under UK GDPR and the Data Protection Act 2018.
CONTENT
- 01 Who we are
- 02 What personal data we collect
- 03 How and why we collect data
- 04 How we use and share data
- 05 International data transfers
- 06 Data retention
- 07 Your rights under UK GDPR
- 08 Data security
- 09 Cookies and tracking technologies
- 10 Automated decision-making & profiling
- 11 Children's data
- 12 Changes to this policy
- 13 Internal privacy practices
- 14 Contact us
SECTION 01
Who we are
EC Stream Marketing & PR (trading name of Marketing & PR Limited, company registration number to be inserted) is a strategic marketing and brand consultancy serving clients in hospitality, legal, and health-conscious F&B sectors.
| Contact | Details |
|---|---|
| Company name | EC Stream Marketing & PR (trading name of Marketing & PR Limited) |
| Company registration | To be inserted |
| Registered address | G01 Chadwick Court, 2 Jonzen Walk, London E14 6GS, United Kingdom |
| hello@ecmarketingpr.com | |
| Phone | 0330 043 1722 |
| Data Protection Officer | No formal DPO appointed. Privacy-related enquiries should be directed to the contact details above. |
| Supervisory authority | Information Commissioner's Office (ICO) — ico.org.uk / 0303 123 1113 |
SECTION 02
What personal data we collect
We may collect and process the following categories of personal data:
| Category | Examples |
|---|---|
| Contact Data | Full name, email address, phone number, company name, job title, postal address |
| Technical Data | IP address, browser type, device information, operating system, location data |
| Usage Data | Pages visited, time spent on website, click behaviour, referral sources |
| Marketing Data | Marketing preferences, engagement history, newsletter subscriptions, communication preferences |
| Transaction Data | Payment details (processed securely via third-party processors), invoice information |
| Special Category Data | Dietary requirements, health-related information (only for event planning, with explicit consent) |
| Third-Party Data | Information from LinkedIn, event partners, CRM platforms, or publicly available sources |
SECTION 03
How and Why We Collect Data
We collect and use personal data for the following purposes:
| Purpose | What we do | Lawful basis |
|---|---|---|
| Service Delivery | Provide marketing/PR consultancy, manage client relationships, onboarding | Contract necessity |
| Marketing Communications | Send Growth & Brandstream newsletter, campaign updates, promotional content | Consent (opt-in required) |
| Website Improvement | Analytics, user experience optimisation, A/B testing | Legitimate interests |
| Legal Compliance | Tax records, financial reporting, regulatory obligations | Legal obligation |
| Business Development | Prospecting, networking, follow-up communications | Legitimate interests |
| Event Management | Attendee registration, dietary requirements, networking preferences | Consent + Contract necessity |
Collection Methods
Direct input via website forms, email, phone, or contracts
Automated technologies (cookies, tracking pixels, analytics tools)
Third-party integrations (CRM systems, event platforms, social media)
Publicly available sources (LinkedIn, company directories)
SECTION 04
How and Why We Collect Data
How We Use Personal Data
Provide services and respond to inquiries
Send strategic insights, newsletters (Growth & Brandstream), and marketing updates
Analyse engagement patterns to improve content and offerings
Comply with legal and regulatory requirements
Prevent fraud and ensure security
Third-Party Data Sharing
We may share personal data with the following categories of recipients:
| Recipient type | Examples | Purpose |
|---|---|---|
| Email Marketing Platforms | Mailchimp, HubSpot, Squarespace Email | Newsletter distribution |
| Analytics Services | Google Analytics (with Consent Mode v2) | Website performance monitoring |
| CRM & Project Management | Asana, HubSpot CRM | Client relationship management |
| Event Management Tools | Eventbrite and other event platforms | Event registration and management |
| Payment Processors | Stripe, PayPal | Invoice and payment processing |
| Professional Advisors | Accountants, lawyers | Legal and tax compliance |
| Regulatory Authorities | HMRC, ICO | Legal obligations |
| Subcontractors & Freelancers | Designers, writers, consultants | Service delivery |
All third-party processors are bound by Data Processing Agreements (DPAs) ensuring UK GDPR compliance.
SECTION 05
International Data Transfers
Some of our service providers process data outside the UK and European Economic Area (EEA). When this occurs, we ensure appropriate safeguards are in place:
UK Adequacy Decisions: Countries deemed to have adequate data protection
International Data Transfer Agreements (IDTAs): UK-specific transfer mechanism
Standard Contractual Clauses (SCCs): EU/UK-approved contract terms
Vendor Compliance: Processors must meet UK GDPR-equivalent standards
You can request details of specific transfer mechanisms by contacting us.
SECTION 06
Data Retention
We retain personal data only for as long as necessary:
| Data type | Retention period | Reason |
|---|---|---|
| Newsletter Subscribers | Until consent is withdrawn + 3 months | Marketing compliance |
| Active Client Data | Duration of engagement + 7 years | Legal/tax requirements |
| Event Attendee Data | 12 months (unless otherwise agreed) | Event follow-up |
| Website Analytics | 26 months (Google Analytics default) | Analytics reporting |
| Inquiry Forms (no conversion) | 6 months | Business development |
| Breach Records | 3 years | ICO reporting compliance |
After retention periods expire, data is securely deleted or anonymised.
SECTION 07
Your Rights Under UK GDPR
You have the following rights regarding your personal data:
| Right | What it means | How to exercise |
|---|---|---|
| Right to be Informed | Know what data we hold and how we use it | Read this policy |
| Right of Access | Request a copy of your data | Email hello@ecmarketingpr.com |
| Right to Rectification | Correct inaccurate or incomplete data | Contact us with updates |
| Right to Erasure | Request deletion of your data | Submit written request |
| Right to Restrict Processing | Limit how we use your data | Submit written request |
| Right to Data Portability | Receive your data in a structured, machine-readable format | Email us |
| Right to Object | Object to processing including direct marketing | Use unsubscribe link or contact us |
| Automated Decision-Making | Not subject to solely automated decisions with legal effects | Contact us |
| Right to Complain | Lodge a complaint with the ICO | ico.org.uk |
Response Time: We will respond to all requests within one month (may extend to 3 months for complex requests).
No Fees: You will not be charged for exercising your rights unless requests are unfounded or excessive.
SECTION 08
Data Security
We implement robust technical and organisational measures to protect your data:
Encryption: SSL/TLS encryption for all website communications
Access Controls: Role-based permissions, multi-factor authentication
Secure Storage: Encrypted servers, cloud providers with UK GDPR compliance
Regular Audits: Security testing, vulnerability assessments
Staff Training: Annual data protection training for all team members
Breach Protocols: Incident response plan with 72-hour ICO reporting if required
Despite our efforts, no internet transmission is 100% secure. Please use caution when sharing sensitive information online.
SECTION 09
Cookies and Tracking Technologies
Our website uses cookies and similar technologies. For full details, see our separate
Essential Cookies: Required for website functionality (no consent needed)
Analytics Cookies: Google Analytics with Consent Mode v2 (consent required)
Marketing Cookies: Third-party advertising (consent required)
Preference Cookies: Remember your settings (consent required)
You can manage cookie preferences via our cookie consent banner or browser settings. Disabling non-essential cookies may affect website functionality.
Google Consent Mode v2: Mandatory for all UK/EEA traffic by 2026.
SECTION 10
Automated Decision-Making & Profiling
We do not use automated decision-making that produces legal or significantly affecting results. Any profiling (e.g., newsletter engagement analysis) is used solely to improve content relevance and can be objected to at any time.
SECTION 11
Children's Data
Our services are not directed at children under 18. We do not knowingly collect personal data from minors. If we become aware of such data, we will delete it promptly.
SECTION 12
Changes to This Policy
We may update this policy to reflect changes in law, business practices, or data processing activities.
Updates will be posted on this page with a revised "Last Updated" date
Significant changes will be communicated directly via email where appropriate
Continued use of our services after updates constitutes acceptance
SECTION 13
Internal Privacy Practices
We maintain internal policies (not publicly published) covering:
Employee and client data handling procedures
Secure access to systems and devices
Data deletion and disposal protocols
Incident reporting and breach response
Accountability and mandatory training for all team members
Records of Processing Activities (RoPA) as required by UK GDPR Article 30
QUESTIONS OR REQUESTS
Contact our Privacy Team
EC Stream, Marketing & PR Limited
International House, 64 Nile Street, London, N1 7SR
hello@marketingpr.com · 0330 043 1722