Privacy Policy

Last updated: 22 June 2025

1. Background

1.1 This notice (Privacy Notice) tells you how we look after your personal data when you visit our website at: www.cityfolkdigital.com (Website), when you contact us through our forms, or when we engage with you as a prospective or existing client, or another type of business contact, such as a supplier or service provider to our business.

1.2 This notice sets out what information we collect about you, what we use it for, and whom we share it with. It also explains your rights under data protection laws and what to do if you have any concerns about your personal data.

1.3 We may sometimes need to update this Privacy Notice, to reflect any changes to the way our services are provided or to comply with new business practices or legal requirements. You should check this Privacy Notice regularly to see whether any changes have occurred.

2. Who We Are and other important information

2.1 We are City Folk Digital Limited, registered in England and Wales with company number 12770893 with our registered address at 68 Parbrook Road, Liverpool, L36 3XE (we, us or our).

2.2 For all visitors to our Website and for individuals who engage with us, we are the controller of your personal data (which means we decide what personal data we collect and how it is used).

3. Contact details

3.1 If you have any questions about this Privacy Notice or the way that we use personal data, please get in touch using the following details:
Email address: enquire@cityfolkdigital.com
Postal address: 68 Parbrook Road, Liverpool, L36 3XE

4. The information we collect about you

4.1 Personal data means any information which does (or could be used to) identify a living person. We have grouped together the types of personal data that we collect, and where we receive it from, below.

4.2 Types of personal data we collect:

  • Contact Data: Your name, email address, and any contact information you provide through our contact forms or other direct communications.
  • Query Data: Information and details you provide when submitting a query via our contact form about what you wish to discuss.
  • Website Usage Data: Information about your interaction with our Website, including your IP address, browser type, operating system, referring URLs, pages viewed, and the time spent on our Website. This data is collected automatically through Google Analytics and Google Search Console, which use cookies and similar tracking technologies.
  • Marketing and Communication Data: Includes your preferences in receiving marketing from us and your communication preferences (e.g., if you subscribe to our future email newsletter).
  • Client Management Data: If you become a client, we may collect data necessary to manage our relationship, track interactions, and streamline service delivery within a CRM system.

4.3 Please note that we do not collect any payment card data or similar data relating to your method of payment directly on our website. If we were to facilitate payments in the future, you would provide this data directly to a secure third-party payment processor. We would only receive and process information about the timing and amount of your payment.

5. How we use your information

5.1 We are required to identify a legal justification (also known as a lawful basis) for collecting and using your personal data. There are six legal justifications which organisations can rely on. The most relevant of these to us are where we use your personal data to:

  • fulfil our contract with you or take steps before entering a contract;
  • comply with a legal obligation that we have;
  • do something for which you have given your consent; or
  • pursue our legitimate interests where they do not override your rights and freedoms.

5.2 Below is set out the lawful basis we rely on when we use your personal data. If we intend to use your personal data for a new reason that is not listed below, we will update our Privacy Notice.

5.2.1 Legitimate Interests

We process personal data where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests. Our legitimate interests include:

  • Responding to Queries: To respond to your inquiries submitted via our contact form, manage communications, and provide information about our services.
  • Website Improvement: To analyse website usage patterns via tools like Google Analytics and Google Search Console to understand how our website is used and to continuously improve its performance, content, and user experience.
  • Business Operations and Relationship Management: To manage our client relationships effectively, streamline internal processes, and for general business administration within a CRM system.

5.2.2 Consent

We process personal data where you have given your clear consent for a specific purpose.

  • Website Usage Data (Analytics): We use cookies and similar tracking technologies for analytics purposes (e.g., Google Analytics, Google Search Console) only after obtaining your explicit consent via our cookie banner.
  • Email Marketing: To send you newsletters, promotional materials, and updates about our services and learning content if you have explicitly subscribed to our mailing list.

5.2.3 Performance of a Contract (Applicable when you become a client)

We process personal data where it is necessary for the performance of a contract to which you are a party, or to take steps at your request before entering into such a contract.

  • To administer or perform any contract we have with you for training services or other offerings.
  • To send you necessary updates about services you have purchased (e.g., confirmation of online training access, course materials).

5.2.4 Legal Obligation

We process personal data where it is necessary for compliance with a legal obligation that we are subject to.

  • Record Keeping: To maintain records required by law (e.g., tax, accounting, or consumer protection regulations).
  • Compliance: To record your preferences (e.g., marketing opt-out) to ensure that we comply with data protection laws.
  • Legal Claims: Where we retain information to enable us to bring or defend legal claims.

5.3 Where we need to collect your personal data (for example, in order to fulfil a contract we have with you or respond to a query), failure to provide us with the necessary personal data may mean that we are not able to provide you with the services or information requested. Where we do not have the information required about you to fulfil an order or respond effectively, we may have to decline or cancel the service/request.

5.4 We may anonymise the personal data we collect (so it can no longer identify you) and then combine it with other anonymous information so it becomes aggregated data. Aggregated data helps us identify trends (e.g., what percentage of users responded to a specific survey, or overall website traffic patterns). Data protection law does not govern the use of aggregated data and the various rights described below do not apply to it.

6. Who we share your information with

6.1 We share (or may share) your personal data with:

  • Our personnel: Our employees (or other types of workers) who have contracts containing confidentiality and data protection obligations and require access to perform their duties.
  • Our supply chain: Other organisations that help us provide and support our Website and future services. These include web hosting providers, and CRM and email marketing platform providers. We ensure these organisations only have access to the information required for them to provide the support we use them for and have a contract with them that contains confidentiality and data protection obligations.
  • Our professional advisers: Such as our accountants or legal advisors where we require specialist advice to help us conduct our business.
  • Any actual or potential buyer of our business: In the event of a merger, acquisition, or sale of all or a portion of our assets, your personal data may be transferred to the acquiring entity.
  • Analytics Providers: Google (for Google Analytics and Google Search Console) to help us understand website usage and improve our services.
  • Marketing Material Recipients: Aggregated data (which cannot identify you personally) may be included in marketing materials we provide to potential clients or partners.

6.2 If we were asked to provide personal data in response to a court order or legal request (e.g., from law enforcement), we would seek legal advice before disclosing any information and carefully consider the impact on your rights when providing a response.

7. How we keep your information safe

7.1 We have implemented robust security measures to prevent your personal data from being accidentally or illegally lost, used, or accessed by those who do not have permission. These measures include:

  • SSL Certificate: Ensuring secure, encrypted connections for all data transmission to and from our Website.
  • Secure Hosting: Utilising reputable hosting services that provide high levels of physical and network security.
  • Password Protection: Implementing and enforcing strong password policies for all internal systems and accounts.
  • Limited Staff Access: Restricting access to your personal data to only those employees who have a legitimate business need to access it, and only for the purposes outlined in this policy.
  • Regular Backups: Performing routine backups of our data to ensure resilience against data loss.

7.2 If there is an incident which has affected your personal data and we are the controller, we will notify the regulator and keep you informed (where required under data protection law).

7.3 If you notice any unusual activity on the Website or have any security concerns, please contact us at enquire@cityfolkdigital.com.

8. How long we keep your information

8.1 Where we act as the controller, we will only retain your personal data for as long as necessary to fulfil the purposes we collected it for.

8.2 To decide how long to keep personal data (also known as its retention period), we consider the volume, nature, and sensitivity of the personal data, the potential risk of harm to you if an incident were to happen, whether we require the personal data to achieve the purposes we have identified or whether we can achieve those purposes through other means (e.g., by using aggregated data instead), and any applicable legal requirements (e.g., minimum accounting records for HM Revenue & Customs).

8.3 We may keep Contact Data and Query Data from our contact forms for up to 12 months after the last interaction related to your query, unless it leads to a client relationship. If a client relationship is established, relevant data will be retained for the duration of that relationship and for a further period (typically up to seven years) as required for legal, accounting, or auditing purposes.

8.4 If you browse our Website, we keep Website Usage Data (Analytics) collected through our analytics tools (e.g., Google Analytics user and event data) for up to 14 months. Aggregated data that cannot identify you may be retained for longer periods.

8.5 If you have asked for information from us or you have subscribed to our future email mailing list, we will keep your Marketing and Communication Data until you ask us to stop contacting you. If you unsubscribe, your data will be deleted or anonymised within a reasonable period, typically up to 12-24 months, unless a legal obligation requires us to retain it for longer.

9. your legal rights

9.1 You have specific legal rights in relation to your personal data.

9.2 We can decide not to take any action in relation to a request where we have been unable to confirm your identity (this is one of our security processes to make sure we keep information safe) or if we feel the request is unfounded or excessive. Usually, there is no cost for exercising your data protection rights, but we may charge a fee where we decide to proceed with a request that we believe is unfounded or excessive. If this happens, we will always inform you in writing.

9.3 We will respond to your legal rights request without undue delay, but within one month of us receiving your request or confirming your identity (whichever is later). We may extend this deadline by two months if your request is complex or we have received multiple requests at once. If we need to extend the deadline, we will let you know and explain why we need the extension.9.4 We do not respond directly to requests which relate to personal data for which we act as the processor. In this situation, we forward your request to the relevant controller and await their instruction before we take any action.

9.5 If you wish to make any of the right requests listed below, you can reach us at enquire@cityfolkdigital.com.

9.6 Your rights include:

Complaints: If you are unhappy with the way we collect and use your personal data, you have the right to complain to the ICO or another relevant supervisory body. However, we hope that you will contact us at enquire@cityfolkdigital.com first so we can address your concerns.

Access: You must be told if your personal data is being used, and you can ask for a copy of your personal data as well as information about how we are using it to make sure we are abiding by the law.

Correction: You can ask us to correct your personal data if it is inaccurate or incomplete. We might need to verify the new information before we make any changes.

Deletion: You can ask us to delete or remove your personal data if there is no good reason for us to continue holding it or if you have asked us to stop using it (see below). If we think there is a good reason to keep the information you have asked us to delete (e.g., to comply with regulatory requirements), we will let you know and explain our decision.

Restriction: You can ask us to restrict how we use your personal data and temporarily limit the way we use it.

Objection: You can object to us using your personal data if you want us to stop using it. If we think there is a good reason for us to keep using the information, we will let you know and explain our decision.

Portability: You can ask us to send you or another organisation an electronic copy of your personal data.

10. When we send you marketing messages

10.1 If you have consented to receiving marketing messages from us, you can opt out of these at any time. Just let us know at enquire@cityfolkdigital.com.

10.2 We may market our services to prospective and existing business customers (Business-to-Business Marketing or B2B Marketing). We may send marketing communications to their staff via work contact details. If you are a member of staff and do not wish to receive B2B Marketing, please let us know at enquire@cityfolkdigital.com

10.3 Opting out of marketing will not affect our processing of your personal data in relation to any inquiry or order you have with us where we are required to use your personal data to respond to that inquiry or fulfil that order or provide you with certain essential service information.

Scroll to Top