Data Protection

This Data Protection Policy outlines how BR Media LTD, trading as Your Marketing Partners ("we", "our", "us"), collects, processes, stores, and protects personal data.

We are committed to ensuring that all personal data is handled in compliance with:

• UK General Data Protection Regulation (UK GDPR)
• Data Protection Act 2018
• Any other applicable data protection laws

This policy applies to all individuals whose data we process, including:

• Customers and clients
• Prospective clients and leads
• Affiliates and partners
• Contractors and employees
• Website users and platform users

This policy exists to ensure that we:

• Comply with all applicable data protection laws
• Protect the rights of individuals whose data we process
• Maintain transparency in how data is handled
• Implement best practices in data security and governance
• Protect the business from data breaches, misuse, and legal risk

We adhere to the core principles of UK GDPR. Personal data must be:

• Processed lawfully, fairly, and transparently
• Collected for specified, explicit, and legitimate purposes
• Adequate, relevant, and limited to what is necessary
• Accurate and kept up to date
• Retained only as long as necessary
• Processed in a manner that ensures appropriate security
• Not transferred outside approved jurisdictions without safeguards

Personal data means any information relating to an identifiable individual, including:

• Name, email, phone number
• Business and billing information
• IP address and device data
• Platform usage and behavioural data

Processing includes collecting, storing, using, sharing, or deleting data.

Note: We do not intentionally process "special category data" (e.g. health, ethnicity, political views). If such data is received, it will only be processed where lawful and necessary.

We only process personal data where a lawful basis exists, including:

• Contractual necessity – delivering services to clients
• Legitimate interests – improving services, marketing, and operations
• Consent – for marketing and certain tracking activities
• Legal obligation – compliance with applicable laws

We collect personal data through:

We use personal data to:

• Deliver and manage services
• Process payments and contracts
• Provide support and communication
• Improve products, services, and user experience
• Analyse behaviour and optimise marketing
• Run advertising and retargeting campaigns
• Maintain internal records and reporting
• Comply with legal obligations

We will only use personal data for the purpose it was collected unless legally permitted otherwise.

We do not sell personal data.

We may share data with trusted third parties where necessary, including:

• Payment processors (e.g. Stripe)
• CRM and communication tools (e.g. Pipedrive, Slack)
• Email marketing platforms
• Advertising platforms (Meta, Google, etc.)
• Analytics and attribution tools
• Contractors and service providers

All third parties are required to:

• Process data securely
• Use data only for specified purposes
• Comply with data protection laws

Where data is transferred outside the UK (e.g. US-based tools), we ensure safeguards such as:

• Standard Contractual Clauses (SCCs)
• Transfers to countries with adequacy decisions

We retain personal data only for as long as necessary to:

• Fulfil contractual obligations
• Comply with legal and tax requirements
• Resolve disputes and enforce agreements

Data that is no longer required is securely deleted or anonymised.

Individuals have the following rights:

• Right to access their data
• Right to correct inaccurate data
• Right to request deletion
• Right to restrict processing
• Right to object to processing
• Right to data portability
• Right to withdraw consent

Requests can be made via:

We will respond within the legally required timeframe.

We implement appropriate technical and organisational measures, including:

• Access controls and role-based permissions
• Secure cloud infrastructure
• Encryption where appropriate
• Secure data storage and backups
• Regular monitoring and system controls

Despite this, no system is completely secure, and we cannot guarantee absolute protection.

We enforce strict internal controls:

• Access to data is limited to authorised personnel only
• Staff are required to maintain confidentiality
• Data minimisation principles are applied
• Data is only accessed when necessary for role-specific tasks

In the event of a data breach, we will:

• Investigate and contain the breach immediately
• Notify affected individuals where required
• Report to the Information Commissioner's Office (ICO) where legally required
• Take corrective action to prevent recurrence

Where we use third-party processors, we ensure:

• Appropriate contracts are in place
• Data is processed securely
• Compliance with UK GDPR is maintained

Individuals may request access to their personal data. We will:

• Verify identity before releasing data
• Provide data within legal timeframes
• Refuse or limit requests where legally permitted

We reserve the right to update this policy at any time.

Any material changes will be communicated via:

• Website updates
• Email notifications (where appropriate)

For any data protection queries:

You also have the right to lodge a complaint with the Information Commissioner's Office (ICO).