Legal
Privacy Policy
How Cowaty collects, uses, and protects your personal data.
Last updated: 19 April 2025
This Privacy Policy explains how Cowaty ("we", "us", "our") collects, uses, stores, and protects personal data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
Data Controller: Cowaty, 71-75 Shelton Street, Covent Garden, London, WC2H 9JQ, United Kingdom.
For data protection enquiries, contact us at: hello@cowaty.com
1. Information We Collect
We may collect the following categories of personal data:
- Contact information: name, email address, phone number, and any other information you provide when contacting us via email or WhatsApp.
- Business information: company name, job title, and business requirements shared during enquiries.
- Communications: records of correspondence between you and Cowaty.
- Technical data: IP address, browser type, device information, pages visited, and time spent on the site (collected via server logs and, when consented to, analytics tools).
- Cookies: see our Cookie Policy for full details.
2. How We Collect Your Data
We collect personal data in the following ways:
- When you contact us by email or WhatsApp.
- When you visit our website (technical and cookie data).
- When you send us a CV or career enquiry.
- Through our clients' accounts and systems when we provide digital marketing services on their behalf.
3. Legal Basis for Processing
We process your personal data on the following legal bases:
- Legitimate interests: to respond to enquiries, manage client relationships, and improve our services — where these interests are not overridden by your rights.
- Contract performance: to fulfil our contractual obligations where you are a client or supplier.
- Legal obligation: where processing is required to comply with applicable law.
- Consent: for non-essential cookies and marketing communications where we have sought and obtained your consent.
4. How We Use Your Data
We use your personal data to:
- Respond to enquiries and provide the services you have requested.
- Manage and deliver client campaigns and digital marketing services.
- Process job applications and assess candidates for roles.
- Maintain our business records and comply with legal obligations.
- Analyse website performance and improve user experience (where cookies are consented to).
- Send service-related communications (not marketing without consent).
5. Data Sharing
We do not sell your personal data. We may share data with trusted third parties only where necessary to deliver our services, including:
- Cloud hosting and infrastructure providers.
- Analytics and advertising platforms (e.g. Google, Meta) when used on behalf of clients with appropriate consent mechanisms in place.
- Professional advisers (legal, accounting) under obligations of confidentiality.
- Regulatory or law enforcement authorities where required by law.
All third-party processors are subject to appropriate data processing agreements and are required to handle data in compliance with UK GDPR.
6. International Transfers
Some of our service providers are based outside the UK. Where we transfer personal data internationally, we ensure appropriate safeguards are in place, including Standard Contractual Clauses or adequacy decisions recognised under UK law.
7. Data Retention
We retain personal data only for as long as necessary:
- Client data: for the duration of the contract plus 7 years for legal and accounting purposes.
- Enquiry data: up to 2 years if no contract is entered into.
- Job application data: up to 12 months if unsuccessful.
- Website analytics: as configured per the analytics tool's retention settings.
8. Your Rights
Under UK GDPR, you have the following rights regarding your personal data:
- Access: request a copy of the personal data we hold about you.
- Rectification: request correction of inaccurate or incomplete data.
- Erasure: request deletion of your data where there is no lawful reason to retain it.
- Restriction: request that we limit how we use your data.
- Portability: receive your data in a structured, machine-readable format.
- Object: object to processing based on legitimate interests.
- Withdraw consent: where processing is based on consent, you may withdraw it at any time.
To exercise any of these rights, contact us at hello@cowaty.com. We will respond within 30 days.
You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.
9. Security
We implement appropriate technical and organisational measures to protect your personal data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure, or access. Our website is served over HTTPS. Access to personal data is restricted to authorised personnel only.
10. Children's Privacy
Our website and services are not directed at children under the age of 16. We do not knowingly collect personal data from children. If you believe we have inadvertently collected such data, please contact us immediately.
11. Links to Third-Party Sites
Our website may contain links to third-party websites. This Privacy Policy does not apply to those sites. We encourage you to review the privacy policies of any external sites you visit.
12. Changes to This Policy
We may update this Privacy Policy from time to time. The most current version will always be published at cowaty.com/privacy-policy. Material changes will be communicated where required by law.