Get a Quote

Oxence

Ut enim ad minim veniam, quisdon nostrudoso exercita ullamco.

Social Links
Facebook-f Twitter Linkedin-in Behance

No products in the cart.

Privacy Policy

Legendary Ideas > Privacy Policy

Introduction

Legendary Ideas (“we,” “us,” “our,” or “the Company”), a distinguished digital marketing and design agency headquartered in London, United Kingdom, operates the website legendaryideas.co.uk, specializing in brand identity development, website design, print solutions, and comprehensive digital strategy services. This Privacy Policy serves as a foundational document that meticulously outlines the methods, purposes, and safeguards associated with the collection, processing, storage, and protection of your personal data. Our practices are rigorously aligned with the UK General Data Protection Regulation (GDPR), the Data Protection Act 2018, and other applicable legal frameworks, ensuring transparency, accountability, and respect for user rights. By accessing our website, submitting inquiries, or engaging our services, you acknowledge that you have thoroughly read, understood, and consented to the practices detailed herein. This policy operates in conjunction with our Terms & Conditions and governs all interactions, whether transactional, collaborative, or communicative, between you and Legendary Ideas.

Definitions

To eliminate ambiguity and foster clarity, we define key terms integral to this policy:

  • Personal Data refers to any information that directly or indirectly identifies you as an individual, encompassing but not limited to your name, email address, phone number, IP address, payment details, or even behavioral data such as browsing patterns.
  • Client Project Data includes proprietary materials shared with us for project execution, such as brand guidelines, logos, images, textual content, design mockups, and any creative assets integral to delivering tailored solutions.
  • Service Providers are trusted third-party entities that collaborate with us to enhance service delivery, including cloud hosting providers (e.g., Amazon Web Services), communication platforms (e.g., Zoho Mail), payment gateways (e.g., Stripe), and design tools (e.g., Adobe Creative Cloud).
  • Processing denotes any operation performed on personal data, spanning collection, storage, organization, modification, transmission, or deletion, whether automated or manual.
  • Consent signifies your explicit, informed, and voluntary agreement to the processing of your data for specified purposes, which can be withdrawn at any time without detriment.

Information We Collect

Our data collection practices are designed to balance service delivery, legal compliance, and user experience enhancement. We gather the following categories of data:

a. Personal Data

  1. Provided by You:
    • Contact Information: This includes your full name, professional email address, phone number, company name, job title, and physical address, submitted through inquiry forms, service agreements, or direct communications such as emails, phone calls, or video conferences.
    • Financial Details: Credit/debit card numbers, billing addresses, transaction histories, and invoice records, processed securely through PCI-DSS-compliant payment gateways like Stripe or PayPal, ensuring encryption during transmission and storage.
    • Project-Specific Data: Brand assets (e.g., logos in vector formats, Pantone color codes), textual content (e.g., website copy, product descriptions), multimedia files (e.g., high-resolution images, video clips), and design preferences (e.g., typography choices, layout guidelines) shared during collaborative phases.
    • Marketing Preferences: Your explicit opt-in/opt-out selections for newsletters, promotional campaigns, or industry updates, captured through subscription forms or preference centers.
  2. Automatically Collected:
    • Technical Metadata: This encompasses your IP address (masked or anonymized where possible), browser type (e.g., Chrome, Safari, Firefox), operating system (e.g., Windows, macOS, iOS), device type (e.g., smartphone, tablet, desktop), screen resolution, and language settings, collected to optimize website rendering and compatibility.
    • Behavioral Analytics: Data on pages visited, time spent per page, click-through rates, navigation paths, referral sources (e.g., Google Ads, social media platforms), session duration, and exit points, aggregated via tools like Google Analytics to refine user experience and content strategy.
    • Cookies and Tracking Technologies:
      • Essential Cookies: Session cookies (e.g., wordpress_logged_in) maintain login states for registered users, while persistent cookies (e.g., shopping cart identifiers) preserve transactional continuity.
      • Analytics Cookies: Tools like Google Analytics deploy cookies (e.g., _ga, _gid) to distinguish unique users, track demographics, and measure campaign efficacy.
      • Marketing Cookies: Platforms like Facebook Pixel and LinkedIn Insight Tag utilize cookies (e.g., _fbp, li_fat_id) to retarget ads, analyze conversion rates, and build audience segments based on user behavior.

b. Sensitive Data
We strictly avoid intentional collection of sensitive personal data as defined under GDPR, such as racial/ethnic origin, religious beliefs, health information, or biometric identifiers. Should such data be inadvertently disclosed (e.g., embedded in client-provided content), we undertake immediate deletion unless legally mandated to retain it, accompanied by explicit notification to the affected party.

How We Use Your Data

Your data is processed under strict legal and ethical guidelines to achieve the following objectives:

  1. Service Delivery:
    • Design and Development: Leveraging your brand assets and preferences to create bespoke logos, responsive websites, mobile app interfaces, and print collateral that align with your vision and market positioning.
    • Client Communication: Facilitating real-time collaboration via email threads, project management tools (e.g., Trello, Asana), or video conferencing platforms (e.g., Zoom), ensuring transparency and iterative feedback.
    • Financial Transactions: Generating itemized invoices, processing payments through encrypted channels, and maintaining auditable financial records for tax compliance and dispute resolution.
  2. Legal and Regulatory Compliance:
    • Tax Reporting: Retaining financial records, including invoices, receipts, and transaction logs, for 7 years as mandated by UK HMRC regulations, ensuring readiness for audits or inspections.
    • Law Enforcement Cooperation: Disclosing data to UK authorities in response to valid legal requests (e.g., court orders, subpoenas) to combat fraud, cybercrime, or national security threats.
  3. Marketing and Business Development:
    • Targeted Campaigns: Sending personalized email newsletters, service updates, or promotional offers to opted-in users, segmented by industry, project type, or engagement history.
    • User Experience Optimization: Deploying tools like Hotjar for heatmaps and session recordings to analyze user interactions, identify friction points, and redesign interfaces for enhanced usability.
    • A/B Testing: Experimenting with variations of landing pages, CTAs, or pricing models to maximize conversion rates and client acquisition.
  4. Security and Fraud Prevention:
    • Access Monitoring: Deploying intrusion detection systems (IDS) and log analysis tools to flag unauthorized login attempts or suspicious activities.
    • Encryption Protocols: Utilizing SSL/TLS encryption for data-in-transit and AES-256 encryption for data-at-rest, ensuring end-to-end protection against breaches.
  5. Business Operations:
    • Staff Training: Using anonymized client data (e.g., redacted case studies) to train new employees on design best practices, client communication, and GDPR compliance.
    • Performance Evaluation: Conducting client satisfaction surveys and Net Promoter Score (NPS) assessments to refine service quality and operational workflows.

Legal Basis for Processing (UK GDPR)

Our data processing activities are anchored in the following legal grounds under the UK GDPR:

  1. Contractual Necessity:
    • Processing is indispensable to fulfill obligations under a Service Agreement, such as designing a logo, developing a website, or delivering print materials. For example, your email address is used to send project milestones, while payment details are processed to finalize transactions.
  2. Consent:
    • Processing occurs exclusively with your explicit opt-in consent, obtained through unambiguous affirmative actions (e.g., ticking a checkbox, clicking “Subscribe”). This applies to non-essential activities like marketing emails or non-critical cookies. Consent can be withdrawn anytime via email or preference centers.
  3. Legitimate Interests:
    • Processing is necessary for our legitimate business interests, provided they do not infringe on your rights. Examples include:
      • Fraud Prevention: Analyzing transaction patterns to detect and block fraudulent activities.
      • Service Improvement: Aggregating usage data to identify website bottlenecks and enhance load speeds.
      • Client Retention: Retaining project data for 5 years post-completion to address warranty claims or iterative design requests.
  4. Legal Obligations:
    • Processing is mandated to comply with UK laws, such as retaining financial records for tax audits or disclosing data to regulatory bodies during investigations.

Data Sharing & Third Parties

We collaborate with rigorously vetted third parties to deliver services, ensuring data protection through contractual and technical safeguards:

  1. Service Providers:
    • Hosting Infrastructure: Amazon Web Services (AWS) provides secure cloud storage and hosting, with data centers adhering to ISO 27001 and SOC 2 compliance standards.
    • Communication Tools: Zoho Mail and Zoho CRM facilitate encrypted email exchanges and client relationship management, with data processed in EU-based servers.
    • Payment Processors: Stripe and PayPal handle transactions under PCI-DSS Level 1 certification, tokenizing sensitive data to prevent exposure.
    • Design Platforms: Adobe Creative Cloud and Figma enable real-time collaboration on design projects, with access controls and version history tracking.
  2. Legal and Regulatory Disclosures:
    • Data may be shared with UK law enforcement agencies, courts, or regulatory bodies (e.g., ICO, HMRC) to comply with lawful requests, such as subpoenas, warrants, or anti-money laundering (AML) investigations.
  3. Business Transfers:
    • In scenarios involving mergers, acquisitions, or asset sales, client data may transfer to the successor entity under strict confidentiality agreements, ensuring continuity of service and GDPR compliance.
  4. International Data Transfers:
    • Data transferred outside the UK/EEA (e.g., AWS servers in the US) is protected via GDPR-approved mechanisms, including:
      • Standard Contractual Clauses (SCCs): Legally binding agreements with third parties guaranteeing GDPR-level protections.
      • Adequacy Decisions: Transfers to countries with equivalent data protection laws (e.g., Japan, Switzerland) as recognized by the UK.

Cookies & Tracking Technologies

Our use of cookies and tracking technologies is transparent, purposeful, and user-controlled:

  1. Cookie Categories:
    • Essential Cookies:
      • Purpose: Enable core functionalities critical to website operation, such as user authentication, session persistence, and shopping cart retention.
      • Example: wordpress_sec ensures secure login sessions for clients accessing project dashboards.
    • Analytics Cookies:
      • Purpose: Measure traffic sources, user demographics, and engagement metrics to refine content strategy and SEO performance.
      • Example: Google Analytics’ _gat cookie throttles request rates to maintain performance.
    • Marketing Cookies:
      • Purpose: Deliver personalized ads based on user behavior, retarget abandoned carts, and measure campaign ROI.
      • Example: LinkedIn’s lidc cookie facilitates ad targeting across its platform.
  2. Cookie Management:
    • Consent Management Platform (CMP): A customizable cookie banner (e.g., CookieYes, OneTrust) allows users to granularly select cookie categories (e.g., accept only essential cookies) and update preferences post-initial consent.
    • Browser Controls: Users may block or delete cookies via browser settings (e.g., Chrome’s “Clear Browsing Data” tool), though this may impair functionality (e.g., broken login sessions).

Data Retention

Data retention periods are strictly aligned with legal, operational, and contractual necessities:

  1. Client Projects:
    • Active Projects: Data is retained for the duration of the project, typically 3–12 months, depending on complexity.
    • Post-Completion: Data is archived for 5 years to address potential disputes, warranty claims, or iterative design requests, after which it is securely purged.
  2. Marketing Data:
    • Retained until you unsubscribe via the “Unsubscribe” link in emails or submit a deletion request. Suppression lists are maintained to prevent accidental re-marketing.
  3. Financial Records:
    • Retained for 7 years under UK HMRC mandates, covering invoices, receipts, and transaction logs for audit trails.
  4. Anonymized Data:
    • Aggregated analytics (e.g., quarterly traffic reports) devoid of personal identifiers may be retained indefinitely for trend analysis and business forecasting.

Your Rights (UK GDPR)

Under the UK GDPR, you possess enforceable rights to control your data:

  1. Right to Access:
    • Submit a Subject Access Request (SAR) to receive a comprehensive, machine-readable copy of all personal data we hold, including processing purposes, categories, and third-party recipients.
  2. Right to Rectification:
    • Request correction of inaccuracies (e.g., outdated phone numbers, misspelled names) within 30 days, with updates propagated across all systems.
  3. Right to Erasure (“Right to Be Forgotten”):
    • Demand deletion of your data, except where retention is legally required (e.g., tax records, ongoing disputes).
  4. Right to Restrict Processing:
    • Limit data usage during disputes (e.g., while verifying a deletion request), ensuring data remains stored but inactive.
  5. Right to Data Portability:
    • Obtain your data in structured, commonly used formats (e.g., CSV, JSON) for seamless transfer to alternative service providers.
  6. Right to Object:
    • Opt out of processing based on legitimate interests (e.g., analytics, direct marketing) or object to automated decision-making.
  7. Right to Withdraw Consent:
    • Revoke consent for non-essential processing (e.g., email newsletters) via email or preference centers, effective immediately.

To exercise these rights, email contact@legendaryideas.co.uk with proof of identity (e.g., government-issued ID). We respond within 30 calendar days, free of charge, unless requests are manifestly unfounded or excessive.

Security Measures

We employ a multi-layered security framework to safeguard data integrity, confidentiality, and availability:

  1. Technical Safeguards:
    • Encryption: Data transmitted over public networks is secured via TLS 1.3 with 256-bit encryption, while stored data is encrypted using AES-256.
    • Access Controls: Role-based access (RBAC) ensures only authorized personnel (e.g., project managers, accountants) can view sensitive data, with audit logs tracking all access attempts.
    • Network Security: Next-gen firewalls (NGFW), intrusion prevention systems (IPS), and regular penetration testing by certified ethical hackers.
  2. Operational Safeguards:
    • Employee Training: Annual GDPR and cybersecurity training, with phishing simulations to reinforce data handling protocols.
    • Data Minimization: Collecting only data essential for predefined purposes (e.g., no unnecessary fields in inquiry forms).
  3. Incident Response:
    • Breach Protocol: Immediate isolation of affected systems, forensic analysis, and notification to the UK ICO and affected users within 72 hours of breach detection.
    • Backup Strategy: Daily incremental backups stored on AWS S3 with versioning and geo-redundancy, enabling swift recovery.

Children’s Privacy

Our services are exclusively tailored for users aged 18 and above. We do not knowingly collect data from minors. If a parent/guardian discovers their child has shared data with us, contact contact@legendaryideas.co.uk immediately. We will promptly delete such data and terminate associated accounts, barring legal obligations to retain it.

Third-Party Links

Our website may include links to external platforms (e.g., Behance for portfolios, LinkedIn for team profiles). These third-party sites operate under independent privacy policies, and we disclaim responsibility for their practices. Prior to sharing data, review their policies and exercise caution, particularly with platforms requiring logins or financial transactions.

International Data Transfers

Data may be transferred globally to meet operational needs, safeguarded by:

  • Standard Contractual Clauses (SCCs): Legally binding agreements with third parties (e.g., AWS, Zoho) mandating GDPR-compliant protections.
  • Data Localization: Where feasible, data is stored in UK/EU-based servers (e.g., AWS London region) to minimize jurisdictional risks.

Updates to This Policy

We periodically revise this policy to reflect evolving laws, technologies, or business practices. Material changes (e.g., expanded data uses, new third-party partnerships) are communicated via email 30 days in advance, with summaries highlighting key amendments. Non-material changes (e.g., grammatical corrections) are posted here with an updated “Last Updated” date. Continued use of our services post-update constitutes acceptance.

Contact Us

For inquiries, requests, or complaints regarding data practices:
Legendary Ideas
Email: contact@legendaryideas.co.uk

We prioritize prompt resolution, aiming to respond within 2 business days. Should concerns remain unresolved, you may escalate them to the UK Information Commissioner’s Office (ICO) at ico.org.uk, the UK’s independent authority for data protection.