GDPR Privacy Notice

1. Who we are

For UK GDPR purposes, Online Buzz Marketing Ltd is the data controller for personal data collected through this website and related pre-sales, delivery, and account management activities.

If we process personal data solely on your documented instructions as part of a client delivery engagement, we may act as your processor under a separate agreement.

2. Data we collect

Depending on how you interact with us, we may collect:

• identity and contact data (name, work email, job title, organization, phone number);
• enquiry and consultation data (business context, workflow challenges, implementation goals);
• client account and project data needed to deliver contracted services;
• billing and transaction data (invoice contacts, payment status, plan details);
• technical and usage data (IP address, browser/device metadata, page events, diagnostic logs).

We do not intentionally request special category personal data. If you send this data unintentionally, we will limit use and delete or redact it where reasonably possible.

3. Purposes and lawful bases

4. Data sources

We collect personal data directly from you, your organization, and our systems. We may also receive limited business contact data from publicly available professional sources and approved partners.

5. Recipients and processors

We use selected suppliers for hosting, analytics, email delivery, collaboration, payment processing, and operational tooling. These may include cloud infrastructure providers, payment processors, and approved AI/automation platforms.

Processors only receive the minimum data needed to provide their service and are contractually required to handle data securely and lawfully.

6. International data transfers

Some suppliers may process data outside the UK. Where this occurs, we apply appropriate safeguards, such as adequacy regulations, UK International Data Transfer Agreement (IDTA), or UK Addendum to standard contractual clauses, as applicable.

7. Retention and deletion

We retain personal data only as long as needed for the purpose collected, including legal and compliance obligations. Typical periods are:

• sales and enquiry records: up to 24 months after last meaningful contact;
• active project and support records: for engagement duration and standard support window;
• financial and tax records: up to 6 years where legally required;
• security and analytics logs: retained on a rolling basis and deleted per system policy.

You can request deletion where legal retention duties do not prevent erasure.

8. Security

We implement proportionate technical and organizational safeguards, including access controls, encryption in transit where supported, environment separation, and monitoring. No system can be guaranteed fully secure, but we continuously improve safeguards in line with risk.

9. Your rights

Under UK GDPR, you may have rights to access, rectify, erase, restrict processing, object, data portability, and withdraw consent where consent is the legal basis.

To exercise rights, email shaz@customerjourneys.ai. We may request identity verification and will normally respond within one month.

10. Complaints

If you have concerns about how we handle personal data, contact us first so we can address the issue. You also have the right to complain to the UK Information Commissioner's Office (ICO): https://ico.org.uk/make-a-complaint/.

11. Cookies and tracking

We may use essential cookies and privacy-respecting analytics to operate and improve the site. Where non-essential tracking is introduced, consent controls will be provided as required.

12. Children

This website and services are designed for business use and are not directed to children. If you believe a child's data was shared with us, contact us and we will investigate promptly.

13. Policy updates

We may update this notice to reflect operational, legal, or regulatory changes. The current version will always be posted on this page with the latest update date.