Privacy Policy
How we collect, store and use your personal information - and what your rights are.
How we collect, store and use your personal information - and what your rights are.
Wonder Media Ltd is committed to protecting the privacy and security of your personal information. This privacy notice describes how we collect and use personal information about you during and after your relationship with us, in accordance with the UK General Data Protection Regulation (UK GDPR).
Wonder Media Ltd is registered with the Information Commissioner's Office under registration reference ZA902438.
This notice applies to:
Any reference to 'we', 'us', 'our' or 'the company' means Wonder Media Ltd. Any reference to 'you' or 'Data Subject' means any individual for whom we hold personal data.
This notice also applies to our website: wondermedia.co.uk.
In most circumstances we hold your data as a Data Controller - responsible for deciding how it is held and used. In some circumstances we may act as a Data Processor, handling data on behalf of a third party without directly storing it.
We may update this notice at any time. If you have questions, contact us at hello@wondermedia.co.uk.
We comply with UK GDPR. Personal information we hold about you must be:
We collect, store and may use the following categories of personal information:
We do not ordinarily collect special-category sensitive personal data.
We retain client data to fulfil our contractual obligations and for legitimate business purposes. We will only retain data we reasonably require, for a period that is reasonably necessary.
We will not disclose your data to third parties unless you have consented, or we are required to do so by contract or law.
We may hold limited information on visitors to our clients' websites - typically basic contact form data - retained only insofar as it is necessary to optimise and maintain appropriate website functionality.
We collect personal information directly from clients, from publicly available sources (such as Companies House), and through general market research. We may also collect additional information from credit reference or background check agencies where necessary.
During the course of a contract, we may additionally collect:
We use your personal information only when the law allows. The most common lawful bases are:
Less commonly, we may also rely on:
Specific situations in which we process personal information include:
Where we hold data for marketing purposes, you may opt out of receiving marketing communications from us at any time.
If we are acquired by or merged with a third party, your personal information may form part of the transferred assets.
If you fail to provide certain information when requested, we may be unable to perform the contract we have with you, or may be prevented from complying with our legal obligations.
We will only use your personal information for the purposes for which it was collected. If we need to use it for an unrelated purpose, we will notify you and explain the lawful basis for doing so. We may process your personal information without your knowledge or consent where required or permitted by law.
We may acquire personal data on individuals who are not clients - for example:
The data we hold is typically limited to contact information: email addresses, telephone numbers and business or personal addresses. We retain this data based on legitimate business interest, and may use it to send relevant marketing information. You have the right to ask us to erase or rectify your data and to opt out of marketing at any time.
We do not envisage making any automated decisions that will have a significant impact on you. If this changes, we will notify you in writing. Where automated decisions are made, we are permitted to do so only where:
We may need to share your data with third-party service providers. All third parties are required to respect the security of your data and to treat it in accordance with the law.
Client data is held in our accounting system, FreeAgent, whose servers are hosted at The Bunker data centre in the UK.
Websites we build and host are stored on servers located in UK-based data centres, protected by Cloudflare's global network for DNS management, CDN delivery, DDoS mitigation, and security filtering. Cloudflare is GDPR-compliant and processes data in accordance with EU data protection standards. Backup and storage infrastructure operates with EU data residency applied.
The only PII we will request to store is your name and email address. We will never share your PII with a third party without your explicit permission. We do not require you to use a personal, work or verified email address - an anonymised or generic address is acceptable.
We make use of third-party services on behalf of our clients that may require PII. These are listed below with links to their privacy policies:
We are not responsible for the privacy policies of third-party providers, but we periodically verify that our partners comply with relevant data protection laws including UK GDPR.
We collect and store the following n-PII (information that cannot be linked to you without an accompanying email address or other identifier):
Some services may involve email relaying. We do not manually inspect or permanently store the content of email messages. Where machine inspection is necessary to enable service functionality, no trace of the email remains on our servers once transmission is complete.
We have put in place appropriate security measures to protect your personal information from accidental loss, unauthorised access, alteration or disclosure. Access to personal information is limited to those with a legitimate business need, who are subject to a duty of confidentiality.
We have procedures to deal with any suspected data breach and will notify you and the relevant regulator where legally required.
The transmission of information via the internet is not completely secure. Data transmitted online is transmitted at your own risk. Email communications may be subject to interception and we cannot guarantee delivery to the intended recipient only.
We retain personal information only for as long as necessary to fulfil the purposes for which it was collected, including satisfying legal, accounting or reporting requirements.
For client data, we typically retain records for 7 years after completion of a matter - consistent with the 6-year limitation period for breach of contract or negligence claims under the Limitation Act 1980.
Where appropriate, we may anonymise personal information so that it can no longer be associated with you, in which case it may be used without further notice.
It is important that personal information we hold about you is accurate and current. Please keep us informed of any changes.
Under UK GDPR, you have the right to:
To exercise any of these rights, contact us in writing at our registered address or by emailing hello@wondermedia.co.uk.
We may refuse a request where we have a legal, contractual or legitimate business interest in doing so. If we refuse, we will notify you and you will have the right to appeal.
There is no charge to exercise these rights unless a request is manifestly unfounded or excessive.
Where you have provided consent to the collection, processing or transfer of your personal information for a specific purpose, you may withdraw that consent at any time by contacting us at hello@wondermedia.co.uk. Once we receive notification of withdrawal, we will no longer process your information for that purpose, unless another lawful basis applies.
We have appointed a data protection contact to oversee compliance with this notice. If you have questions about how we handle your personal information, please contact them at hello@wondermedia.co.uk.
You also have the right to make a complaint to the Information Commissioner's Office (ICO), the UK supervisory authority for data protection:
Information Commissioner's Office
Wycliffe House, Water Lane
Wilmslow, Cheshire, SK9 5AF
ico.org.uk
We do not use tracking cookies or advertising cookies on this website. No cookie consent banner is shown because none is required - we do not profile visitors or share browsing data with third parties.
The only cookies this site may set are strictly functional: for example, temporary session state required for form submission. These cookies contain no personally identifiable information and are not used for any tracking or analytical purpose.
Any analytics we use are fully anonymised and configured to respect visitor privacy. We do not collect IP addresses or use fingerprinting techniques. If you wish to block all cookies from this site, you can do so via your browser's privacy settings without affecting your ability to use the site.
We reserve the right to update this privacy notice at any time. Substantial changes will be communicated directly where appropriate.
For questions about this notice, or to submit a data access, correction, removal or restriction request, contact our data protection contact:
Email: hello@wondermedia.co.uk
Post: Wonder Media Ltd, 48 Church Avenue, Harrogate, North Yorkshire, HG1 4HG
In person: Via any member of the Wonder Media Ltd team.
A copy of the information will be provided free of charge. A reasonable fee may be charged where a request is manifestly unfounded or excessive.
You have the right to make a complaint to the ICO or such other regulatory or supervisory authority as may be appointed from time to time. If you make a complaint, we will respond to confirm how it will be handled.