Privacy Policy

This Privacy Policy explains how Dahlia Digital (“we”, “us”, “our”) collects, uses, shares, and protects personal data when you visit our websites, use our services, or interact with us. It also outlines your rights under applicable data protection laws, including UK GDPR and (where applicable) EU GDPR.

This policy applies to:

Visitors to our websites and landing pages.

Prospective, current, and former clients and their representatives.

Recipients of our marketing communications.

Job candidates and contractors.

Dahlia Digital is the data controller for processing described in this policy.

Legal entity: Dahlia DigitalContact email: privacy@dahliadigital.comContact phone: +44 7356222488

We collect and process the following categories of personal data, depending on your interactions with us:

Identity data: name, job title, company.

Contact data: email address, phone number, postal address, country.

Account and contract data: proposals, statements of work, invoices, payment status, authentication data for client portals.

Marketing and communications data: preferences, engagement with emails, event registrations.

Usage and device data: IP address, device identifiers, browser type, pages viewed, referring/exit pages, timestamps.

Lead and CRM data: public LinkedIn/website info, notes from discovery calls, form submissions.

Recruitment data: CV/resume, cover letters, interview notes, references.

Content you provide: support requests, briefings, creative assets and metadata.

We use personal data to:

Provide and improve our services, websites, and client support.

Create, perform, and manage proposals, contracts, and billing.

Run analytics, measure campaign performance, and optimize user experience.

Send service notices and marketing communications (you can opt out at any time).

Detect, prevent, and investigate security incidents and fraud.

Recruit, assess, and onboard candidates and contractors.

Comply with legal obligations and enforce our agreements.

Where UK/EU data protection law applies, we rely on the following legal bases:

Contract: processing necessary to perform a contract or take steps at your request before entering into a contract.

Legitimate interests: running and protecting our business, marketing to business contacts, improving services, and preventing fraud (balanced against your rights).

Consent: where required for specific marketing or non-essential cookies. You can withdraw consent at any time.

Legal obligation: compliance with accounting, tax, and regulatory requirements.

We use cookies, pixels, and similar technologies to operate the site, remember preferences, analyze traffic, and measure campaigns.

Strictly necessary cookies: required for core functionality.

Analytics cookies: help us understand usage and improve performance.

Advertising/retargeting cookies: measure marketing effectiveness and deliver relevant ads.

You can manage cookie preferences via your browser settings and (where implemented) our cookie banner controls. Blocking some cookies may impact site functionality.

We may use analytics and advertising partners (e.g., analytics platforms, tag managers, ad networks) that set cookies or receive limited data from your browser or device to provide aggregated insights and deliver/measure ads. These partners act as independent controllers or processors depending on the service. Refer to their privacy notices for details.

We share personal data only as necessary and with appropriate safeguards:

Service providers (processors): hosting, CRM, payment processing, analytics, email/SMS, project management, support tools.

Professional advisors: lawyers, accountants, auditors.

Business transfers: in connection with a merger, acquisition, or asset sale.

Legal and compliance: when required by law or to protect rights, safety, and security.

Where data is transferred outside the UK/EEA, we use appropriate safeguards such as UK/EU Standard Contractual Clauses and (where applicable) the UK–US Data Bridge/adequacy decisions, supplemented by transfer risk assessments when required.

We retain personal data only as long as necessary for the purposes described or to comply with legal obligations:

Client/contract data: generally kept for the contract term plus up to 7 years for legal/financial records.

Marketing data: retained until you opt out or after a defined inactivity period.

Recruitment data: typically 6–12 months for unsuccessful candidates, unless you consent to longer.

We implement technical and organisational measures appropriate to the risk, including access controls, encryption in transit where applicable, least-privilege access, backups, and vendor due diligence. No method of transmission or storage is 100% secure.

Subject to conditions and exemptions, you have the right to:

Access your personal data and obtain a copy.

Rectify inaccurate or incomplete data.

Erase data (“right to be forgotten”).

Restrict processing.

Data portability.

Object to processing based on legitimate interests and to direct marketing.

Withdraw consent where processing is based on consent.

Lodge a complaint with a supervisory authority (e.g., the UK ICO).

To exercise your rights or make a privacy request, contact us at privacy@dahliadigital.com. We may request information to verify your identity and will respond within the timeframes required by law.

Our services are not directed to children and we do not knowingly collect personal data from children. If you believe a child has provided us personal data, contact us to request deletion.

Our websites may include links to third-party sites or services. We are not responsible for their privacy practices. Review their policies before providing personal data.

We may update this policy from time to time. The “Last updated” date at the top reflects the latest revision. Material changes will be communicated via our website or direct notice where appropriate.

If you have questions or concerns about this policy or our data practices, contact:

Dahlia DigitalEmail: privacy@dahliadigital.com