Privacy & Cookie Policy
SARAH BADCOCK
Strategic Brand & Customer Insight
Last updated: May 2026
1. Background
Sarah Badcock (“we”, “us”, “our”) understands that your privacy is important to you and that you care about how your personal data is used. We respect and value the privacy of everyone who visits our website at sarahbadcock.co.uk (“Our Site”) and will only collect and use personal data in ways described here, consistent with our obligations and your rights under UK data protection law.
Please read this Privacy & Cookie Policy carefully and ensure that you understand it.
2. Definitions and Interpretation
In this Policy the following terms have the following meanings:
“Cookie”
A small text file placed on your computer or device by Our Site when you visit certain parts of Our Site and/or use certain features. Details of the Cookies used by Our Site are set out in Part 10.
“Cookie Law”
The Privacy and Electronic Communications (EC Directive) Regulations 2003, as amended, and any successor legislation.
“Data Protection Legislation”
The UK General Data Protection Regulation (UK GDPR) as incorporated into UK law by the European Union (Withdrawal) Act 2018, together with the Data Protection Act 2018, and any amendments or successor legislation.
“Personal Data”
Any information relating to an identifiable living person who can be directly or indirectly identified, in particular by reference to an identifier such as a name, an identification number, location data or an online identifier.
3. Information About Us
Our Site is owned and operated by Sarah Badcock, a sole trader based in the United Kingdom.
Data Controller: Sarah Badcock
Website: sarahbadcock.co.uk
Contact email: sarah@sarahbadcock.co.uk
4. What Does This Policy Cover?
This Privacy Policy applies only to your use of Our Site. Our Site may contain links to other websites. We have no control over how your data is collected, stored, or used by other websites and advise you to check the privacy policies of any such websites before providing any data to them.
5. Your Rights Under UK GDPR
Under the Data Protection Legislation, you have the following rights, which we will always work to uphold:
• The right to be informed about our collection and use of your personal data.
• The right to access the personal data we hold about you. See Part 11 for how to do this.
• The right to have your personal data rectified if it is inaccurate or incomplete.
• The right to erasure (“the right to be forgotten”) — to ask us to delete any personal data we hold about you.
• The right to restrict the processing of your personal data.
• The right to object to us using your personal data for a particular purpose or purposes.
• The right to withdraw consent at any time where we rely on consent as the legal basis for processing.
• The right to data portability where applicable.
• Rights relating to automated decision-making and profiling. We do not use your personal data in this way.
For more information about your rights or to exercise them, please contact us using the details in Part 12. If you have a complaint about our use of your personal data and we are unable to resolve it, you have the right to complain to the Information Commissioner’s Office (ICO) at ico.org.uk or by calling 0303 123 1113.
6. What Personal Data Do We Collect and How?
Depending on your use of Our Site, we may collect and hold the following personal data:
Data Collected
How We Collect It
Identity information: name
Contact form or direct email enquiry
Contact information: email address, telephone number
Contact form or direct email enquiry
Message content: any information you choose to share in an enquiry
Contact form or direct email enquiry
Technical information: IP address, browser type, pages visited, time on site, device type
Analytics tools (e.g. Google Analytics)
We do not collect any special category data (such as health, racial or ethnic origin, religious beliefs, or biometric data), nor do we collect data relating to children or criminal convictions.
7. How Do We Use Your Personal Data?
Under the Data Protection Legislation, we must always have a lawful basis for using personal data. The table below describes how we use your data and our lawful basis for doing so:
What We Do
Data Used
Lawful Basis
Responding to your enquiries and communicating with you
Identity, contact, message content
Legitimate interests in communicating with prospective and existing clients and maintaining records
Administering and improving Our Site
Technical information
Legitimate interests in properly administering Our Site and improving user experience
Providing our services to clients
Identity and contact information
Performance of a contract; legitimate interests in operating our business
Complying with legal obligations
Identity, contact and relevant transactional data
Legal obligation
We will only use your personal data for the purpose for which it was collected, unless we reasonably believe another purpose is compatible and we have a lawful basis to do so. We do not carry out automated decision-making or automated profiling.
8. How Long Do We Keep Your Personal Data?
We will not keep your personal data for longer than is necessary for the purpose for which it was collected. The following factors inform our retention decisions:
• The nature and sensitivity of the data
• The potential risk of harm from unauthorised use or disclosure
• The purpose for which the data was collected and whether that purpose can be achieved by other means
• Any applicable legal requirements
For tax and accounting purposes, HMRC requires us to retain basic records about customers (identity, contact and payment information) for at least six years from the end of the relevant tax year.
Enquiry data from prospective clients who do not engage our services will be held for no longer than 12 months, then securely deleted.
9. How and Where Do We Store or Transfer Your Personal Data?
We store personal data within the UK. Where we use third-party service providers (for example, email or analytics platforms), some data may be processed outside the UK. In such cases we ensure appropriate safeguards are in place, such as:
• Standard contractual clauses approved by the ICO or the Secretary of State
• Transfers to countries or organisations covered by an adequacy decision under UK law
• For transfers to the US, use of providers covered by the UK Extension to the EU-US Data Privacy Framework (the “UK-US Data Bridge”)
We take the security of your personal data seriously and implement appropriate technical and organisational measures, including encryption of data in transit and limiting access to personal data to those with a legitimate need.
10. How Do We Use Cookies?
Our Site uses Cookies to facilitate and improve your experience. Before non-essential Cookies are placed on your device, you will be asked for your consent via a cookie banner. You may withdraw or change your consent at any time.
First-Party Cookies
We may place first-party Cookies directly on your device to enable core functionality of Our Site.
Third-Party Cookies
Our Site may use analytics services such as Google Analytics, which place third-party Cookies to collect anonymous usage data. This helps us understand how visitors use Our Site so we can improve it. These service providers are not permitted to use the information collected on our behalf for any other purpose.
Managing Cookies
You can control and manage Cookies in several ways:
• Via the cookie consent banner on Our Site
• By adjusting your browser settings to refuse some or all Cookies
• By deleting Cookies already stored on your device
Please note that disabling certain Cookies may affect the functionality of Our Site.
11. How Can You Access Your Personal Data?
You have the right to request a copy of the personal data we hold about you (a “subject access request”). To make a subject access request, please contact us in writing using the details in Part 12, marking your communication “Subject Access Request”.
There is normally no charge for a subject access request. If a request is manifestly unfounded or excessive, we may charge a reasonable fee. We will respond within one month. In complex cases this may be extended by a further two months, and we will keep you informed.
12. How Do You Contact Us?
To contact us about anything in this Privacy Policy, including to make a subject access request or exercise any of your rights, please email: sarah@sarahbadcock.co.uk
Please mark your email “Privacy Enquiry” or “Subject Access Request” as appropriate.
13. Changes to This Privacy & Cookie Policy
We may update this Privacy & Cookie Policy from time to time, for example if the law changes or if our business practices change. Any updates will be posted on Our Site with a revised “Last updated” date at the top of this page.
We recommend that you review this page periodically to stay informed. Your continued use of Our Site after any changes constitutes acceptance of the updated Policy.