Privacy & Data Protection Policy

Introduction

This Privacy and Data Protection Policy explains how Eden Rose Marketing Ltd (“we”, “us”, “our”) collects, uses, stores and protects personal data in accordance with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and any other applicable data protection laws.

We are committed to ensuring that your privacy is protected and that your personal data is handled in a transparent and lawful manner.

Data controller

Eden Rose Marketing is the data controller responsible for your personal data.

Contact details:
Email: hello@edenrose-marketing.co.uk

Personal Data We Collect

We collect and process the following personal data:

  • First name

  • Last name

  • Email address

This data is collected when you book a “Root of It Call” or otherwise provide your details voluntarily.

We do not collect special category (sensitive) personal data.

How We Collect Your Data

Personal data is collected directly from you when:

  • You complete a booking form via Microsoft Bookings

  • You contact us via email or other direct communication

Purpose of Processing

We process your personal data for the following purposes:

  • To arrange and manage discovery calls (“Root of It Calls”)

  • To communicate with you in relation to your enquiry

  • To provide services requested by you

  • To maintain records of enquiries and client interactions

We will not use your data for marketing purposes without your explicit consent.

Lawful Basis for Processing

We rely on the following lawful bases under Article 6 UK GDPR:

  • Contractual necessity: processing is necessary to take steps at your request prior to entering into a contract (e.g. booking a call)

  • Legitimate interests: to manage enquiries, maintain business records and operate our services efficiently, provided these interests are not overridden by your rights

Data Sharing and Third Parties

We may share your personal data with:

  • Microsoft Bookings (Microsoft Corporation) to facilitate appointment scheduling

  • Customer Relationship Management (CRM) systems to manage client relationships and enquiries

All third-party processors are required to process your data in accordance with data protection law and only on our instructions.

We do not sell or rent your personal data to third parties.

International Transfers

Some of our service providers (including Microsoft) may process data outside the UK.

Where this occurs, we ensure appropriate safeguards are in place, such as:

  • UK adequacy regulations, or

  • Standard contractual clauses approved for use under UK GDPR

Data Retention

We will retain your personal data only for as long as necessary to fulfil the purposes for which it was collected, including:

  • Managing enquiries and bookings

  • Maintaining business records

Where no ongoing relationship is established, data will typically be retained for a maximum of 12 months from last contact, unless required for legal or regulatory purposes.

Data Security

We implement appropriate technical and organisational measures to protect personal data against:

  • Unauthorised access

  • Loss or destruction

  • Alteration or disclosure

Access to personal data is limited to authorised individuals only.

Your Rights

Under UK data protection law, you have the following rights:

  • The right to be informed about how your data is used

  • The right of access to your personal data

  • The right to rectification of inaccurate data

  • The right to erasure (“right to be forgotten”)

  • The right to restrict processing

  • The right to object to processing

  • The right to data portability

To exercise your rights, please contact us using the details above.

Complaints

If you are not satisfied with how we handle your data, you have the right to lodge a complaint with the Information Commissioner’s Office (ICO):

Website: https://ico.org.uk
Telephone: 0303 123 1113

Cookies

Our website may use cookies. Please refer to our separate Cookie Policy for further details.