Privacy Policy

Who we are

Our website address is:



If you leave a comment on our site you may opt in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.

If you visit our login page, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.

When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.

If you edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 1 day.

Embedded content from other websites

Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.

These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracking your interaction with the embedded content if you have an account and are logged in to that website.


How long we retain your data

If you leave a comment, the comment and its metadata are retained indefinitely. This is so we can recognise and approve any follow-up comments automatically instead of holding them in a moderation queue.

For users that register on our website (if any), we also store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information.

What rights you have over your data

If you have an account on this site, or have left comments, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes.

Our policy as Data Controllers

Data controller and Data Protection Officer

Considered Creative is run by Emma and Tom Hardwidge trading as Considered Creative.

Emma Hardwidge is the nominated Data Protection Officer and can be contacted by email if you require further information, would like information about the data we hold for you or to be removed from our records.

Personal Information

How do we collect your personal data?

Almost all of the data we collect comes direct from you when you contact us. Occasionally your data may have been passed to us by a mutual friend or colleague who thinks we could work together.

We never source our data from publicly available sources or third party vendors.

What legal basis are we relying on to process your personal data?

Some of the data we collect comes under legal obligation, we are required to have names and addresses for invoicing purposes.
Some of the data we collect is given by consent, this includes any personal data you have given to us in the course of normal business activity which we need to contact you about projects and office hours.

Where we have been contacted by you regarding potential work we rely on legitimate interest to keep your data on record. You have expressed an interest in working with us and may like to be informed about other projects we are working on which may be relevant to you. You may also like to be keep informed of our opening hours over holiday periods.

What personal data do we collect?

We keep a small amount of information about all our clients both current and past and those who have made enquiries about working with us. This usually includes:

  • Name
  • Address (for invoicing purposes)
  • Email Address
  • Telephone Numbers

Why do we collect this data?

Generally we need to be able to get hold of you to discuss work and send invoices. We also use your information to send you emails regarding our opening times over holiday periods.

Less regularly we may wish to share projects we have been involved with and if you’re lucky you might also get a Christmas card.

Do we share your data?

Your data is only ever shared with your consent where it is necessary to carry out business services. In rare circumstances we might pass your email address to one of our suppliers who can handle any problems while we are out of the office. We will always ask for your permission.

How long do we keep your data

You data is kept by us indefinitely as many of our clients work with us for years, many also return to us after a break and it is helpful to have your details on record. This information is also often held within our accounts (invoices and quotes) which we are required to keep for accounting purposes.

Security of your personal data

Your personal data may be stored in any of the following locations:

  • On our personal office computers
    These are password protected with only Tom and Emma having access.
  • On our personal mobile devices
    These are password protected with only Tom and Emma having access.
  • On our web server
    We will ensure that any chosen supplier provides sufficient security measures to protect any data held.
  • Within our ECRM system Campaign Monitor
    Details on their security measures can be found here

In the unlikely event of any data breaches these will be reported to you as soon as we are aware of them.

Accuracy of Personal Information

We make reasonable efforts to keep any personal data in our possession or control, which is used on an ongoing basis, accurate, complete, current and relevant, based on the most recent information available to us.

It is the responsibility of each individual to ensure that the personal data relating to them is accurate, complete and current.

Access to personal information

To request access to Personal Information that we hold about you, we require that you submit your request in writing at the e-mail address above.

We will endeavour to provide your requested personal data within 30 days of receiving your access request. If we cannot fulfil your request, we will provide you with a written explanation of why we had to deny your access request.

Your right to be forgotten

You have the right for your data to be removed from our records at any time however some information may need to be retained for accounting purposes e.g. Names and addresses of businesses on invoices.

If you wish to unsubscribe from emails sent out from our ECRM system you can do this at any time by contacting us via the email address above.

Under 13 year olds

Our website is not intended or designed to attract children under the age of 13. We do not knowingly collect personally identifiable data from or about any person under the age of 13. If you are under 13 years old and wish to ask a question or use this site in any way which requires you to submit your personal information, please get your parent or guardian to do so on your behalf.

Making a complaint

Please feel free to contact us at the email address above if you have any questions or concerns regarding your personal data stored by Considered Creative. If we fail to address these concerns you have the right to make a formal complaint to the Information Commissioners Office

Non-Personal Information

In common with many commercial organisations we monitor the use of our website by collecting aggregate information. We may automatically collect non-personal information about you such as the type of internet browsers you use, the pages you visit or the website which directed you to our site. You cannot be identified from this information and it is used only to assist us in providing an effective service on our website.

Use of cookies

Cookies are small files which are sent to your web browser and stored on your computer’s hard drive. These allow you to carry information across our site without having to re-enter it; it also enables us to analyse web traffic and improve our online services. They cannot be used to identify you. You may set your web browser to notify you of cookie placement requests or to decline cookies completely. You can delete the files that contain cookies; those files are stored as part of your internet browser.

External links

Our website contains links to other websites many of which belong to our clients. Our privacy policy does not extend to these sites. Please contact those sites directly if you would like information on their privacy policies.

Updating our policy

We may change our privacy policy from time to time. We therefore ask you to check it occasionally to ensure that you are aware of the most recent version that will apply each time you access our website.

Our Policy as Data Processors

What information do we have access to?

Many of our clients act as Data Controllers and as such we are often given access to this data.

This may be because:

  • it is stored on our rented web server
  • it is stored within an ECRM system for which we have been given access
  • a client has provided us with the data to use for their own marketing purposes

What type of information does this include?

  • Names
  • Email addresses
  • Addresses
  • Telephone numbers
  • Dates of birth
  • Pseudonyms (authors)
  • Truncated credit card details i.e. last 4 digits
  • Where data has been collected through a website form, it is possible that the user may have also submitted additional, unsolicited personal information.

Data processing within the our organisation is occasional and is unlikely to risk the rights and freedoms of individuals; or involve the processing of special categories of data or criminal conviction and offence data.

How is this information transferred if at all?

Most data we have access to resides within:

  • Our rented web server
  • Third-party ECRM systems
  • Our clients’ own web servers

When a data transfer is required, it is usually exported from web-based database, downloaded, and then uploaded into another web-based database.

Where clients require us to export the data for their own use, it may be emailed to them, uploaded to a secure location within their website for them to access or transferred to them via a third-party file sharing system like WeTransfer, Hightail or Dropbox.

Where possible, temporary data is deleted once the transfer has been completed.

Is this information shared outside of Considered Creative and the Data Controller?

Written consent would be sought from the Data Controller if it was necessary to share data in order to carry out the business needs of the client.

What are the potential risks of data breaches?

We do not have access to any financial or medical information, so risks would be limited to misuse of the data types stated above.

What do we do to minimise these risks? What security measures do we have in place.

  • Our personal devices and computers are password-protected.
  • Websites have up-to-date security processes in place to prevent hacking.
  • Where possible, temporary data is deleted once it has been transferred.
  • We advise our clients to have up-to-date SSL certificates installed on their web servers to prevent unencrypted data from being intercepted as it is transferred.
  • The wireless internet connection in our office is encrypted.
  • If any passwords are compromised, they are updated without undue delay.

What would we do in the event of any data breach?

As soon as we become aware of a data breach, every action will be taken to mitigate any data misuse and prevent any similar breached occurring. We will also notify the relevant Data Controller without undue delay.

Who is the data protection officer

Emma Hardwidge is the nominated Data Protection Officer and can be contacted by email