Legal & policies

Privacy Policy

Last updated: 7 July 2026

This policy explains how we collect, use, share and protect personal data when you contact us, use this website, apply for a role, or deal with us as a client or business contact. It also explains your rights under the UK GDPR and the Data Protection Act 2018 and how to exercise them.

1. Who we are

21 Degrees Digital Services Ltd (company number 14648455) is the controller responsible for your personal data. We are registered with the Information Commissioner's Office under reference ZB532450.

21 Degrees Digital Services Ltd
Biz Hub, One City West, Holbeck, Leeds, LS12 6NJ

Email: hello@21degreesdigital.com
Telephone: 0113 531 5081

Our data protection lead is Rachel Scahill. Please use the contact details above and mark your message for their attention for any privacy question or request.

2. Personal data we collect

We collect personal data in the following ways.

Information you give us

  • Enquiries. When you complete our contact form we collect your name, email address, telephone number, the type of enquiry, the service you are interested in, and the details you choose to tell us about your project. If you go on to answer our optional qualifying questions, we also collect indicative budget and turnover ranges and your responses about timing.
  • Free health check and other enquiry forms. Your name, contact details and the information you provide about your business or website so we can respond.
  • Newsletter sign-up. Your email address.
  • Meeting bookings. If you book a call or meeting with us, the details needed to arrange it.
  • Careers applications. When you apply for a role we capture your name, email address, telephone number and your CV.
  • Correspondence. If you email, call or message us, a record of that correspondence and the information it contains.

Information we collect automatically

When you use this website we may collect your IP address, device and browser type, the pages you view, and the site that referred you. This information is collected through cookies and similar technologies and, except for what is strictly necessary to run the site, only with your consent. See our Cookie Policy for detail.

Business contact data from public sources

For business-to-business outreach we also obtain limited business contact data (such as a name, job title, business email address or telephone number, and company) from publicly available sources, for example company websites, professional networks such as LinkedIn, and public business directories. Where we obtain your data from a source other than you directly, we tell you the categories of data and the source when we first contact you, and in any event within one month, in line with our transparency obligations.

3. Purposes and lawful bases

We use personal data for the purposes below, each with a lawful basis under the UK GDPR.

What we doData usedLawful basis
Respond to your enquiry and discuss whether we can help Contact details and enquiry information Legitimate interests (responding to enquiries), or steps taken at your request before entering a contract
Deliver our services to clients and manage the relationship Contact, business and project information Contract
Send marketing to people who have enquired or are clients Name and email address Legitimate interests (direct marketing to existing and prospective customers, "soft opt-in"). You can opt out in every message.
Business-to-business outreach to relevant business contacts Business contact data Legitimate interests (B2B marketing). We honour any objection immediately.
Consider and manage job applications Application and correspondence data Steps taken before entering a contract, and our legitimate interests in recruiting
Analytics and marketing cookies, and loading embedded media Device and usage data Consent
Meet our legal, accounting and regulatory obligations Whatever the obligation requires Legal obligation

Where we rely on legitimate interests, we have considered your rights and interests and do not use your data in ways that override them. You can object to processing based on legitimate interests at any time (see your rights). Where we rely on consent, you can withdraw it at any time without affecting anything done before you withdrew it.

4. Who we share data with

We share personal data only with organisations that help us run our business, and only as needed. These include:

  • HubSpot: customer relationship management (CRM), forms and meeting bookings.
  • Cloudflare: website hosting and content delivery.
  • Microsoft: email and productivity (Microsoft 365, including SharePoint file storage).
  • Google: email and productivity (Google Workspace, including Google Drive file storage).
  • J S White & Co Limited: accountancy.
  • ESP Projects Limited: IT support.
  • Switch Networks Ltd: telephony.

We may also disclose personal data where we are required to by law, or to establish, exercise or defend legal claims. We never sell your personal data.

5. International transfers

Some of our providers, including HubSpot, Cloudflare, Microsoft and Google, are based in the United States or process data outside the UK. When personal data is transferred outside the UK we make sure it is protected by an appropriate safeguard. Where a provider is certified under the UK Extension to the EU-US Data Privacy Framework, we rely on that certification (HubSpot, Inc., Cloudflare, Inc., Microsoft Corporation and Google LLC are all certified under the UK Extension). Otherwise we rely on the UK International Data Transfer Agreement, or the EU Standard Contractual Clauses together with the UK Addendum, with additional safeguards where appropriate. You can ask us for more detail using the contact details above.

6. How long we keep data

  • Enquiries and marketing contacts: 2 years from last meaningful contact.
  • Client and financial records: as required by law (typically 6 years).
  • Unsuccessful applicants: 12 months.

When we no longer need personal data we delete it or make it anonymous.

7. Your rights

Under UK data protection law you have the right to:

  • be informed about how we use your data (which this policy sets out);
  • access the personal data we hold about you;
  • have inaccurate data corrected;
  • have your data erased in certain circumstances;
  • restrict how we use your data in certain circumstances;
  • data portability, where it applies;
  • object to processing based on our legitimate interests, and to direct marketing at any time;
  • not be subject to solely automated decisions that have a significant effect on you (we do not make such decisions).

To exercise any right, email us at hello@21degreesdigital.com. Exercising your rights is free of charge, and we will respond within one month. We may ask you to confirm your identity first.

8. Complaints

If you are unhappy with how we have handled your personal data, please tell us first by emailing hello@21degreesdigital.com. We will acknowledge your complaint within 30 days and work with you to put things right.

You also have the right to complain to the Information Commissioner's Office, the UK supervisory authority, at https://ico.org.uk or on 0303 123 1113. We would appreciate the chance to resolve your concern before you approach the ICO.

9. Security

We take appropriate measures to keep personal data secure. These include restricting access to personal data to people who need it, encrypting data in transit to this website using HTTPS, and hosting on Cloudflare's infrastructure. No system can be guaranteed completely secure, but we work to protect your data and to deal properly with any breach.

10. Changes to this policy

We may update this policy from time to time. When we make material changes we will update the date below and, where appropriate, tell you. The date this policy was last updated is shown at the top of the page.