Privacy Policy

Privacy Notice

Bright Strategy UK Ltd

October 2025

1. Information on How we use your Personal Data.

This is the Privacy Notice of Bright Strategy UK Ltd. Bright Strategy UK Ltd provides copywriting services and training in business writing skills to clients in the UK. We take your privacy very seriously. This Privacy Notice explains how we collect, use, and protect your Personal Data in accordance with UK GDPR. It includes information about:

1. Why we collect and keep information about you.
2. What information we collect.
3. How long we may keep your information.
4. Who may see your information.
5. Who we may share your information with.
6. Your rights concerning your information. 

Bright Strategy UK Ltd process personal information (Personal Data) every day. This information is used by Bright Strategy UK Ltd and their associates as part of their normal work. We take our duty to protect your personal information very seriously and all processing will be in line with the UK General Data Protection Regulation (UK GDPR) as tailored by the Data Protection Act 2018 and current general UK legislation.

Bright Strategy UK Ltd normally processes Personal Data as a Controller where the information relates to our clients, suppliers, employees, contractors, advisers, and professional experts. However Personal Data provided by a client to enable us to provide copywriting services we will process as processor for the client.

Personal Data is any information by which an individual person can be identified. This includes a name, identification number, address, email address, IP address, photo, date of birth, and phone number. It also covers any factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of a person.

We will take all reasonable steps to keep your Personal Data confidential whether this is held on the computer, on paper, or other media. All associates, contractors and any staff of Bright Strategy UK Ltd have a legal duty to maintain the confidentiality and security of your personal data. 

For any information, please contact our data protection representative:

Name:             Laura Sands

Address:         Brampton Lodge, Church Fields, Witley GU8 5PP

Telephone:     07790 868363

Email:              laura@laurasands.co.uk

Website:         https://www.laurasands.co.uk/

For independent advice about data protection issues, you can contact the ICO at: 

Name: The Information Commissioner

Address:  Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF 

Telephone: 0303 123 1113 

Email: casework@ico.org.uk

Website: www.ico.org.uk

2. What Information do we collect?

Bright Strategy UK Ltd aims to provide you with the highest quality of service. To do this we must keep records about you, and the services we have provided to you or plan to provide to you.

The Personal Data we hold about you is protected by strict physical, electronic, and other means and includes:

1. Basic details about clients (and potential clients) and their business including attendees at workshops and other training sessions, such as name, address, telephone number.
2. Services provided.
3. Information contained in material supplied by clients for copywriting services.
4. Financial details.
5. Any information necessary for the provision of our services.

We will also process similar Personal Data about our suppliers, any employees, independent contractors, advisers, and professional experts (jointly called Associates).

We only process your Personal Data in accordance with the current UK General Data Protection Regulation. This will be to provide you with appropriate services or to meet contractual or legal obligations including maintaining our accounts and records or because you have consented to provide us with the information.

Bright Strategy UK Ltd and their Associates keep accurate and up-to-date information about the services you receive, and to enable us to provide you with the right advice about potential new services and activities. It also ensures that any concerns you may have about your services can be thoroughly investigated.

If we intend to use the Personal Data for any other purpose, then you will always be asked first unless required to act otherwise by law.

3. Who we may share your information with

Information will be seen by the Bright Strategy UK Ltd and any others involved in delivering your services. There is sometimes a need to share information about you with other third-party providers so that we can work together to provide you with the best possible service to meet your needs. We will only ever share your information when there is a legitimate need to do so. It may also be necessary to share some information with: 

1. Suppliers.
2. Third party contractors.
3. Business associates and other professional advisers.
4. Financial organisations.
5. Official bodies.
6. Service providers including but not limited to Zoom, Microsoft, Google, and Mailchimp.

We never share Personal Data with any other organisation for third party marketing purposes.

4. Marketing 

We may take photos and screenshots of our work and clients for marketing purposes. However, we will not disclose the names of our clients on any marketing materials without the consent of the client.

We may record any training sessions provided, and the faces and contributions of attendees will be included. This is for our own purposes and for use by any attendee who has missed the session. Any attendee can turn off their camera and decline to contribute so they are not covered in the recording if they wish.

We may send you marketing materials if you have given consent or if you are an existing or previous customer and have not opted out.

You can always ask for such communications to stop.

5. The Legal Basis for the Processing

The legal basis for the processing shall be:

1. Processing is necessary for the performance of a contract to which the individual is a party or to take steps at the request of the individual before entering a contract.
2. Processing is necessary to comply with our legal obligations.
3. Processing is necessary for our legitimate interests or those of a third party except where overridden by the interests of the individual. This includes the interest of our business in managing the business that we balance against your individual rights.
4. You have given your consent to the processing. Where consent is given, it can be withdrawn at any time.
5. Processing is necessary for the performance of a task carried out in the public interest.
6. Processing is necessary to protect the vital interests of the data subject or another natural person.

6. Security of Processing

We have implemented and will continue to update technical and organisational security measures to protect your personal data. However, while we take every reasonable precaution absolute security cannot be guaranteed.

7. Transfers

It may sometimes be necessary to transfer Personal Data overseas. When transfers are needed, information may be transferred to countries or territories around the world. Any transfers made will be in full compliance with all aspects of UK GDPR and follow the country-specific legislation.

8. Keeping your information accurate and up to date

We will make sure that the information we hold about you is accurate and up-to date. We may check with you from time to time to make sure we have the right information about you or your next of kin (where appropriate). If the information is not correct, you can ask us to change it.

9. Your Rights

You have the right to be informed about how your Personal Data is used. This document aims to explain how we use your information but if you are unsure or require more information, please ask contact us.

1. You have the right to have any inaccurate information about you corrected.
2. You have the right to have information about you deleted or to stop us from using it when we do not need to keep it anymore. This is subject to our legal rights.
3. You have the right to access your records (see below) using a Subject Access Request.
4. You have the right to data portability so that you can use your information with an alternative service provider.
5. You have the right to object to having your data processed for direct marketing purposes.
6. You have rights concerning automated decision making and profiling.

10. Can I see my records?

You have the right to ask what personal information we hold about you and to request a free copy of the information. This is known as a Subject Access Request (SAR). SARs must be in writing and to protect your privacy and we may require proof of identity and address before processing the request. If you want specific information e.g., a particular timeframe, please clarify this.

If someone is requesting information on your behalf, we shall need your written consent and evidence of ID for both of you.

We must provide you with the information you request within 30 days although we will endeavour to do so as soon as possible.

We have the right to charge for unreasonable requests (e.g. repeated requests for the same information).

11. How long do we keep your records?

Bright Strategy UK Ltd keeps the information about you in paper records and in electronic records. Bright Strategy UK Ltd needs to keep this information to provide you with the best possible service. Certain types of information about you need to be kept for longer than other information. We will not keep information about you longer than is necessary or longer than required by law.

12. Sale of the Business

If the assets of Bright Strategy UK Ltd are sold by a third party the personal data held by it about its clients will be disclosed to a buyer and included in the transfer to the buyer

Any such transfer will be subject to terms of confidentiality and the terms of this Privacy Notice.

13.  Your Right to Complain

If you need further information about the information that we keep about you, speak to Laura Sands. We will try to answer your questions.

You have the right to complain to any business or organisation if you believe Bright Strategy UK Ltd have not handled your Personal Data properly.

Reasons to complain can include if you believe we:

• Have not properly responded to your request for your personal information.
• Are not keeping information secure.
• Hold inaccurate information about you.
• Have disclosed information about you.
• Are keeping information about you for longer than is necessary.
• Have collected information for one reason and is using it for something else: or
• Have not upheld any of your data protection rights. 

The Procedure 

You should write directly to us providing full details of your complaint. 

The attached template can be used and sent along with copies of any relevant documents or emails https://ico.org.uk/media2/migrated/4026584/raising-a-concern-dp-complaint.docx 

Allow one month for a reply. If you do not understand the reply, please request clarification.

If you do not get a response you can complain to the ICO within 3 months of your last contact with us.

14. General

You may not transfer any of your rights under this privacy notice to any other person. We may transfer our rights where we reasonably believe your rights will not be affected.

If any court finds that any provision of this privacy notice is invalid illegal or unenforceable, that provision or part-provision will, to the extent required, be deemed to be deleted, and the validity and enforceability of the other provisions of this privacy notice will not be affected.

Unless otherwise agreed, no delay or omission by a party in exercising any right or remedy will be deemed a waiver of that or any other right or remedy.

The laws of England and Wales will govern this notice.

This notice will be updated from time to time, and a copy of the latest version will be on our website.