Privacy Policy.
Last updated: 30 June 2026
Penbridge Marketing ("Penbridge," "we," "us," or "our") provides B2B outreach infrastructure that connects UK trade and service contractors with local council decision-makers. This policy explains how we collect, use, store, and protect personal data in connection with our website, our enquiry and booking process, our client services, and the outreach campaigns we run on behalf of our clients.
We are committed to handling personal data lawfully, fairly, and transparently, in line with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and the Privacy and Electronic Communications Regulations (PECR). Penbridge Marketing is registered with the Information Commissioner's Office (ICO), registration number ZB987654.
- 1. Who we are
- 2. Data we collect
- 3. Council & business contacts we email on behalf of clients
- 4. How we use your data & our legal bases
- 5. B2B email marketing & PECR
- 6. Who we share data with
- 7. International data transfers
- 8. How long we keep data
- 9. How we protect your data
- 10. Cookies & website analytics
- 11. Your rights
- 12. Children's data
- 13. Changes to this policy
- 14. Complaints
- 15. Contact us
Who we are
For the purposes of UK data protection law, the data controller is:
- Penbridge Marketing, Suite 168558, PO Box 7169, Poole, BH15 9EL, United Kingdom
- Email: Admin@penbridgemarketing.co.uk
- Telephone: +44 (0) 20 7946 0958
- ICO registration number: ZB987654
Where we run outreach campaigns on behalf of a client, Penbridge typically acts as a data processor in respect of the client's own customer or lead data, and as an independent data controller in respect of the council and business contact data held on our own proprietary database and used to deliver outreach on the client's behalf. This is explained further in Section 3.
Data we collect
We collect personal data in a small number of specific contexts, depending on how you interact with us:
Website enquiries
When you submit our contact form, we collect the information you provide: your full name, company name, email address, telephone number (optional), sector, target region, and the message you write about your business. This is submitted securely to our form-processing provider and forwarded to our team by email.
Strategy call bookings
When you book a free strategy call through our Calendly scheduling tool, we (and Calendly, as an independent controller of the booking process) collect your name, email address, and the date and time details associated with the booking. Calendly's own privacy notice governs how it processes your data as part of the scheduling service.
Clients we onboard
If you become a Penbridge client, we additionally collect the information needed to deliver the service and manage the commercial relationship — for example billing and company details, the regions and sectors you wish to target, any leads you supply for inclusion in your campaign, and correspondence relating to your account.
General correspondence
If you contact us directly by phone or email, we keep a record of that correspondence, including your contact details and the content of the communication, so we can respond and keep an accurate record of our dealings with you.
Council & business contacts we email on behalf of clients
Separately from the data described above, we maintain a proprietary database of publicly available, business-related contact details for individuals working in town, parish, and local council administrative and decision-making roles (for example, names, work email addresses, job titles, and the council they work for). We did not collect this data directly from these individuals, so under UK GDPR we owe them — not just you — a transparency obligation.
- Source. This data is sourced from publicly accessible information, such as council websites, public registers, and published staff directories — never from purchased consumer marketing lists.
- Purpose. It is used solely to send relevant, professional B2B correspondence introducing our clients' services to the public bodies that may commission that type of work.
- Legal basis. We rely on legitimate interests (Article 6(1)(f) UK GDPR) — specifically, the legitimate interest of our clients and ourselves in conducting reasonable, proportionate B2B outreach to publicly listed professional contacts, balanced against the individual's right to privacy. We do not use special category data, and we do not contact personal, non-work email addresses.
- Opt-out. Every outreach email we send includes a clear, immediate, and free method to opt out of further contact. Any opt-out request is honoured promptly and the contact is suppressed from future campaigns across our entire database.
You have the right to object to this processing, request a copy of the data we hold about you, or ask us to delete it at any time, free of charge. Simply reply "unsubscribe" to any campaign email, or contact us at Admin@penbridgemarketing.co.uk.
How we use your data & our legal bases
| Activity | Legal basis |
|---|---|
| Responding to enquiries submitted through our contact form | Legitimate interests — to respond to a request you have made of us |
| Managing strategy call bookings | Legitimate interests / steps taken at your request prior to a contract |
| Delivering services to onboarded clients, including billing | Performance of a contract; legal obligation (for accounting/tax records) |
| Sending B2B outreach emails to council and business contacts | Legitimate interests (see Sections 3 & 5) |
| Keeping records of correspondence and complaints | Legitimate interests; legal obligation |
| Website analytics & performance monitoring | Consent (non-essential cookies) or legitimate interests (strictly necessary cookies) |
We do not sell personal data, and we do not use personal data for any purpose incompatible with the purposes set out in this policy.
B2B email marketing & PECR
The Privacy and Electronic Communications Regulations (PECR) sit alongside UK GDPR and specifically govern electronic marketing. PECR's consent requirement for unsolicited marketing email applies to individual subscribers; it does not apply in the same way to corporate subscribers — including limited companies and public bodies such as local councils — provided the communication is relevant to the recipient's role.
On that basis, our outreach is:
- Sent only to work email addresses tied to a relevant council or business role, never to personal addresses
- Tailored to a genuine, relevant commercial offering (the services of the contractor client we represent)
- Always identifies the sending business and provides a clear, immediate opt-out
- Sent at a controlled, proportionate daily volume rather than indiscriminate bulk sending
Who we share data with
We share personal data only where necessary, and always under contractual terms that require our processors to protect it appropriately. We do not sell or rent personal data to third parties for their own marketing purposes.
- Formspree — processes submissions from our website contact form and relays them to our team by email.
- Calendly — processes strategy call bookings and calendar scheduling.
- Framer — hosts our website and may process basic technical data (such as IP address and device information) needed to serve the site.
- Professional advisors — accountants, auditors, or legal advisors, where reasonably necessary for our business operations.
- Regulators or authorities — where we are required to disclose data by law, such as to the ICO, HMRC, or law enforcement.
International data transfers
Some of the third-party providers listed above (such as Formspree, Calendly, and Framer) may process or store data on servers located outside the UK, including in the United States. Where this happens, we rely on the provider's certification under an approved transfer mechanism — such as the UK's International Data Transfer Addendum to the EU Standard Contractual Clauses, or an equivalent adequacy-based safeguard — to ensure your data continues to receive a level of protection consistent with UK GDPR.
How long we keep data
- Website enquiries that don't convert into a client relationship are kept for up to 24 months from your last contact with us, then deleted or anonymised.
- Client account & billing data is kept for the duration of our relationship with you, plus 6 years afterwards to meet UK tax and accounting record-keeping obligations.
- Council and business contact data used for outreach is reviewed and refreshed on a rolling basis (typically every 3–6 months) to ensure accuracy, and is removed promptly upon an opt-out request or if it becomes outdated.
- Strategy call booking data is retained for as long as reasonably necessary to manage the booking and any resulting relationship, in line with Calendly's own retention settings.
How we protect your data
We use appropriate technical and organisational measures to protect personal data against unauthorised access, alteration, disclosure, or destruction. This includes restricting access to personal data to staff who need it to do their jobs, using reputable, secure third-party platforms for data processing, and keeping our outreach sending infrastructure technically separate from client and council contact data stores.
No method of transmission or storage is ever completely secure, but we work to use commercially reasonable safeguards appropriate to the sensitivity of the data involved.
Cookies & website analytics
Our website, hosted on Framer, may use strictly necessary cookies required for the site to function, and may use analytics cookies to help us understand how visitors use the site. Where non-essential cookies are used, we will ask for your consent in line with PECR, and you can change your preference at any time through your browser settings. Embedded third-party tools on our site, such as our Calendly booking widget, may also set their own cookies in line with their respective privacy and cookie policies.
Your rights
Under UK GDPR, you have the right to:
- Access the personal data we hold about you
- Rectify inaccurate or incomplete data
- Erase your data in certain circumstances
- Restrict or object to our processing of your data
- Data portability, where processing is based on consent or contract and carried out by automated means
- Withdraw consent at any time, where processing is based on consent
- Lodge a complaint with the ICO (see Section 14)
To exercise any of these rights, contact us using the details in Section 15. We will respond within one month, free of charge, save in exceptional circumstances permitted by law. We may need to verify your identity before acting on a request.
Children's data
Our services are intended for businesses and professionals. We do not knowingly collect personal data from children, and our website is not directed at children.
Changes to this policy
We may update this policy from time to time to reflect changes to our practices or for legal or regulatory reasons. The "Last updated" date at the top of this page shows when it was last revised. We encourage you to review this page periodically.
Complaints
If you have concerns about how we handle your personal data, please contact us first so we can try to resolve the issue directly. You also have the right to lodge a complaint with the UK supervisory authority:
- Information Commissioner's Office (ICO)
- Website: ico.org.uk
- Helpline: 0303 123 1113
Contact us
If you have any questions about this policy or how we handle your data, get in touch:
Suite 168558, PO Box 7169
Poole, BH15 9EL
