Privacy Policy

1. Introduction

GreenLight Digital Media Limited ("we", "us", "our") is committed to protecting and respecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website greenlight.digital, use our services, or interact with us.

We are a UK-based digital marketing agency registered in England and Wales. This policy complies with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and where applicable, the California Consumer Privacy Act (CCPA).

By using our website or services, you agree to the collection and use of information in accordance with this policy. If you do not agree with our policies and practices, please do not use our services.

2. Information We Collect

2.1 Personal Data You Provide

We collect information that you voluntarily provide to us when you:

• Fill out contact forms or request quotes
• Subscribe to our newsletter or marketing communications
• Create an account or register for our services
• Communicate with us via email, phone, or social media
• Participate in surveys, contests, or promotions

This information may include:

• Name and contact information (email address, phone number, postal address)
• Company name and business information
• Website URL and social media profiles
• Project requirements and preferences
• Payment information (processed securely through third-party payment processors)
• Any other information you choose to provide

2.2 Automatically Collected Information

When you visit our website, we automatically collect certain information about your device and usage, including:

• IP address and approximate geographic location
• Browser type and version
• Device type and operating system
• Referring website and pages visited
• Time and date of visit
• Time spent on pages and interaction data
• Crash reports and performance data

We collect this information using cookies and similar tracking technologies. For more details, please see our Cookie Policy.

2.3 Information from Third Parties

We may receive information about you from third-party sources, including:

• Social media platforms (when you interact with our content or use social login)
• Analytics providers and advertising networks
• Business partners and referral sources
• Publicly available sources and databases

3. How We Use Your Information

We use the information we collect for the following purposes:

3.1 Providing Services

• Delivering the digital marketing services you request
• Processing transactions and managing accounts
• Communicating with you about projects and services
• Providing customer support and technical assistance
• Managing and fulfilling contractual obligations

3.2 Improving Our Services

• Analyzing website usage to improve user experience
• Conducting research and development
• Testing new features and functionality
• Identifying and fixing technical issues
• Optimizing our content and service offerings

3.3 Marketing and Communications

• Sending newsletters and marketing communications (with your consent)
• Providing information about our services and promotions
• Conducting surveys and gathering feedback
• Personalizing your experience on our website
• Showing relevant advertisements on third-party platforms

3.4 Legal and Security

• Complying with legal obligations and regulations
• Preventing fraud, abuse, and unauthorized access
• Protecting our rights and intellectual property
• Resolving disputes and enforcing agreements
• Responding to legal requests from authorities

4. Legal Basis for Processing (UK GDPR)

Under UK GDPR, we process your personal data based on the following legal grounds:

• Consent: You have given clear consent for us to process your personal data for specific purposes (e.g., marketing emails)
• Contract: Processing is necessary to fulfill a contract with you or to take steps at your request before entering into a contract
• Legal Obligation: Processing is necessary to comply with legal obligations (e.g., tax and accounting requirements)
• Legitimate Interests: Processing is necessary for our legitimate business interests, provided your rights and freedoms do not override these interests

5. How We Share Your Information

We do not sell your personal data to third parties. We may share your information with:

5.1 Service Providers

We engage trusted third-party service providers to perform functions on our behalf, including:

• Website hosting and cloud infrastructure (e.g., Vercel, AWS)
• Email marketing services (e.g., Mailchimp, SendGrid)
• Analytics and tracking (e.g., Google Analytics, Hotjar)
• Payment processing (e.g., Stripe, PayPal)
• Customer relationship management (e.g., HubSpot)
• Advertising platforms (e.g., Google Ads, Facebook Ads)

These providers have access to your information only to perform specific tasks on our behalf and are obligated to protect your data.

5.2 Business Transfers

If we are involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you via email and/or prominent notice on our website of any change in ownership.

5.3 Legal Requirements

We may disclose your information if required by law or in response to valid requests by public authorities (e.g., court orders, government agencies).

5.4 With Your Consent

We may share your information with other third parties when we have your explicit consent to do so.

6. Data Storage and Security

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. These measures include:

• SSL/TLS encryption for data transmission
• Secure server infrastructure and regular security audits
• Access controls and authentication mechanisms
• Regular backups and disaster recovery procedures
• Employee training on data protection practices
• Confidentiality agreements with service providers

However, no method of transmission over the internet or electronic storage is 100% secure. While we strive to protect your personal data, we cannot guarantee absolute security.

Your data is primarily stored on secure servers in the UK and EU. Some third-party services we use may store data in other jurisdictions, including the United States. We ensure that appropriate safeguards are in place for international data transfers, including Standard Contractual Clauses approved by the UK Information Commissioner's Office (ICO).

7. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law.

Specific retention periods include:

• Client Data: Retained for the duration of the contract and up to 7 years afterward for legal and accounting purposes
• Marketing Data: Retained until you unsubscribe or request deletion, or after 3 years of inactivity
• Website Analytics: Anonymized after 26 months (Google Analytics default)
• Support Inquiries: Retained for 3 years after the last interaction
• Payment Records: Retained for 7 years to comply with tax regulations

When personal data is no longer needed, we securely delete or anonymize it.

8. Your Privacy Rights

Under UK GDPR and other applicable laws, you have the following rights regarding your personal data:

• Right of Access: You can request a copy of the personal data we hold about you
• Right to Rectification: You can request that we correct inaccurate or incomplete data
• Right to Erasure ("Right to be Forgotten"): You can request that we delete your personal data under certain circumstances
• Right to Restrict Processing: You can request that we limit how we use your data
• Right to Data Portability: You can request a copy of your data in a structured, machine-readable format
• Right to Object: You can object to our processing of your data for direct marketing or legitimate interests
• Right to Withdraw Consent: Where processing is based on consent, you can withdraw it at any time
• Right to Lodge a Complaint: You can complain to the Information Commissioner's Office (ICO) if you believe we have violated your data protection rights

To exercise any of these rights, please contact us at privacy@greenlight.digital. We will respond to your request within 30 days.

9. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to collect and store information about your use of our website. Cookies help us provide, protect, and improve our services.

For detailed information about the cookies we use, their purposes, and how to manage your cookie preferences, please see our Cookie Policy.

10. Third-Party Links

Our website may contain links to third-party websites, plugins, and applications. Clicking on those links may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy practices.

We encourage you to review the privacy policies of any third-party sites you visit.

11. Children's Privacy

Our services are not directed to individuals under the age of 18. We do not knowingly collect personal data from children. If we become aware that we have collected personal data from a child without parental consent, we will take steps to delete that information.

If you believe we have collected information from a child, please contact us immediately at privacy@greenlight.digital.

12. International Data Transfers

We primarily process data within the UK and European Economic Area (EEA). However, some of our service providers are based outside these regions, including in the United States.

When we transfer your personal data outside the UK or EEA, we ensure appropriate safeguards are in place, such as:

• Standard Contractual Clauses approved by the UK ICO
• Transfers to countries with adequacy decisions
• Service providers certified under approved frameworks

13. California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

• Right to know what personal information we collect, use, disclose, and sell
• Right to request deletion of your personal information
• Right to opt-out of the sale of personal information (we do not sell personal information)
• Right to non-discrimination for exercising your CCPA rights

To exercise your CCPA rights, please contact us at privacy@greenlight.digital or call us at our designated toll-free number.

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of any material changes by:

• Posting the updated policy on this page with a new "Last Updated" date
• Sending an email notification to registered users
• Displaying a prominent notice on our website

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information.

15. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us: