Privacy Policy

1. OUR COMMITMENT


7 Pockets Ltd ("7P", "we", "us") is a digital marketing agency providing advertising management, campaign optimisation, and performance reporting services to business clients. We are committed to protecting the privacy and personal data of everyone who interacts with us.


This Privacy Policy explains how we collect, use, store, and protect personal data in compliance with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and the Privacy and Electronic Communications Regulations 2003 (PECR).


If you have questions about this policy or how we handle personal data, contact us using the details in the Contact section below.


---


2. WHO WE ARE


7 Pockets Ltd is a company registered in England and Wales (Company Number: 15250820). We are registered with the Information Commissioner's Office (ICO) under the Data Protection Act 2018.


The Director of 7 Pockets Ltd is the designated individual responsible for data protection. As a small organisation (1-5 employees), we are not required to appoint a formal Data Protection Officer (DPO) under UK GDPR Article 37, as our core activities do not involve large-scale processing of personal data or systematic monitoring of individuals.


Data protection contact: data@the7pockets.com


---


3. WHAT PERSONAL DATA WE COLLECT


The personal data we collect depends on how you interact with us:


Website Visitors:

- IP address (pseudonymised via analytics)

- Browser type, device type, operating system

- Pages visited, time on site, referring URL

- Cookie data (see Section 5)


Business Clients and Contacts:

- Name, email address, phone number

- Company name and role

- Communication history (emails, meeting notes)

- Billing and payment information


Job Applicants and Contractors:

- Name, email address, phone number

- CV/resume and professional history

- Right to work documentation


We do not collect:

- Consumer personal data (e.g. email lists, customer databases) beyond transient handling as described in Section 8

- Special category data (Article 9) in the ordinary course of our business

- Children's data (our services are B2B and not directed at children)


---


4. HOW AND WHY WE USE YOUR DATA


We process personal data under the following lawful bases (UK GDPR Article 6):


For the performance of our contract with you (Article 6(1)(b)):

- Delivering advertising management and reporting services

- Managing client accounts and campaigns

- Processing invoices and payments

- Providing customer support


For our legitimate business interests (Article 6(1)(f)):

- Business development and relationship management

- Improving our website and services

- Internal administration and record-keeping

- Protecting against fraud and security threats


Where you have given consent (Article 6(1)(a)):

- Sending marketing communications about our services

- Using non-essential cookies on our website


You can withdraw consent at any time by contacting us or using the unsubscribe link in our emails.


For legal obligations (Article 6(1)(c)):

- Financial record-keeping (HMRC requirements)

- Responding to lawful requests from authorities


---


5. COOKIES


When you visit our website, we use cookies and similar technologies. You can manage your cookie preferences via the cookie banner displayed on your first visit.


Essential Cookies: Required for the website to function (e.g. session management). These cannot be disabled.


Analytics Cookies: We use Google Analytics to understand how visitors use our website. This data is aggregated and does not identify individual users. You can opt out via your cookie preferences.


We do not use advertising or tracking cookies on the7pockets.com. Our website is an informational business site, not an e-commerce platform.


You can control cookies through your browser settings. Disabling essential cookies may affect website functionality.


---


6. WHO WE SHARE DATA WITH


We share personal data only where necessary and with appropriate safeguards:


- Cloud infrastructure providers: Google Workspace (email, file storage, collaboration) — governed by Google's Data Processing Amendment

- Analytics: Google Analytics (pseudonymised website visitor data) — governed by Google Analytics Data Processing Terms

- Advertising platforms: Meta, Google, TikTok, Snapchat — only in the context of managing client advertising campaigns, governed by each platform's terms

- Professional advisers: Accountants, legal counsel — where required for business operations

- Law enforcement or regulators: Where required by law or valid legal process


We do not sell, rent, or trade personal data to any third party. We do not share personal data with data brokers, advertising networks (for our own marketing), or unrelated third parties.


---


7. DATA RETENTION


We retain personal data only for as long as necessary:


- Client business contacts: Duration of engagement + 2 years

- Supplier and contractor contacts: Duration of engagement + 6 years (HMRC requirements)

- Financial records: 6 years from end of financial year (Companies Act 2006 and HMRC requirements)

- Website analytics data: As configured in Google Analytics (default: 26 months, aggregated)

- Marketing consent records: Until consent is withdrawn + 1 year for compliance records


When data is no longer required, it is securely deleted from all our systems.


---


8. ADVERTISING PLATFORM DATA PROCESSING (META MARKETING API)


8.1 Overview


7 Pockets Ltd uses the Meta Marketing API and other advertising platform APIs to access and manage advertising campaign data on behalf of our clients. This section explains how we handle data obtained through these platforms.


8.2 Data Controller and Processor Roles


- Data Controller: Our clients remain the data controller for their advertising account data. 7 Pockets Ltd acts as a data processor on their behalf, processing advertising data solely under their instruction and in accordance with a written data processing agreement.

- Data Controller (own accounts): Where we manage our own advertising accounts, 7 Pockets Ltd is the data controller.


8.3 What Data We Access


Through advertising platform APIs, we access the following categories of data:


| Data Category | Examples | Contains Personal Data? |

|--------------|----------|----------------------|

| Campaign structure | Campaign names, ad set names, statuses, objectives | No |

| Budget and spend | Daily/lifetime budgets, amount spent, bid strategies | No |

| Performance metrics | Impressions, clicks, conversions, ROAS, CPM, CPC, CTR | No |

| Targeting parameters | Audience definitions, age ranges, geographic regions | Aggregated only |

| Ad creative metadata | Ad copy text, headline text, creative format | No |

| Account information | Ad account ID, account name, currency, timezone | No |


We do not access: individual user profiles, personal contact information, Custom Audience member lists, pixel-level user tracking data, or any data that directly identifies individual platform users.


8.4 Lawful Basis for Processing


We process advertising platform data under:

- Legitimate interests (Article 6(1)(f)): To provide advertising management and optimisation services

- Contractual necessity (Article 6(1)(b)): To fulfil our service agreements with clients


8.5 Purposes of Processing


We process advertising platform data solely for:

1. Campaign monitoring and reporting

2. Optimisation recommendations

3. Budget management and pacing

4. Configuration validation

5. Client communication and strategic recommendations


We do not use advertising platform data for: building user profiles, selling data to third parties, targeting or profiling beyond stated functions, or training machine learning models on client data without explicit consent.


8.6 Data Storage and Security


- Storage location: United Kingdom and European Economic Area using cloud infrastructure with appropriate certifications (SOC 2, ISO 27001)

- Encryption: In transit (TLS 1.2+) and at rest (AES-256)

- Access controls: Role-based access with multi-factor authentication

- API credentials: Stored securely using environment variables, never in source code

- Logging: Access to advertising data is logged for audit purposes


8.7 Data Retention and Deletion


- Campaign performance data (aggregated, non-personal): Retained indefinitely for long-term trend analysis, benchmarking, and historical reporting. This data does not contain personal information about individual users.

- Campaign configuration data: Retained for duration of engagement + 90 days, then securely deleted.

- Client offboarding: All advertising platform data deleted within 30 days of engagement end, unless the client requests export or provides written instruction to retain.

- Meta-initiated deletion: Complied with without undue delay.


8.8 Data Sharing


We do not sell, rent, or trade advertising platform data. Data may be shared with:

- The client whose ad account the data relates to

- Sub-processors (cloud infrastructure) solely for service delivery, bound by data processing agreements

- Where required by law or valid legal process


8.9 Audience Data Handling


Where clients provide audience data containing personal data (e.g. email lists for Custom Audiences):

- Files are received in password-protected format

- Uploaded to the advertising platform as soon as practicable

- Permanently deleted from all 7P systems immediately after upload

- Personal data does not persist on 7P infrastructure


---


9. INTERNATIONAL DATA TRANSFERS


7 Pockets Ltd operates from the United Kingdom and processes data within the UK and European Economic Area.


7P does not independently transfer personal data outside the UK/EEA. Where third-party platforms we use (Google, Meta, TikTok, Snapchat) transfer data internationally as part of their service delivery, this is governed by those platforms' own transfer mechanisms, including:


- UK International Data Transfer Agreements (IDTAs)

- Standard Contractual Clauses (SCCs) approved by the ICO

- Adequacy decisions where applicable


We review the transfer mechanisms of our key service providers as part of our annual policy review.


---


10. YOUR RIGHTS


Under the UK GDPR, you have the following rights:


- Access (Article 15): Request a copy of the personal data we hold about you

- Rectification (Article 16): Request correction of inaccurate data

- Erasure (Article 17): Request deletion of your personal data

- Restriction (Article 18): Request that we limit processing of your data

- Data portability (Article 20): Request your data in a structured, machine-readable format

- Object (Article 21): Object to processing based on legitimate interests

- Automated decision-making (Article 22): We do not carry out automated decision-making with legal effects


To exercise any of these rights, contact: data@the7pockets.com


We will respond within one month of receipt. Identity verification may be required. We will not charge a fee unless the request is manifestly unfounded or excessive.


If you are not satisfied with our response, you have the right to lodge a complaint with the Information Commissioner's Office (ICO) at https://ico.org.uk.


---


11. CHANGES TO THIS POLICY


We may update this Privacy Policy to reflect changes in our services, legal requirements, or data processing practices. Material changes will be noted at the top of this page with the updated date.


---


12. CONTACT US


7 Pockets Ltd

167-169 Great Portland Street, 5th Floor, London, England, W1W 5PF


General enquiries: fraser@the7pockets.com

Data protection enquiries: data@the7pockets.com


You can also contact the Information Commissioner's Office (ICO) at https://ico.org.uk, although we encourage you to contact us first so we can try to resolve your concern.


---


Copyright 2023-2026 7 Pockets Ltd. All rights reserved.


---