This privacy policy explains how London Baithead collects, uses, shares, and protects personal data when you visit londonbaithead.com (the “Site”), engage with our content on social platforms (Instagram, Facebook, and any other accounts we operate), subscribe to our newsletter, contact us, or enter into a commercial partnership with us.

It is written to comply with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and the Privacy and Electronic Communications Regulations 2003 (PECR).

1. Who we are (Data Controller)

London Baithead is the controller of personal data described in this policy.

• Legal entity: London Baithead Ltd, registered in England and Wales, company number 16935452
• Registered / trading address: 834 Hertford Road, Enfield, England, EN3 6UE
• Contact for privacy matters: legal@londonbaithead.com

If we are required to appoint a Data Protection Officer, their details will be added here. At present, no statutory obligation to appoint a DPO applies.

2. The personal data we collect

We collect the following categories of personal data.

2.1 Information you provide directly:

• Name and email address (newsletter sign-up, contact form, brand partnership enquiries)
• Company name, role, and business contact details (where you engage with us in a commercial capacity)
• Content you submit (comments, messages, enquiries) Payment and billing information (for brand partners and clients), processed via our payment provider e.g. Stripe
• Identification information where required for verification of large transactions or contractual onboarding

2.2 Information collected automatically:

• IP address, device type, browser type and version, operating system
• Pages visited, time on page, referring URL, click behaviour
• Cookie identifiers and similar tracking technologies (see Section 6)

2.3 Information collected from third parties:

• Aggregated audience insights from Meta (Facebook and Instagram) where you interact with our accounts. For this processing, we are joint controllers with Meta Platforms Ireland Limited. See Meta’s Page Insights Controller Addendum: facebook.com/legal/terms/page_controller_addendum.
• Publicly available business contact information used for outbound brand partnership enquiries.

2.4 Special category data:

We do not intentionally collect special category data (race, religion, health, sexual orientation, political views, etc.). If such information appears in comments or messages you send us, we will rely on the “manifestly made public” condition under Article 9(2)(e) UK GDPR or remove the content.

3. Why we use your data, and the legal basis for each use

We process personal data only where we have a lawful basis under Article 6 UK GDPR.

Purpose	Data used	Legal basis
Sending newsletters and editorial updates	Name, email, engagement data	Consent (Art. 6(1)(a)) and PECR Regulation 22
Responding to enquiries via contact form or email	Name, email, message content	Legitimate interests (Art. 6(1)(f)) — responding to people who contact us
Operating the Site, ensuring security, preventing fraud	IP address, browser data, log data	Legitimate interests (Art. 6(1)(f)) — running and securing our service
Analytics and audience measurement	Cookies, IP (truncated where possible), behavioural data	Consent (Art. 6(1)(a)) via cookie banner
Brand partnerships, sales, and contract administration	Business contact details, billing data	Performance of a contract (Art. 6(1)(b)) and legitimate interests for pre-contract outreach
Comments on articles	Name, email (not published), IP address	Consent (Art. 6(1)(a))
Compliance with legal obligations	As required	Legal obligation (Art. 6(1)(c))
Defending or bringing legal claims	As required	Legitimate interests (Art. 6(1)(f)) and Art. 9(2)(f) where relevant

You may withdraw consent at any time where consent is our basis. Withdrawal does not affect processing carried out before withdrawal.

Where we rely on legitimate interests, we have carried out a balancing test. You may request a summary of this assessment by contacting legal@londonbaithead.com.

4. Lead capture and audience scoring for brand partners

When we run a campaign for a brand partner and capture leads, complete audience qualification scorecards, or apply discount codes that are passed back to the brand, we may act as a data processor on behalf of that brand (which is the controller for that data).

In those cases:

• A written Data Processing Agreement (DPA) under Article 28 UK GDPR governs the processing
• The brand is responsible for the lawful basis under which leads are collected
• We process the data strictly in accordance with the brand’s instructions
• We retain the data only for the contractual period and then delete or return it

We do not use lead data captured for brand partners for our own marketing without separate, specific consent from the data subject.

5. Who we share data with

We do not sell your personal data. We share it only with the following categories of recipients:

• Hosting and infrastructure: e.g. Cloudflare (UK/USA), WP Engine (USA), AWS (UK)
• Analytics: e.g. Google Analytics 4 (Google Ireland Ltd / Google LLC, USA)
• Newsletter platform: e.g. Beehiiv (USA), Klaviyo (USA), Mailchimp (USA), Substack (USA), ConvertKit (USA)
• Social media platforms (joint controllers for Insights data): Meta Platforms Ireland Limited / Meta Platforms, Inc.
• Payment processors: e.g. Stripe Payments Europe Ltd / Stripe Inc., USA
• Customer relationship management (CRM): None at present
• Legal, accounting, and professional advisors (subject to professional confidentiality obligations)
• Law enforcement, courts, or regulators where legally compelled, including the ICO, HMRC, or under a valid court order

All processors operate under a written contract that includes Article 28 UK GDPR safeguards.

6. Cookies and similar technologies

The Site uses cookies and similar tracking technologies. We use:

• Strictly necessary cookies (no consent required): session management, security, load balancing.
• Analytics cookies (consent required): to understand how visitors use the Site.
• Marketing / advertising cookies (consent required): if used, to measure campaigns or build audiences.

When you first visit the Site, you will see a cookie banner. You can:

• Accept all cookies
• Reject all non-essential cookies
• Customise your choices by category

You can change your preferences at any time via the “Cookie Settings” link in our footer.

For a full list of cookies, including duration and purpose, see our Cookie Policy

7. International data transfers

Some of our service providers are based outside the United Kingdom, principally in the European Economic Area and the United States.

Where data is transferred outside the UK, we rely on one of the following safeguards under Article 46 UK GDPR:

• Adequacy decisions (e.g. EEA countries, UK-US Data Bridge for certified US recipients)
• UK International Data Transfer Agreement (IDTA)
• The UK Addendum to the EU Standard Contractual Clauses

You can request a copy of the safeguards in place for a specific transfer by emailing legal@londonbaithead.com.

8. Related Policies and Information

This privacy policy works alongside the following documents, which together govern how we operate and your relationship with us. We recommend you also review:

• Editorial Policy — how we research, source, fact-check, and produce our content: https://londonbaithead.com/editorial-policy
• Corrections Policy — how we identify, address, and publish corrections to our content: https://londonbaithead.com/corrections-policy
• Terms of Service — the terms and conditions that apply to your use of the Site: https://londonbaithead.com/terms-of-service
• Authors — information about the writers and contributors behind our content: https://londonbaithead.com/authors

Where there is any inconsistency between this privacy policy and any of the documents above on a privacy-related matter, this privacy policy takes precedence.

9. How long we keep your data

We retain personal data only for as long as necessary for the purpose for which it was collected.

Data type	Retention period
Newsletter subscriber data	Until you unsubscribe, plus 12 months for suppression list compliance
Contact form enquiries	24 months from last contact, then deleted
Comment data	Until the article is removed or the comment is deleted, whichever is sooner
Analytics data	e.g. 14 months for GA4 default
Brand partnership records	Duration of contract plus 6 years (limitation period under the Limitation Act 1980)
Tax and financial records	6 years from end of relevant financial year (HMRC requirement)
Server and security logs	90 days, unless retained longer for a specific security investigation

After these periods, data is deleted, anonymised, or securely archived as appropriate.

10. Your rights under UK GDPR

You have the following rights:

• Right of access (Article 15): obtain a copy of your data
• Right to rectification (Article 16): correct inaccurate data
• Right to erasure (Article 17): request deletion in certain circumstances
• Right to restrict processing (Article 18)
• Right to data portability (Article 20): receive your data in a portable format
• Right to object (Article 21): including objection to direct marketing at any time
• Rights related to automated decision-making (Article 22)
• Right to withdraw consent at any time where consent is the basis

How to exercise these rights: email legal@londonbaithead.com. We will respond within one month. We may need to verify your identity before processing certain requests.

Right to complain: if you believe we have mishandled your data, you can complain to the Information Commissioner’s Office at ico.org.uk/make-a-complaint or call 0303 123 1113. We would prefer to address concerns with you directly first.

11. Automated decision-making and profiling

We do not currently make decisions about you that produce legal or similarly significant effects using solely automated means.

We do conduct light-touch audience segmentation and engagement analysis to plan editorial and brand campaigns. Where we run “audience qualification scorecards” or lead-scoring services for brand partners, the brand (not London Baithead) is the controller and any automated decision logic is governed by the brand’s own privacy policy.

12. Security

We apply technical and organisational measures appropriate to the risk, including encrypted connections (HTTPS), access controls, secure hosting, and routine review of our processors.

No system is perfectly secure. If a personal data breach affects your rights and freedoms, we will notify you and the ICO in line with Articles 33 and 34 UK GDPR.

13. Children

The Site is not directed at children under 13. We do not knowingly collect personal data from anyone under 13.

If you believe a child under 13 has provided us with personal data, contact legal@londonbaithead.com and we will delete it.

Where we run content or campaigns that may attract a younger Gen Z audience (16+), we apply additional care in line with the ICO’s Age Appropriate Design Code where relevant.

14. Third-party links

The Site contains links to third-party websites and platforms (Instagram, Facebook, brand partner sites, news sources). We are not responsible for the privacy practices of those services. Review their policies before sharing personal data with them.

15. Marketing communications

If you subscribe to our newsletter, you do so on the basis of consent. Every marketing email contains an unsubscribe link, and you can also email legal@londonbaithead.com.

Where you have purchased a partnership or service from us, we may, under the PECR “soft opt-in,” send you related marketing about similar services. You can opt out at any time.

16. Changes to this policy

We may update this policy. Material changes will be notified by email (where we hold a current address) or by a prominent notice on the Site. The current version is always available at this URL with a revised “Last updated” date.

A change log is available on request.

For any privacy or data protection question:

17. Contact

Email: legal@londonbaithead.com