top of page
Digital for People
Digital for People logo

Digital for People

Digital for People logo
Contact us

Last updated: 19 May 2026

Privacy policy

Locations & imprint

Your data is controlled by one of two affiliated companies:

  • If you are in the United Kingdom, the European Economic Area, Switzerland or anywhere outside the Americas, your data controller is Digital for People Ltd., registered in England and Wales, registered office 275 New North Road, PMB 3039, London, N1 7AA, United Kingdom.

  • If you are in the United States, Canada or anywhere else in the Americas, your data controller is Digital for People LLC, incorporated in the State of Delaware, registered office 221 W 9th Street, PMB 722, Wilmington, DE 19801, United States.

In this policy, "we", "us" and "our" refer to whichever of the above entities is your controller. The two entities share infrastructure and may transfer data between themselves where lawful and necessary (see section 7).

What this policy covers

This policy explains what personal data we collect from you when you visit our website or contact us, how we use it, who we share it with, how long we keep it, and what rights you have.

It does not cover personal data we process on behalf of our clients as a processor under a consulting engagement - that is governed by the data processing agreement signed for that engagement.

What personal data we collect

We collect personal data in three ways:

Data you give us directly

  • Identity and contact details - name, job title, organisation, email address, phone number - when you complete a contact form, send us an email, book a call, or correspond with us.

  • Free-text content you include in your enquiry, including any personal data you choose to share.

  • Information you provide in connection with attending our events, downloading gated content, or subscribing to a newsletter.

Data we collect automatically

  • Technical data - IP address (truncated where possible), browser type and version, time-zone setting, device type, operating system.

  • Usage data - pages viewed, time on page, navigation paths, clickstream data, referring URL.

  • Cookies and similar technologies - see our Cookie Policy at /cookies for full detail.

Data we receive from third parties

  • Analytics aggregates from Google Analytics 4 and Microsoft Clarity.

  • Enrichment data - when you contact us, we may use publicly available sources (your organisation's website, LinkedIn) to understand the context of your enquiry before we reply.

  • Business contact information from partners or referrers, where they introduce you to us with your knowledge.

How we use your personal data, and our lawful bases

Purpose

Data used

Lawful basis (UK/EU GDPR)

Responding to enquiries you send us

Identity & contact details, message content

Legitimate interests (responding to people who contact us); pre-contractual steps where you are exploring engaging us

Providing our consulting services

Identity & contact details, billing details, engagement content

Performance of a contract (your services agreement)

Sending marketing communications you have requested

Identity & contact details, preferences

Consent (you can withdraw it at any time)

Sending occasional business-to-business marketing to existing or recent clients about similar services

Identity & contact details

Legitimate interests; you can opt out at any time

Improving the website and our services

Technical and usage data, aggregated

Legitimate interests (running and improving our website and services)

Keeping our records, accounts and tax filings in order

Identity & contact, billing, correspondence

Legal obligation; legitimate interests

Protecting the website and our business from misuse, fraud and security threats

Technical, usage, identity data as relevant

Legitimate interests; legal obligation

Complying with court orders, regulators and other legal obligations

Whatever is required by the order or obligation

Legal obligation

Who we share your personal data with

We share personal data only with parties that need it for the purposes set out above, and only under contracts that require them to protect it. They include:

  • Our affiliated entity - Digital For People UK and Digital For People US share infrastructure and may share personal data internally to provide a consistent service. The two entities have a written joint controllership / transfer arrangement in place.

  • Hosting and website platform - Wix.com, Inc. (USA), hosts the website.

  • Email and productivity - Microsoft Corporation (Microsoft 365).

  • Workflow and automation - Microsoft Power Automate.

  • Analytics - Google LLC (Google Analytics 4), Microsoft Corporation (Microsoft Clarity).

  • AI enrichment - Perplexity AI, Inc., used to research the public business context of enquiries; we never send special-category personal data to this service.

  • Professional advisers - accountants, auditors, lawyers, insurers, bound by professional confidentiality.

  • Authorities - regulators, courts, law enforcement, where required by law.

We do not sell your personal data. We do not share your personal data for cross-context behavioural advertising as defined under the CCPA/CPRA.

International transfers

Some of the providers listed above are located in, or store data in, the United States or other countries outside the United Kingdom and the European Economic Area. Where we transfer personal data outside the UK/EEA, we rely on one or more of the following safeguards:

  • Adequacy decisions where the destination country is recognised by the UK government and/or European Commission as providing an adequate level of protection.

  • The UK International Data Transfer Agreement, the UK Addendum to the EU Standard Contractual Clauses, or the EU Standard Contractual Clauses where required.

  • The EU-US Data Privacy Framework (and its UK extension) where the receiving organisation is certified to it.

You can ask us for a copy of the relevant safeguards by writing to the address in section 11.

How long we keep your personal data

Type of record

Enquiry that did not become a project

Default retention period

Up to 24 months from the last meaningful contact, then deleted or anonymised.

Active or recent client records

Duration of the engagement plus 7 years (to satisfy UK/US tax and audit requirements).

Marketing list subscribers

Until you unsubscribe, or 3 years of no engagement, whichever is sooner.

Website analytics

GA4: as configured (default 14 months). Microsoft Clarity: as configured (default 30 days).

​Records required for legal or regulatory reasons

As long as the relevant law or regulator requires.

​How we protect your personal data

We work to ISO 27001-aligned practices and use the security controls of our platform providers (Wix, Microsoft 365, Google) which are themselves certified to recognised standards. Specifically: encrypted-in-transit forms (HTTPS / TLS), multi-factor authentication on staff accounts, least-privilege access, regular review of third-party processors. No system is perfectly secure, and we cannot guarantee absolute security.

​Your rights

Under UK GDPR and EU GDPR, you have the following rights in relation to your personal data:

  • Right of access — to receive a copy of the personal data we hold about you.

  • Right to rectification — to have inaccurate data corrected or incomplete data completed.

  • Right to erasure — to have your personal data deleted in certain circumstances.

  • Right to restriction — to restrict how we process your personal data in certain circumstances.

  • Right to data portability — to receive certain data in a structured, commonly used, machine-readable format.

  • Right to object — to processing based on legitimate interests, and to direct marketing at any time.

  • Right to withdraw consent — where the processing is based on consent, you can withdraw it at any time without affecting the lawfulness of earlier processing.

  • Right to lodge a complaint with a supervisory authority — for the UK, the Information Commissioner's Office (ico.org.uk); for the EU, your local data protection authority.

To exercise any of these rights, contact us using the details in section 11. We aim to respond within one calendar month.

Cookies and similar technologies

We use a small number of cookies and similar technologies on the website. Full detail — including each cookie name, purpose, provider and expiry — is set out in our Cookie Policy at /cookies. You control non-essential cookies through the consent banner on first visit and via our Cookie Settings link in the footer.

Changes to this policy

We may update this policy from time to time. The "effective date" at the top tells you when. Where the change is material, we will tell you by email (if we have an email address for you) or by a prominent notice on the website.

California residents - your CCPA / CPRA rights

This section applies in addition to the rest of this policy if you are a California resident. The categories below use the definitions in the California Consumer Privacy Act, as amended by the California Privacy Rights Act (collectively, "the CCPA").

Personal information we collect

In the 12 months before the effective date, we have collected the following categories of personal information from California residents:

  • Identifiers — name, email, phone, business contact details, IP address.

  • Customer records — billing and engagement records.

  • Commercial information — products or services considered or purchased.

  • Internet or other electronic network activity — browsing and usage data, cookie identifiers.

  • Geolocation — approximate, derived from IP.

  • Professional or employment information — your role and employer.

  • Inferences drawn from the above to understand the context of your enquiry.

Sources, purposes and disclosures

Sources, purposes and recipients are the same as those listed in sections 3, 4 and 5 above.

Sale or sharing

We do not "sell" personal information and we do not "share" personal information for cross-context behavioural advertising, as those terms are defined in the CCPA.

Sensitive personal information

We do not collect or use sensitive personal information for purposes that would require an opt-out under the CCPA.

Retention

See section 7.

Your CCPA rights

  • Right to know what personal information we have collected about you, the sources, the purposes, and the categories of recipients.

  • Right to delete personal information we have collected from you, subject to exceptions.

  • Right to correct inaccurate personal information.

  • Right to limit use and disclosure of sensitive personal information (does not currently apply to us as we do not use such information for the relevant purposes).

  • Right not to be discriminated against for exercising any of these rights.

  • Right to designate an authorised agent to make a request on your behalf.

Submitting a request

Submit CCPA requests by email to privacy@digitalforpeople.com or by post to the US address in section 11. We will verify your identity (typically by asking you to confirm details only you and we would know) before responding. We respond within 45 days, with one 45-day extension if reasonably necessary.

"Shine the Light"

California Civil Code §1798.83 permits California residents to request information about disclosure of personal information to third parties for direct marketing purposes. We do not share personal information with third parties for their own direct marketing purposes, so there is nothing to disclose under this section.

bottom of page