Last Updated: 07 Dec 2023
Fluffy Bunnies Limited ("We", "Us", "Our") understands that your privacy is important to you and that you care about how your personal data is used and shared online. We respect and value the privacy of everyone who visits Our website, fluffybunnieslimited.com ("Our Site"), and will only collect and use personal data in ways that are described in this Privacy Policy and in a manner consistent with Our obligations and your rights under the law.
Please read this Privacy Policy carefully and ensure that you understand it. Your acceptance of this Privacy Policy is deemed to occur upon your first use of Our Site. If you do not accept and agree with this Privacy Policy, you must stop using Our Site immediately.
In this Privacy Policy, the following terms shall have the following meanings:
For the purposes of applicable data protection legislation, Fluffy Bunnies Limited is the Data Controller. This means we determine the purposes and means of processing your personal data.
Our Data Protection Officer can be contacted at: [email protected] (please mark correspondence "For the attention of the Data Protection Officer").
This Privacy Policy applies only to your use of Our Site. Our Site may contain links to other websites. Please note that We have no control over how your data is collected, stored, or used by other websites, and We advise you to check the privacy policies of any such websites before providing any data to them.
Our Site and services are not intended for children under the age of 16. We do not knowingly collect personal data from children under 16. If you are under 16, please do not use Our Site or provide any personal data to Us.
As a data subject under the UK GDPR, you have the following rights:
The Right to Be Informed: You have the right to be informed about Our collection and use of your personal data. This Privacy Policy provides that information.
The Right of Access: You have the right to access the personal data We hold about you (see Section 13).
The Right to Rectification: You have the right to have any inaccurate personal data We hold about you corrected and any incomplete personal data completed.
The Right to Erasure (Right to Be Forgotten): In certain circumstances, you have the right to request that We delete or remove personal data We hold about you. Note that We may be required to retain certain information by law.
The Right to Restrict Processing: In certain circumstances, you have the right to restrict or block the processing of your personal data.
The Right to Data Portability: You have the right to receive your personal data in a structured, commonly used and machine-readable format, and to transmit that data to another data controller.
The Right to Object: You have the right to object to Our processing of your personal data for particular purposes, including direct marketing.
Rights Related to Automated Decision-Making and Profiling: We do not use automated decision-making or profiling. If this changes, we will update this Privacy Policy accordingly.
To exercise any of these rights, please contact Us using the details provided in Section 15. We will respond to your request without undue delay and in any event within one month of receipt of your request.
If you have any cause for complaint about Our use of your personal data, please contact Us first using the details in Section 15. You also have the right to lodge a complaint with the Information Commissioner's Office (ICO), the UK's supervisory authority for data protection:
Depending upon your use of Our Site and Our services, We may collect some or all of the following personal data:
Contact Information: - Name - Business/company name - Job title - Email address - Telephone number - Business address - Correspondence address
Technical Information: - IP address - Web browser type and version - Operating system - A list of URLs starting with a referring site, your activity on Our Site, and the site you exit to - Device information
Usage Information: - Information about how you use Our Site, including pages visited, time spent on pages, links clicked - Preferences and interests - Marketing and communication preferences
Service-Related Information: - Information provided when you enquire about Our services - Information provided in the course of receiving Our services - Payment information (processed securely by third-party payment processors) - Project-specific information and communications
We collect personal data in the following ways:
Under the UK GDPR, We must always have a lawful basis for using personal data. The lawful bases We rely upon include:
Consent: Where you have given Us clear consent for Us to process your personal data for a specific purpose
Contract: Where Our use of your personal data is necessary for a contract We have with you, or because you have asked Us to take specific steps before entering into a contract
Legal Obligation: Where Our use of your personal data is necessary for Us to comply with the law
Legitimate Interests: Where Our use of your personal data is necessary for Our legitimate interests or the legitimate interests of a third party (unless there is a good reason to protect your personal data which overrides those legitimate interests)
We use your personal data for the following purposes:
Providing and Managing Your Account: - Creating and managing your user account on Our Site - Personalising your experience on Our Site - Legal Basis: Contract, Consent
Supplying Our Services: - Providing the digital marketing services you have requested - Managing projects and delivering results - Communicating with you about Our services - Legal Basis: Contract, Legitimate Interests
Responding to Communications: - Replying to your emails, phone calls, and other enquiries - Providing customer support - Legal Basis: Contract, Legitimate Interests
Marketing Communications (with your consent): - Sending you information about new services, special offers, and industry insights - Newsletters and updates about Our business - Legal Basis: Consent
Market Research and Analysis: - Understanding how you use Our Site - Improving Our Site, services, and customer experience - Analysing usage patterns and trends - Legal Basis: Legitimate Interests
Compliance and Protection: - Complying with legal obligations - Protecting Our business and legal rights - Preventing fraud and abuse - Legal Basis: Legal Obligation, Legitimate Interests
With your permission and/or where permitted by law, We may use your personal data for marketing purposes, which may include contacting you by email, telephone, or post with information, news, and offers on Our services. You will not be sent any unsolicited marketing or spam. You can withdraw your consent to marketing at any time by:
We will not share your personal data with third parties for their own marketing purposes without your explicit consent.
We will not keep your personal data for any longer than is necessary in light of the reason(s) for which it was first collected. Your personal data will be retained as follows:
Website Users: - Contact form enquiries: 3 years from last contact - Newsletter subscriptions: Until you unsubscribe - Website analytics data: 26 months (aligned with Google Analytics retention)
Service Clients: - Client records and project files: 7 years after completion of services (for tax and legal compliance purposes) - Financial records: 7 years (as required by HMRC) - Contracts and agreements: Duration of contract plus 7 years
Marketing Contacts: - Prospect data: 3 years from last meaningful interaction - Event attendees: 3 years from event date
After the retention period expires, your personal data will be securely deleted or anonymised. You may request earlier deletion by exercising your right to erasure (see Section 4).
We store your personal data within the United Kingdom where possible. Some or all of your personal data may be stored or transferred outside of the UK and the European Economic Area (EEA). Where this occurs, We ensure that:
Data security is of great importance to Us, and to protect your personal data, We have implemented appropriate technical and organisational security measures, including:
Technical Measures: - Secure encrypted connections (HTTPS/SSL) for Our website - Firewall protection and intrusion detection systems - Regular security updates and patches - Secure password policies and authentication - Regular data backups with encryption
Organisational Measures: - Access controls limiting who can view personal data - Staff training on data protection and security - Confidentiality agreements with employees and contractors - Regular review and updating of security procedures - Incident response and breach notification procedures
Data transmitted over the internet can never be guaranteed to be 100% secure. While We take all reasonable steps to protect your personal data, We cannot guarantee the security of any data you transmit to Us. You accept the inherent security risks of providing information and dealing online and will not hold Us responsible for any breach of security unless We have been negligent.
We will not share your personal data with third parties for their own marketing purposes. We may share your personal data with third parties in the following circumstances:
We may share your personal data with trusted third-party service providers who assist Us in operating Our Site and providing Our services, including:
Website and Technology Providers: - Web hosting providers - Website maintenance and support services - Content delivery networks (CDNs) - Email service providers
Marketing and Analytics: - Google Analytics (website analytics) - Email marketing platforms (e.g., Mailchimp) - Customer relationship management (CRM) systems - Social media advertising platforms (e.g., Facebook, LinkedIn)
Professional Services: - Accounting and bookkeeping services - Legal advisors - Business consultants
Payment Processors: - Third-party payment gateway providers for secure payment processing - We do not store credit card details; these are processed securely by PCI DSS compliant payment processors
All service providers are carefully selected and are required to: - Process your personal data only on Our instructions - Maintain appropriate security measures - Comply with UK GDPR and other applicable data protection laws - Not use your personal data for their own purposes
We may use third-party advertising services, including remarketing and retargeting technologies. These services may collect information about your visits to Our Site to serve you targeted advertisements. This processing is based on your consent (obtained via our cookie banner) or Our legitimate interests in marketing Our services.
Advertising partners may include: - Google Ads - Facebook Pixel - LinkedIn Insight Tag - Other advertising networks
We may disclose your personal data if required to do so by law or in response to valid requests by public authorities, including to: - Comply with legal obligations or court orders - Protect and defend Our rights or property - Prevent or investigate possible wrongdoing in connection with Our services - Protect the personal safety of users of Our Site or the public - Protect against legal liability
If Our business or any part of it is sold, merged, or integrated with another business, your personal data may be disclosed to potential purchasers and their advisers and transferred to the new owners. The new owners will be required to use your personal data only for the same purposes for which it was originally collected.
We may share aggregated, anonymised data that cannot identify you individually with third parties for analytics, research, and business development purposes. This data does not constitute personal data under UK GDPR.
We may, from time to time, expand or reduce Our business, which may involve the sale and/or transfer of control of all or part of Our business. Any personal data that you have provided will, where relevant to the transferred business, be transferred along with that part.
The new owner or newly controlling party will, under the terms of this Privacy Policy, be permitted to use your personal data only for the same purposes for which it was originally collected by Us.
In the event of a business transfer, you will not necessarily be contacted in advance or informed of the changes. However, the new owner will be required to maintain appropriate data protection standards.
When you submit personal data via Our Site, you may be given options to restrict Our use of your data, particularly for direct marketing purposes. You can:
You may also wish to sign up to one or more of the preference services operating in the UK:
These services may help prevent you receiving unsolicited marketing. However, they will not prevent you from receiving marketing communications that you have consented to receiving.
You may access certain parts of Our Site without providing any personal data at all. However, to use all features and functions available on Our Site or to receive Our services, you may be required to submit or allow for the collection of certain data.
You may restrict Our use of Cookies through your browser settings. For more information, see Section 14 (Our Use of Cookies).
In most cases, the provision of personal data is voluntary. However, if you do not provide certain information when requested, We may not be able to:
Where We need to collect personal data by law, or under the terms of a contract We have with you, and you fail to provide that data when requested, We may not be able to perform the contract. In this case, We may have to cancel Our services to you, but We will notify you if this is the case at the time.
You have the right to ask for a copy of any personal data We hold about you (a "subject access request"). Under the UK GDPR, no fee is payable for such a request, and We will provide any and all information in response to your request free of charge.
To request a copy of your personal data, please contact Us using the details provided in Section 15. Please:
We will respond to your request without undue delay and in any event within one month of receipt of your request. If your request is complex or We have received multiple requests, this period may be extended by a further two months. We will inform you of any such extension and explain the reasons for the delay.
For your security, We may need to verify your identity before responding to your subject access request. We may request additional information from you to confirm your identity.
Cookies are small text files placed on your computer or device by websites that you visit. They are widely used to make websites work more efficiently and to provide information to the owners of the site.
When you first visit Our Site, you will be presented with a cookie consent banner. We will not set any non-essential cookies unless you choose to accept them. You can change your cookie preferences at any time through your browser settings or Our cookie preference tool.
Strictly Necessary Cookies: These cookies are essential for Our Site to function properly. They include cookies that enable you to log into secure areas and use essential features. These cookies do not require your consent.
Examples: - Session management cookies - Security cookies - Load balancing cookies
Performance and Analytics Cookies: These cookies collect information about how visitors use Our Site, such as which pages are most popular and how users navigate the site. All information collected is aggregated and anonymous.
Examples: - Google Analytics cookies - Heatmap and session recording tools
Functionality Cookies: These cookies allow Our Site to remember choices you make (such as your language or region) and provide enhanced, personalised features.
Examples: - Language preference cookies - User interface customisation cookies
Targeting/Advertising Cookies: These cookies are used to deliver advertisements relevant to you and your interests. They may also be used to limit the number of times you see an advertisement and measure the effectiveness of advertising campaigns.
Examples: - Google Ads cookies - Facebook Pixel - LinkedIn Insight Tag - Remarketing cookies
Google Analytics: We use Google Analytics to understand how Our Site is being used and improve user experience. Your user data is anonymised. For more information about Google's position on privacy, visit: https://policies.google.com/privacy
Google Analytics cookies include: - _ga: Distinguishes unique users (expires after 2 years) - _gid: Distinguishes unique users (expires after 24 hours) - _gat: Used to throttle request rate (expires after 1 minute)
Marketing and Advertising Cookies: We use cookies from the following advertising platforms: - Google Ads: For conversion tracking and remarketing - Facebook: For conversion tracking and custom audiences - LinkedIn: For conversion tracking and matched audiences - DoubleClick: For remarketing and ad serving
Email Marketing: We may use cookies from email marketing platforms (such as Mailchimp) to track email campaign performance and understand which content is most engaging.
Customer Relationship Management: We may use cookies from CRM platforms to track visitor interactions and provide better customer service.
You can control and manage cookies in various ways:
Browser Settings: Most web browsers allow you to control cookies through their settings preferences. However, limiting cookies may impact your experience of Our Site. You can manage cookies in the following browsers:
Opt-Out Tools: - Google Analytics Opt-out: https://tools.google.com/dlpage/gaoptout - Network Advertising Initiative Opt-out: https://optout.networkadvertising.org/ - Digital Advertising Alliance Opt-out: https://www.youronlinechoices.com/uk/
More Information: For more information about cookies, including how to see what cookies have been set and how to manage and delete them, visit: - www.aboutcookies.org - www.allaboutcookies.org
Please note that third parties (including advertising networks and providers of external services like web traffic analysis services) may also use cookies, over which We have no control. These cookies are likely to be analytical/performance cookies or targeting cookies.
Our Site may include social media features, such as Facebook "Like" buttons, Twitter "Tweet" buttons, and LinkedIn "Share" buttons. These features may collect your IP address and which page you are visiting on Our Site, and may set cookies to enable the feature to function properly. Social media features are either hosted by a third party or hosted directly on Our Site. Your interactions with these features are governed by the privacy policies of the companies providing them.
If you have any questions about Our Site, this Privacy Policy, or how We use your personal data, please contact Us:
Please mark correspondence "For the attention of the Data Protection Officer" if your query relates to data protection.
When contacting Us, please be clear about your request, particularly if it relates to: - Subject access requests - Exercising your rights under UK GDPR - Complaints about data handling - Updating or correcting your personal data
We may change this Privacy Policy from time to time to reflect changes in: - The law - Our data processing practices - Our services - Technology and security measures
Any changes will be immediately posted on Our Site, and you will be deemed to have accepted the terms of the updated Privacy Policy on your first use of Our Site following the alterations.
We recommend that you check this page regularly to stay up-to-date with any changes to this Privacy Policy.
If We make material changes to this Privacy Policy that significantly affect your rights, We will make reasonable efforts to notify you directly (for example, by email if We have your email address).
If you engage Our services, We will process additional personal data in the course of providing those services, including:
For clients whose services involve Us processing personal data on your behalf, We will enter into a separate Data Processing Agreement (DPA) that sets out: - The subject matter and duration of processing - The nature and purpose of processing - The types of personal data and categories of data subjects - Our obligations as a data processor - Your obligations as a data controller - Security measures and breach notification procedures
In providing Our services, We may require access to third-party platforms and tools on your behalf (such as Google Ads, social media accounts, analytics platforms). We will: - Access these platforms only as necessary to provide Our services - Implement appropriate security measures - Not use the data for any purpose other than providing Our services - Comply with the terms and conditions of those platforms
Some of the third-party service providers We use may process data outside the United Kingdom. Where We transfer personal data outside the UK, We ensure that:
Adequacy Decisions: - The destination country has been deemed to provide adequate protection by the UK Government
Appropriate Safeguards: - Standard Contractual Clauses (SCCs) approved by the UK authorities are in place - The recipient is certified under an approved certification mechanism - The recipient has Binding Corporate Rules approved by UK authorities
Derogations: - In limited circumstances, transfers may be based on derogations set out in UK GDPR (e.g., with your explicit consent)
Third-party services We use that may involve international data transfers include:
If you require further information about our international data transfers, please contact Our Data Protection Officer at [email protected].
You have the right to: - Be informed about how your data is used (this Privacy Policy) - Access your personal data - Correct inaccurate personal data - Request deletion of your personal data - Restrict processing of your personal data - Data portability - Object to processing - Withdraw consent at any time - Complain to the ICO
To exercise these rights, contact us at: [email protected]
© Fluffy Bunnies Limited, 2025. All rights reserved.
Company Registration Number: 08892217
Registered Office: The Barn, 16 Nascot Place, Watford WD17 4QT England
This Privacy Policy was last updated on 07 Dec 2023