Customer Privacy Notice 

Registered name

 

Maskew Ltd (trading as Maskew Media)

We are the controller of your personal data. For more information on controllers and their responsibilities please see our guidance on data protection principles, definitions, and key terms.
This privacy notice tells you what to expect us to do with your personal information.
 

• Contact details

• What information we collect, use, and why

• Lawful bases and data protection rights

• Where we get personal information from

• How long we keep information

• Who we share information with

• Sharing information outside the UK

• How to complain
   

Contact details

Email:
hello@maskew.media

Address:
38 Kilbride Way,
Orton Northgate,
Peterborough,
PE26SX

What information we collect, use, and why

We collect or use the following information to provide and improve products and services for clients:
 

• Names and contact details

• Addresses

• Occupation

• Financial data (such as invoice records, payment history and transaction references)

• Transaction data (including details about payments to and from you and details of products and services you have purchased)

• Usage data (including information about how you interact with and use our website, products and services)

• Employment details (such as job title and role, where relevant to the project)

• Video and Audio recordings (eg calls) (We record discovery calls only with your permission. You can ask us to stop or delete a recording at any time.)

• Records of meetings and decisions

• Website user information

• Brand assets supplied by clients (logos, staff photos), draft scripts and storyboard files that may identify individuals.
   

We collect or use the following personal information for the operation of client or customer accounts:
 

• Names and contact details

• Addresses

• Purchase or service history

• Marketing preferences

• Project assets supplied by clients (logo files, video footage) that may incidentally identify individuals.
   

We collect or use the following personal information for information updates or marketing purposes:
 

• Names and contact details

• Marketing preferences

• Purchase or account history

• Website and app user journey information
   

We collect or use the following personal information for research or archiving purposes:
 

• Names and contact details

• Addresses

• Purchase or client account history

• Archived project assets (raw video footage, final edits, brand files) retained for contractual, insurance and portfolio purposes.
   

We collect or use the following personal information for dealing with queries, complaints or claims:
 

• Names and contact details

• Addresses

• Purchase or service history

• Call recordings

• Photographs

• Customer or client accounts and records

• Financial transaction information

• Correspondence

• Project assets (raw video clips, draft edits) retained where directly relevant to the complaint.

​​

Scorecard and website forms:

​

When you complete a scorecard, quiz, contact form, or download form on our website, we collect the information you provide (such as name, email address, business name, and your responses) so we can send your personalised results, follow up with relevant insights, and contact you about related services.

​

We use this information to:

​

• Send your scorecard or report results by email

• Provide tailored advice or recommendations based on your responses

• Follow up with information about our products or services that may help your business

You can unsubscribe or opt out of follow-up communications at any time using the link in our emails or by contacting us at hello@maskew.media.

​

Lawful bases and data protection rights

Under UK data protection law, we must have a “lawful basis” for collecting and using your personal information. There is a list of possible lawful bases in the UK GDPR. You can find out more about lawful bases on the ICO’s website.

Which lawful basis we rely on may affect your data protection rights which are set out in brief below. You can find out more about your data protection rights and the exemptions which may apply on the ICO’s website:
 

• Your right of access - You have the right to ask us for copies of your personal information. You can request other information such as details about where we get personal information from and who we share personal information with. There are some exemptions which means you may not receive all the information you ask for. Read more about the right of access.

• Your right to rectification - You have the right to ask us to correct or delete personal information you think is inaccurate or incomplete. Read more about the right to rectification.

• Your right to erasure - You have the right to ask us to delete your personal information. Read more about the right to erasure.

• Your right to restriction of processing - You have the right to ask us to limit how we can use your personal information. Read more about the right to restriction of processing.

• Your right to object to processing - You have the right to object to the processing of your personal data. Read more about the right to object to processing.

• Your right to data portability - You have the right to ask that we transfer the personal information you gave us to another organisation, or to you. Read more about the right to data portability.

• Your right to withdraw consent – When we use consent as our lawful basis you have the right to withdraw your consent at any time. Read more about the right to withdraw consent.
   

If you make a request, we must respond to you without undue delay and in any event within one month.

To make a data protection rights request, please contact us using the contact details at the top of this privacy notice.

Our lawful bases for the collection and use of your data

Our lawful bases for collecting or using personal information to provide and improve products and services for clients are:
 

• Contract – we have to collect or use the information so we can enter into or carry out a contract with you. All of your data protection rights may apply except the right to object.

• Legitimate interests – we’re collecting or using your information because it benefits you, our organisation or someone else, without causing an undue risk of harm to anyone. All of your data protection rights may apply, except the right to portability. Our legitimate interests are:

• We analyse a small set of professional data (client name, business contact details, package purchased, project feedback and anonymised website usage metrics) to refine our Content Growth Plan framework and video production workflows. This helps us spot common bottlenecks, improve training materials and deliver more effective results for all clients. The processing is limited, fully within what clients reasonably expect when they hire us, has minimal privacy impact, and they can object or opt out at any time. Data is stored securely, kept no longer than necessary and shared only with vetted subcontractors under strict confidentiality.

• We also rely on legitimate interest when a person completes a scorecard, quiz, or similar interactive tool and provides their email address to receive results. In these cases, it is reasonable for us to follow up with relevant advice or information about services that directly relate to the topic of the scorecard. This contact is always limited, relevant, and includes a clear unsubscribe link in every message.
   

For more information on our use of legitimate interests as a lawful basis you can contact us using the contact details set out above.

Our lawful bases for collecting or using personal information for the operation of client or customer accounts are:
 

• Contract – we have to collect or use the information so we can enter into or carry out a contract with you. All of your data protection rights may apply except the right to object.

• Legal obligation – we have to collect or use your information so we can comply with the law. All of your data protection rights may apply, except the right to erasure, the right to object and the right to data portability.
   

Our lawful bases for collecting or using personal information for information updates or marketing purposes are:
 

• Consent - we have permission from you after we gave you all the relevant information. All of your data protection rights may apply, except the right to object. To be clear, you do have the right to withdraw your consent at any time.

• Legitimate interests – we’re collecting or using your information because it benefits you, our organisation or someone else, without causing an undue risk of harm to anyone. All of your data protection rights may apply, except the right to portability. Our legitimate interests are:

• We send occasional emails to existing clients and qualified B2B prospects about content strategy tips, service updates and relevant offers. These messages help recipients improve their own marketing while allowing us to grow our business. We use only business contact details, limit the frequency of emails and include an instant unsubscribe link in every message. We judge that benefit and minimal intrusion outweigh any privacy impact, and individuals can opt out at any time. With your consent we may publish testimonials (text, image or video) containing your name, role and company on our website and social channels. You can withdraw consent at any time and we will remove the material.
   

You can object to marketing at any time” (UK GDPR Art 21).

For more information on our use of legitimate interests as a lawful basis you can contact us using the contact details set out above.

Our lawful bases for collecting or using personal information for research or archiving purposes:
 

• Legal obligation – we have to collect or use your information so we can comply with the law. All of your data protection rights may apply, except the right to erasure, the right to object and the right to data portability.

• Legitimate interests – we’re collecting or using your information because it benefits you, our organisation or someone else, without causing an undue risk of harm to anyone. All of your data protection rights may apply, except the right to portability. Our legitimate interests are:

• We keep a limited set of project records – invoices, signed contracts, email threads, raw footage and approved edits – for up to six years after project completion. We need these files to: 

  • Meet HMRC accounting record requirements and professional indemnity insurance conditions;

  • Defend or settle any future legal claims; 

  • Refer to past technical setups when a client rebooks; 

  • Showcase finished work in our portfolio (only with the client’s written consent). All files are stored in encrypted cloud drives with access restricted to senior staff and insured subcontractors. The retention period is the minimum necessary and individuals can request deletion of non-financial items at any time. The privacy impact is low, and the clear legal and operational benefits outweigh any residual risk.
     

For more information on our use of legitimate interests as a lawful basis you can contact us using the contact details set out above.

Our lawful bases for collecting or using personal information for dealing with queries, complaints or claims are:
 

• Contract – we have to collect or use the information so we can enter into or carry out a contract with you. All of your data protection rights may apply except the right to object.

• Legal obligation – we have to collect or use your information so we can comply with the law. All of your data protection rights may apply, except the right to erasure, the right to object and the right to data portability.

• Legitimate interests – we’re collecting or using your information because it benefits you, our organisation or someone else, without causing an undue risk of harm to anyone. All of your data protection rights may apply, except the right to portability. Our legitimate interests are:

• We retain project emails, call notes, invoices, video drafts and related documents so we can investigate and resolve any queries, complaints or legal claims. This evidence lets us confirm what was delivered, process refunds if due and defend against unfounded allegations. The material is stored securely, accessed only by senior staff or our insurers and kept for the minimum period required by law (normally six years). The privacy impact is low, and individuals can request redaction of any nonessential personal details.
   

For more information on our use of legitimate interests as a lawful basis you can contact us using the contact details set out above.

Where we get personal information from
 

• Directly from you

• Publicly available sources

• Interactive forms on our website, such as scorecards or quizzes.
   

How long we keep information
 

We keep different types of personal information for specific periods to meet legal, contractual, and operational requirements:
 

• Invoices, receipts and payment records – kept for six years plus the current tax year, as required by HMRC and the Companies Act 2006.

• Signed contracts and statements of work – kept for six years after project completion so we can defend any breach-of-contract claim under the Limitation Act 1980.

• Discovery-call recordings – kept for up to 12 months, then deleted. These are used only as a reference while building and reviewing your Content Growth Plan.

• Marketing e-mail list (name, email, opt-in status) – kept until you unsubscribe or for up to 24 months of inactivity, to ensure we can honour GDPR opt-out rights.

Scorecard responses and associated contact details are stored for up to 24 months to allow us to provide follow-up advice, offers, or updates directly related to your results. We never sell or share these details with third parties for their own marketing.

Who we share information with

Data processors

Payment processors – Stripe, Wix Payments, PayPal (IE\/US)
This data processor does the following activities for us: Handle secure card transactions; we never see full payment details. 
Cloud & production services – Wix (hosting), Google Workspace & Analytics, PandaDoc, freelance editors\/designers (UK\/EU)
This data processor does the following activities for us: Host our site and checkout, store project files and emails, collect anonymised website stats, capture esignatures, and edit raw footage under NDA. 

Others we share personal information with

• Insurance companies (only if we need to notify a claim)

• Professional or legal advisors

• Regulatory authorities

• Publicly on our website, social media or other marketing and information media
   

Sharing information outside the UK

Where necessary, we may transfer personal information outside the UK. Whenever this happens, we comply with the UK GDPR and make sure appropriate safeguards are in place.
For further information —or to obtain a copy of the relevant safeguard for any transfer listed below—please contact us using the details provided above.

Organisation name: Stripe Payments Europe Ltd

Category of recipient: Payment‑processing platform

Country the personal information is sent to: Ireland

How the transfer complies with UK data‑protection law: The EEA (including Ireland) has a UK adequacy decision, meaning it provides a level of protection recognised as equivalent to the UK.

Organisation name: Google LLC (Google Workspace & Google Analytics)

Category of recipient: Cloud‑storage and analytics provider

Country the personal information is sent to: United States

How the transfer complies with UK data‑protection law: Transfers are covered by the EU Standard Contractual Clauses together with the UK Addendum, which provide appropriate safeguards for personal data leaving the UK.

How to complain

If you have any concerns about our use of your personal data, you can make a complaint to us using the contact details at the top of this privacy notice.

If you remain unhappy with how we’ve used your data after raising a complaint with us, you can also complain to the ICO.

The ICO’s address:          
 
Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF

Helpline number: 0303 123 1113

Website: https://www.ico.org.uk/make-a-complaint