Data Protection & Compliance Policy

Introduction

Company Name: Global Exposure Ltd
Company Number: 12234072
ICO Registration Number: ZB280455
Contact: hello@global-exposure.co.uk

Data Storage & Hosting

We store and process all project-related data using secure, cloud-based systems that adhere to GDPR and UK data protection standards:

  • Google Workspace for email, document storage, and internal collaboration. Data is stored across secure UK/EU data centres with encryption in transit and at rest.
  • Hubflo for CRM and project management. Access is restricted to authorised personnel only.
  • Xero for invoicing and financial records, fully compliant with UK tax and data protection regulations.
  • Timely for time tracking and resource management, hosted in the EU and GDPR compliant.
  • Website Hosting: Our client websites are hosted on a dedicated server rented through Fasthosts, located in a UK data centre. All servers are secured with SSL encryption and subject to regular security updates.

Data Processing & Access Control

Client data is only accessed for service delivery and contractual obligations. All systems use password protection and access controls, with 2FA applied to key accounts. We never share client data with third parties unless agreed in writing or required for platform functionality (e.g. Google Analytics, SEMrush).

Subprocessors

In some cases, we engage approved subcontractors (e.g. for specialist PPC or development work) who operate under signed agreements and only receive access to the data necessary for their role.

Data Retention

We retain client data for the duration of the engagement and up to 12 months post-project. Website backups and essential records may be stored longer for continuity unless deletion is requested in writing.

GDPR & Data Subject Rights

We operate fully in line with the UK GDPR and Data Protection Act 2018. Clients may request at any time:

  • Access to their personal data
  • Correction or deletion
  • Restriction of processing
  • Data portability

Requests should be submitted to hello@global-exposure.co.uk and will be handled within one calendar month.

Security & Breach Protocol

  • All hosting includes SSL encryption, regular software patching, and firewall protection.
  • Emails are secured with SPF, DKIM, and DMARC records to minimise phishing risk.
  • In the unlikely event of a data breach, we will notify affected parties within 72 hours of becoming aware, in line with Article 33 of GDPR.

Contact Us

For any questions about our Data Protection & Compliance Policy or our approach to data protection, please contact us at hello@global-exposure.co.uk.

Have a question regarding our Data Protection & Compliance Policy?

For any questions or to learn more about how we handle data securely and responsibly, please contact us.