Privacy Policy

For any questions about this Privacy Policy, or to exercise your legal rights, please contact us:

Ambition Digital (AD) Ltd
5 South Charlotte Street, Edinburgh, EH2 4AN
Email: contact@ambitiondigital.co.uk
Phone: 0131 385 9118

You have the right to lodge a complaint at any time with the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection (ico.org.uk). We would, however, appreciate the opportunity to address your concerns first, so please contact us in the first instance.

Personal data means any information from which a living individual can be identified. It does not include data where the identity has been permanently removed (anonymous data).

We may collect, use, store, and transfer the following categories of personal data:

• Identity Data (first name, last name, title, username or similar identifier).
• Contact Data (billing address, email address, and telephone numbers).
• Financial Data (payment card details and bank account information (typically processed by our payment providers, not stored by us)).
• Transaction Data (details of payments to and from you, and of the services you have purchased from us).
• Technical Data (IP address, browser type and version, time zone and location, operating system, device information, and other technology you use to access our site).
• Profile Data (your interests, preferences, feedback, survey responses, and any account login details).
• Usage Data (information about how you use our website and services).
• Marketing and Communications Data (your preferences for receiving marketing from us and your communication preferences).

We may also collect and use Aggregated Data (such as statistical or demographic data) for analytics and reporting. This is not personal data in law, as it does not identify you. If we combine Aggregated Data with your personal data so that it can identify you, we treat the combined data as personal data.

We do not intentionally collect any Special Category Data (such as data revealing race or ethnicity, religious beliefs, health, sexual orientation, political opinions, or trade union membership) or data about criminal convictions. Please do not include such information in free-text fields (for example, our enquiry form). If you do, you consent to us processing it for the purpose of responding to your enquiry.

4.1 Direct interactions.

You provide us with Identity, Contact, Financial, and other data when you complete an enquiry form, correspond with us by phone, email, post or in person, instruct us for our services, subscribe to our communications, enter a promotion or survey, or give us feedback.

4.2 Automated technologies and tracking.

As you interact with our website, we automatically collect Technical and Usage Data using cookies and similar technologies. We do this only in line with your cookie preferences. The specific technologies we currently use include Google Analytics 4, Meta Pixel, and Microsoft Clarity; the definitive, live list is available in the cookie settings panel on our site. For full details, see our Cookie Policy. Non-essential tracking is only deployed after you give consent via our cookie banner.

4.3 Third parties and public sources.

We may receive personal data from analytics providers, advertising networks, payment and technical service providers, and publicly available sources such as Companies House.

4.4 On behalf of our clients.

Where a client engages us to manage their data or campaigns, we may process personal data they provide as a processor, strictly on their instructions.

4.5 Contact and enquiry forms.

We sometimes use third-party form and lead capture tools on our own website and on the websites of clients whose marketing we manage. Where these forms are used, we have access to the submissions they generate, including the details submitted and any messages exchanged. On our own website, we use this information to respond to you and to improve our forms, services, and marketing. On a client’s website, the submissions relate to that client’s own customers and prospects: the client is the controller of that data and we access and process it as the client’s processor in order to provide our services to them. These tools may be based outside the UK; where this involves an international transfer, we apply the safeguards described in the “International Transfers” section.

We will only use your personal data when the law allows. Most commonly, we rely on one or more of the following lawful bases:

• Performance of a contract (with you, or to take steps at your request before entering into one).
• Legitimate interests (our interest in running, growing, and securing our business, provided your rights do not override those interests).
• Legal obligation (where we must comply with the law).
• Consent (primarily for sending direct marketing and for non-essential cookies. You can withdraw consent at any time).

The table below summarises our main processing purposes:

5.1 Marketing.

You will receive marketing from us only where you have requested information, purchased our services, or otherwise consented, and have not opted out. You can opt out at any time using the unsubscribe links in our messages or by contacting us. We will obtain your express opt-in consent before sharing your data with any third party for their own marketing.

5.2 Change of purpose.

We will only use your personal data for the purposes we collected it for, unless we reasonably consider we need to use it for a compatible reason. If we need to use it for an unrelated purpose, we will notify you and explain the legal basis.

We do not make decisions that produce legal or similarly significant effects about you based solely on automated processing.

We may use third-party artificial intelligence (“AI”) tools and services, including large language models, generative AI tools, and AI-assisted research and analytics platforms (for example tools provided by OpenAI, Anthropic, Google, Perplexity, and similar providers), to help us carry out and improve our work. This may include drafting, editing, and analysing content, summarising and researching information, generating images or other creative materials, and supporting our marketing, reporting, and analytical activities. We may adopt, change, or replace the specific AI tools we use from time to time.

Where we use such tools in connection with our own business, we rely on our legitimate interests (operating, improving, and growing our business efficiently). We take reasonable steps to use AI tools on terms that protect any data we input, for example, favouring business or enterprise services that do not use our inputs to train their models, and avoiding the input of unnecessary personal data.

Where we process client personal data, we will only use AI tools that have been authorised under our agreement with the relevant client and in accordance with our obligations as a data processor.

Many AI providers are based outside the UK. Where our use of an AI tool involves an international transfer of personal data, we apply the safeguards described in the “International Transfers” section below.

We do not use AI tools to make decisions that produce legal or similarly significant effects about you based solely on automated processing.

We may share your personal data with:

• Service providers and processors (IT, hosting, system administration, analytics, email marketing, and artificial intelligence services (for example our hosting provider, Google, Meta, Microsoft, email marketing platforms, and AI and large language model providers such as OpenAI, Anthropic, Google, and Perplexity), engaged under contracts that require them to protect your data and use it only on our instructions).
• Affiliated companies and brands within our group (We may share your personal data with other companies, brands, or business entities that are part of, or become part of, our group, for purposes consistent with this Privacy Policy, including administration and the provision of our services. Where such sharing is for marketing purposes, we will rely on your consent).
• Professional advisers (such as lawyers, accountants, auditors, bankers, and insurers).
• Authorities and regulators (including HM Revenue & Customs, where required by law).
• Third parties in a business transaction (if we sell, transfer, or merge parts of our business, in which case the new owners may use your data as described in this policy).

We require all third parties to respect the security of your personal data and to process it only for specified purposes and in accordance with our instructions.

We are proud of the work we do and may wish to showcase the results we achieve.

9.1 Anonymised and aggregated results.

We may use anonymised or aggregated information about the campaigns and projects we deliver, such as performance metrics, statistics, and outcomes, in our case studies, reports, marketing materials, and on our website. Where information is genuinely anonymised so that no individual or business can be identified, it is no longer personal data and may be used without restriction. We rely on our legitimate interests (promoting our services and demonstrating our expertise) for this use, and you may object to it at any time by contacting us.

9.2 Identifiable case studies and testimonials.

Where we wish to use information that identifies you or your business, such as your company name, logo, named testimonials, or recognisable campaign details, we will do so only with your consent or under the terms of our agreement with you. You may withdraw your consent or ask us to stop using identifiable material at any time by contacting us, and we will remove it from future materials (we may be unable to recall materials already printed or distributed).

Some of our service providers, including analytics, advertising, cloud, and artificial intelligence providers such as Google, Meta, Microsoft, OpenAI, Anthropic, and Perplexity, are based outside the UK, which means your personal data may be transferred internationally. Where we transfer personal data outside the UK, we ensure a similar degree of protection by relying on one of the following safeguards:

• transfers to countries the UK government has deemed to provide adequate protection; or
• the UK International Data Transfer Agreement (IDTA) or the EU Standard Contractual Clauses with the UK Addendum; or
• other lawful transfer mechanisms recognised under UK data protection law.

You can contact us for more information about the specific safeguards applied to any transfer.

We have put in place appropriate technical and organisational measures to prevent your personal data from being accidentally lost, used, accessed, altered, or disclosed in an unauthorised way. Access is limited to those who have a business need to know, and they are subject to a duty of confidentiality.

We have procedures to deal with any suspected personal data breach and will notify you and any applicable regulator where we are legally required to do so. While we take security seriously, you are responsible for keeping any login credentials you hold confidential.

We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including to satisfy any legal, accounting, or reporting requirements. To determine the appropriate retention period, we consider the volume, nature, and sensitivity of the data, the potential risk of harm, the purposes of processing, and applicable legal requirements.

By law, we must keep basic information about our clients (including Identity, Contact, Financial, and Transaction Data) for six years after they cease being clients, for tax and legal limitation purposes. In some circumstances we may anonymise your data, in which case we may use it indefinitely without further notice.

Under data protection law, you have the right to:

• Request access (to your personal data via “data subject access request”).
• Request correction (of inaccurate or incomplete data).
• Request erasure (of your data where there is no good reason for us to continue processing it).
• Object to processing (based on our legitimate interests, and to object to direct marketing at any time).
• Request restriction (of processing in certain circumstances).
• Request transfer (portability of your data in a structured, machine readable format).
• Withdraw consent (at any time where we rely on consent. This does not affect processing carried out before withdrawal).

To exercise any of these rights, contact us at contact@ambitiondigital.co.uk.

You will not usually have to pay a fee. We may charge a reasonable fee, or refuse to act, if your request is clearly unfounded, repetitive, or excessive. We may need to verify your identity before responding. We aim to respond to all legitimate requests within one month. If your request is complex, we may take longer and will keep you updated.

Our website may contain links to third-party websites, plugins, and applications. Clicking those links may allow third parties to collect or share data about you. We do not control these websites and are not responsible for their privacy practices. We encourage you to read the privacy policy of every site you visit.