We use cookies to understand how visitors use our site. Privacy Policy

Privacy Policy

Last updated: 9 April 2026

1. Introduction

Fresh Bread Media Limited ("we", "us", "our") is committed to protecting and respecting your privacy. This policy explains how we collect, use, store, and share personal data when you visit our website, use our services, or interact with us in any capacity.

This policy applies to all visitors, prospective clients, existing clients, and any other individuals whose personal data we may process in the course of our business operations. By continuing to use our website, you acknowledge that you have read and understood this policy.

We are registered in England and Wales. Our registered office address is SBC House, Restmor Way, Wallington, SM6 7AH. For any privacy-related enquiries, you can contact us at info@freshbreadmedia.uk.

2. Data Controller

For the purposes of the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018, the data controller is Fresh Bread Media Limited. We determine the purposes and means of processing your personal data and are responsible for ensuring that such processing is carried out in compliance with applicable data protection legislation.

Where we act as a data processor on behalf of our clients (for example, when managing client website content that includes end-user data), the relevant client is the data controller and we process data only in accordance with their instructions and our contractual obligations.

3. Information We Collect

We may collect and process the following categories of personal data depending on how you interact with us:

3.1 Information you provide directly

  • Full name, email address, telephone number, and any message content submitted via our contact forms
  • Your name, email address, and optionally your telephone number when you submit your details through our website health check tool
  • Business name, address, and related information provided during the course of a client engagement or onboarding process
  • Login credentials and account preferences if you register for or use our client portal
  • Any correspondence, attachments, or materials you send to us by email, post, or any other communication channel
  • Billing information, invoicing details, and payment-related data necessary to process transactions

3.2 Information collected automatically

  • Your IP address, browser type and version, operating system, and device information
  • Pages visited, time spent on each page, referring URL, and navigation paths through our website
  • The website URL you enter into our site health check tool (this is logged for operational purposes regardless of whether you subsequently submit your contact details)
  • Technical performance data relating to how our website renders and operates in your browser

3.3 Information from third parties

In limited circumstances, we may receive information about you from third-party sources, including publicly available business directories, referrals from existing clients, or social media platforms where you have chosen to make your information publicly accessible. We only use such information where we have a legitimate basis for doing so.

4. Lawful Basis for Processing

We rely on the following lawful bases under Article 6 of the UK GDPR to process your personal data:

  • Consent — where you have given clear, informed consent for us to process your data for a specific purpose, such as accepting analytics cookies or opting in to receive communications from us. You may withdraw consent at any time without affecting the lawfulness of processing carried out before withdrawal.
  • Contractual necessity — where processing is necessary for the performance of a contract we have with you, or to take steps at your request before entering into a contract. This includes managing client accounts, delivering services, processing payments, and providing access to our client portal.
  • Legitimate interests — where processing is necessary for the purposes of our legitimate business interests, provided those interests are not overridden by your rights and freedoms. This includes maintaining the security and integrity of our website, analysing aggregated usage patterns to improve our services, preventing fraud, and responding to enquiries.
  • Legal obligation — where processing is necessary for compliance with a legal obligation to which we are subject, such as maintaining financial records for tax purposes or responding to lawful requests from regulatory authorities.

5. Cookies and Similar Technologies

5.1 What cookies are

Cookies are small text files placed on your device by websites you visit. They are widely used to make websites function correctly, improve user experience, and provide information to website operators. Cookies may be "session" cookies (deleted when you close your browser) or "persistent" cookies (remaining on your device for a set period or until you delete them).

5.2 Cookies we use

Our website uses the following cookies:

  • fbm_cookie_consent — an essential, strictly necessary cookie that records whether you have accepted or rejected non-essential cookies. This cookie persists for 180 days and is set regardless of your consent choice, as it is required for the website to remember your preference. It contains no personal data beyond your accept or reject decision.

5.3 Analytics cookies

If you click "Accept" on our cookie consent banner, we load analytics cookies provided by Google Analytics 4. These cookies help us understand how visitors interact with our website by collecting information such as pages visited, session duration, and general geographic region. This data is processed in aggregate and does not identify you personally.

If you click "Reject", no analytics cookies are set and no usage data is collected. The analytics service is not loaded at all in this case.

Analytics cookies set by this service include identifiers used to distinguish between users and sessions, and to throttle the rate of data collection. These cookies are governed by the privacy policy of the respective analytics provider.

You can read Google's privacy policy for further detail on how they handle analytics data.

5.4 Managing cookies

You can change your cookie preferences at any time by clearing the fbm_cookie_consent cookie from your browser settings. Once cleared, the consent banner will reappear on your next visit, allowing you to make a new choice.

Most web browsers also allow you to control cookies through their settings. You can typically set your browser to refuse all cookies, accept only first-party cookies, or delete cookies when you close your browser. Please note that disabling essential cookies may impair the functionality of certain features on our website.

6. How We Use Your Data

We use the personal data we collect for the following purposes:

  • To respond to enquiries and communications you send to us
  • To provide, manage, and deliver the services you have engaged us for, including web design, development, hosting, and related creative services
  • To create and manage your client portal account, including providing access to project documents, quotes, invoices, and service agreements
  • To process payments and maintain accurate financial records
  • To send you project updates, deliverables, and service-related communications necessary for the fulfilment of our contractual obligations
  • To improve our website, services, and overall user experience based on aggregated and anonymised usage data
  • To operate and improve our website health check tool, including logging submitted URLs and analysing aggregate patterns in the types of websites checked
  • To maintain the security of our website and systems, including detecting and preventing unauthorised access, abuse, or fraudulent activity
  • To comply with legal obligations, including maintaining records required for tax, accounting, and regulatory purposes

We do not sell, rent, or trade your personal data to any third party for their own marketing or commercial purposes. We do not send unsolicited marketing communications unless you have given your explicit, informed consent to receive them, and you may withdraw that consent at any time.

7. Sharing Your Data

We may share your personal data with the following categories of recipients, only to the extent necessary for the purposes described in this policy:

  • Infrastructure and hosting providers — we use third-party services to host our website, databases, and client portal. These providers process data on our behalf under strict contractual terms and are required to implement appropriate technical and organisational security measures.
  • Payment processors — when you make a payment, the transaction is handled by a PCI DSS-compliant third-party payment processor. We do not receive, process, or store your full card details at any point. The payment processor operates under its own privacy policy and data processing terms.
  • Analytics providers — if you consent to analytics cookies, anonymised usage data is shared with our analytics provider to help us understand website traffic and user behaviour.
  • Professional advisors — we may share data with our accountants, legal advisors, or other professional consultants where necessary for the operation of our business or to comply with legal obligations.
  • Law enforcement and regulatory bodies — we may disclose personal data where required to do so by law, by a court order, or by a regulatory authority with lawful jurisdiction.

We do not share your personal data with any third party for purposes unrelated to those described above without first obtaining your explicit consent.

8. Data Storage and Security

We take the security of your personal data seriously and implement appropriate technical and organisational measures to protect it against unauthorised access, alteration, disclosure, or destruction. These measures include, but are not limited to:

  • Encryption of data in transit using industry-standard TLS/SSL protocols
  • Encryption of sensitive data at rest within our database systems
  • Strict access controls ensuring that only authorised personnel can access personal data, and only to the extent necessary for their role
  • Regular review and updating of our security practices in line with evolving threats and industry best practices
  • Secure authentication mechanisms for client portal access, including hashed password storage

Client data is stored on secure, managed infrastructure hosted within the European Economic Area (EEA). Contact form submissions and website health check logs are stored on our UK-based web hosting infrastructure. In all cases, our hosting providers maintain physical, environmental, and network security controls that meet or exceed recognised industry standards.

While we take all reasonable steps to protect your data, no method of electronic transmission or storage is completely secure. We cannot guarantee absolute security, but we are committed to maintaining a level of protection appropriate to the nature of the data we process.

9. Data Retention

We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, or as required by law. Our retention periods are as follows:

  • Contact form submissions — retained for up to 12 months from the date of submission, unless a client relationship is established, in which case the data is retained as part of the client record.
  • Website health check logs — retained for up to 12 months for operational analysis and then permanently deleted.
  • Client records — retained for the duration of the client relationship and for a period of up to 6 years thereafter, in accordance with HMRC record-keeping requirements for business transactions.
  • Financial records — invoices, payment records, and related documents are retained for a minimum of 6 years as required by UK tax legislation.
  • Analytics data — anonymised and aggregated analytics data may be retained indefinitely as it does not constitute personal data. Raw analytics data is subject to the retention policies of the analytics provider.
  • Cookie consent preferences — your accept or reject choice is stored in a cookie on your device for 180 days, after which the consent banner will reappear.

When personal data is no longer required, it is securely deleted or anonymised so that it can no longer be associated with you.

10. International Data Transfers

We primarily store and process your data within the United Kingdom and the European Economic Area (EEA). However, some of our third-party service providers may process data in countries outside the UK and EEA.

Where personal data is transferred outside the UK, we ensure that appropriate safeguards are in place in accordance with Chapter V of the UK GDPR. These safeguards may include:

  • Transfers to countries that the UK government has determined provide an adequate level of data protection
  • The use of standard contractual clauses approved by the Information Commissioner's Office (ICO)
  • Other appropriate safeguards as recognised under UK data protection law

You may contact us at info@freshbreadmedia.uk for further information about the specific safeguards applied to any international transfer of your data.

11. Your Rights

Under the UK GDPR and the Data Protection Act 2018, you have the following rights in relation to your personal data:

  • Right of access — you have the right to request a copy of the personal data we hold about you. We will respond to your request within one calendar month of receiving it, and we will provide the data in a commonly used, machine-readable format where feasible.
  • Right to rectification — you have the right to request that we correct any personal data that is inaccurate or incomplete. We will make the necessary corrections promptly and inform any third parties with whom the data has been shared, where applicable.
  • Right to erasure — you have the right to request the deletion of your personal data where there is no compelling reason for us to continue processing it. This right is not absolute and may be subject to exceptions, such as where we are required to retain data for legal or regulatory purposes.
  • Right to restrict processing — you have the right to request that we restrict the processing of your personal data in certain circumstances, such as when you contest the accuracy of the data or object to our processing of it.
  • Right to data portability — where processing is based on consent or contractual necessity and is carried out by automated means, you have the right to receive your personal data in a structured, commonly used, machine-readable format, and to transmit that data to another controller.
  • Right to object — you have the right to object to the processing of your personal data where we rely on legitimate interests as the lawful basis for processing. We will cease processing unless we can demonstrate compelling legitimate grounds that override your interests, rights, and freedoms.
  • Right to withdraw consent — where we process your data on the basis of consent, you have the right to withdraw that consent at any time. For analytics cookies, you can withdraw consent by clearing the fbm_cookie_consent cookie from your browser, which will cause the consent banner to reappear on your next visit.
  • Rights related to automated decision-making — we do not carry out any automated decision-making or profiling that produces legal or similarly significant effects on you.

To exercise any of these rights, please contact us at info@freshbreadmedia.uk. We will respond to all legitimate requests within one calendar month. In exceptional circumstances, where requests are particularly complex or numerous, we may extend this period by up to two further months, and we will inform you if this is the case.

We will not charge a fee for processing your request unless it is manifestly unfounded or excessive, in which case we may charge a reasonable administrative fee or decline to act on the request.

12. Children's Privacy

Our website and services are not directed at individuals under the age of 18. We do not knowingly collect personal data from children. If we become aware that we have inadvertently collected personal data from a child, we will take steps to delete that data as promptly as possible. If you believe that a child has provided personal data to us, please contact us at info@freshbreadmedia.uk.

13. Links to Third-party Websites

Our website may contain links to external websites operated by third parties. These links are provided for your convenience and do not imply endorsement or responsibility for the content, privacy practices, or policies of those websites. We have no control over and accept no responsibility for the privacy practices of third-party websites. We encourage you to review the privacy policy of any website you visit before providing any personal data.

14. Website Health Check Tool

Our website includes a free website health check tool that allows visitors to enter a website URL for analysis. When you use this tool, the following data processing occurs:

  • The URL you submit is sent to a third-party performance analysis service for technical assessment. This service returns data about the website's speed, mobile-friendliness, security, and other technical characteristics. No personal data about you is shared with this service beyond the URL itself.
  • The URL you submit is logged on our server for operational and analytical purposes, such as understanding the volume and nature of checks performed. This log does not contain your name, email address, or any other personal identifiers unless you subsequently choose to submit your contact details.
  • If you choose to submit your contact details after viewing your results, those details are stored securely on our UK-hosted server and used solely to follow up on your enquiry.

The health check tool does not install cookies, collect device information, or track your browsing activity beyond the interaction described above.

15. Client Portal

If you are an existing client, you may be provided with access to our client portal. The portal allows you to view project documents, quotes, invoices, and service agreements related to your engagement with us. The following data processing applies:

  • Account credentials (email and password) are required to access the portal. Passwords are stored using industry-standard cryptographic hashing and are never stored in plain text.
  • Documents, quotes, invoices, and agreements accessible through the portal contain business and financial information related to your project. Access to this information is restricted to authenticated users associated with the relevant client account.
  • Portal access may be revoked at any time at our discretion or at your request.

16. Changes to This Policy

We may update this privacy policy from time to time to reflect changes in our practices, services, legal requirements, or regulatory guidance. Any changes will be posted on this page with an updated "Last updated" date at the top of the document.

We encourage you to review this policy periodically to stay informed about how we are protecting your data. Your continued use of our website after any changes to this policy constitutes your acknowledgement of those changes.

17. Complaints

If you are dissatisfied with the way we have handled your personal data, or if you believe that we have not complied with our obligations under data protection legislation, we would appreciate the opportunity to resolve the matter directly. Please contact us at info@freshbreadmedia.uk and we will investigate your concern promptly.

If you remain unsatisfied with our response, you have the right to lodge a complaint with the Information Commissioner's Office (ICO), the UK's supervisory authority for data protection. You can contact the ICO at ico.org.uk or by telephone on 0303 123 1113.

18. Contact Us

If you have any questions about this privacy policy, your personal data, or our data protection practices, please contact us: