Privacy & Legal

Privacy & Legal

Aetherbloom Ltd Company No. 16355910 | ICO Reg. ZC138924
71-75 Shelton Street, Covent Garden, London, WC2H 9JQ
Last updated: May 2026

1.1 Who We Are

Aetherbloom Ltd is a business process outsourcing and digital support company registered in England and Wales. We operate across the United Kingdom and South Africa, connecting UK businesses with professionally trained remote teams.

When we refer to Aetherbloom, we, us or our in this document, we mean Aetherbloom Ltd.

This Privacy Policy explains how we collect, use, store, and protect your personal data when you visit our website at www.aetherbloom.co.uk, engage with our services, or communicate with us in any capacity.

We are registered with the Information Commissioner's Office (ICO Reg. ZC138924) and are fully committed to compliance with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and South Africa's Protection of Personal Information Act (POPIA).

1.2 What Information We Collect

Depending on how you interact with us, we may collect the following categories of personal data:

Information you provide directly:

  • Your name and job title
  • Your business name and industry
  • Your email address and phone number
  • Information submitted through our assessment form, contact form or enquiry process
  • Correspondence sent to us by email or through our website

Information we collect automatically:

  • Your IP address and browser type
  • Pages visited and time spent on our website
  • Referring website or search term
  • Device and operating system information

Information provided by third parties:

  • Where you have engaged with us through a referral partner or third-party platform, we may receive basic contact information from that source

We do not collect sensitive personal data (such as health information, financial account details or identity documents) through our website. Where such information is required as part of a service engagement, this is handled under a separate Data Processing Agreement.

1.3 How We Use Your Information

We process your personal data for the following purposes and on the following legal bases:

Purpose Legal Basis
Responding to enquiries and assessment requests Legitimate interests / Pre-contractual steps
Delivering agreed services Performance of a contract
Sending newsletters and company updates Consent
Improving our website and user experience Legitimate interests
Complying with legal and regulatory obligations Legal obligation
Marketing to existing clients about relevant services Legitimate interests

We will never sell, rent, or share your personal data with third parties for their own marketing purposes.

1.4 Who We Share Your Data With

We share personal data only where necessary and only with the following categories of recipients:

  • Service providers and platforms who support our operations, including but not limited to email marketing platforms, CRM systems, website hosting providers and analytics tools. These providers are contractually required to handle your data securely and only for the purposes we specify.
  • Legal and regulatory authorities where we are required to disclose information by law, court order, or regulatory obligation.
  • Professional advisors including solicitors and accountants, where necessary for the operation of our business.

We currently use the following key platforms in the delivery of our services and communications: HubSpot, Google Analytics and Microsoft 365. Each of these providers maintains their own privacy and security standards. Links to their privacy policies are available on request.

1.5 International Data Transfers

Aetherbloom operates across the United Kingdom and South Africa. Where personal data is transferred to or accessed from South Africa, we ensure that appropriate safeguards are in place in accordance with UK GDPR requirements, including contractual protections and data processing agreements with all relevant team members and operational partners.

South Africa's POPIA legislation provides a comparable framework for the protection of personal information, and Aetherbloom complies with both regimes where applicable.

1.6 How Long We Keep Your Data

We retain personal data only for as long as is necessary for the purposes for which it was collected, or as required by law.

Data Type Retention Period
Enquiry and assessment data 12 months from last contact
Client contract and service data 7 years from end of engagement
Newsletter and mailing list data Until you unsubscribe or withdraw consent
Website analytics data 26 months (Google Analytics default)

Where you request deletion of your data, we will action this within 30 days unless we are required by law to retain it.

1.7 Your Rights

Under UK GDPR and POPIA, you have the following rights regarding your personal data:

  • Right to access - You can request a copy of the personal data we hold about you.
  • Right to rectification - You can ask us to correct any inaccurate or incomplete data.
  • Right to erasure - You can ask us to delete your personal data where there is no legitimate reason for us to continue holding it.
  • Right to restrict processing - You can ask us to pause processing of your data in certain circumstances.
  • Right to data portability - You can ask us to provide your data in a structured, machine-readable format.
  • Right to object - You can object to processing based on legitimate interests or for direct marketing purposes.
  • Right to withdraw consent - Where processing is based on consent, you can withdraw it at any time without affecting the lawfulness of prior processing.

To exercise any of these rights, please contact us at dpo@aetherbloom.co.uk. We will respond within 30 days. You also have the right to lodge a complaint with the Information Commissioner's Office at www.ico.org.uk if you believe your data has been handled unlawfully.

3.1 Our Commitment

Aetherbloom Ltd takes data protection seriously. As a business that handles personal data on behalf of our clients and their customers, we hold ourselves to the highest standard of compliance.

3.2 How We Demonstrate Compliance

ICO Registration Aetherbloom is registered with the Information Commissioner's Office. ICO Reg. ZC138924.

Staff Training All Aetherbloom team members complete UK GDPR training before handling any client data. Compliance is refreshed regularly and built into our onboarding process for every new team member.

Data Processing Agreements Where Aetherbloom processes personal data on behalf of a client, we act as a data processor and the client acts as the data controller. A formal Data Processing Agreement (DPA) is provided as standard during client onboarding. This document sets out the scope, purpose, and conditions of data processing in line with UK GDPR requirements.

Breach Response In the unlikely event of a data breach, Aetherbloom has a documented incident response process in place. We will notify affected clients and, where required, the ICO within 72 hours of becoming aware of a breach.

Subject Access Requests If you wish to submit a Subject Access Request regarding any data Aetherbloom holds about you, please contact us in writing at dpo@aetherbloom.co.uk. We will acknowledge your request within 5 working days and respond in full within 30 calendar days.

3.3 Your Responsibilities as a Client

Where Aetherbloom processes personal data on your behalf, for example, handling customer emails or managing CRM records, you as the client are the data controller. This means you are responsible for ensuring that your collection and use of that data is lawful, and that your customers have been informed appropriately about how their data is used.

Aetherbloom will always act on your documented instructions and will never process client data beyond the scope of the agreed service.

3.4 POPIA Compliance

For our South African operations and team members, Aetherbloom complies with the Protection of Personal Information Act 4 of 2013 (POPIA). This includes ensuring that personal information is collected lawfully, processed for a specific purpose, and protected against unauthorised access, loss, or misuse.

3.5 Contact Our Data Lead

For any data protection queries, subject access requests or compliance concerns, please contact:

Aetherbloom Ltd Data Enquiries

dpo@aetherbloom.co.uk

71-75 Shelton Street, Covent Garden, London, WC2H 9JQ

South African Compliance Documents

Aetherbloom Group is registered with the South African Information Regulator (Registration No. 2025-066638). The following documents are available in accordance with the Protection of Personal Information Act (POPIA) and the Promotion of Access to Information Act (PAIA).

Verified by MonsterInsights