Privacy & Legal
1.1 Who We Are
Aetherbloom Ltd is a business process outsourcing and digital support company registered in England and Wales. We operate across the United Kingdom and South Africa, connecting UK businesses with professionally trained remote teams.
When we refer to Aetherbloom, we, us or our in this document, we mean Aetherbloom Ltd.
This Privacy Policy explains how we collect, use, store, and protect your personal data when you visit our website at www.aetherbloom.co.uk, engage with our services, or communicate with us in any capacity.
We are registered with the Information Commissioner's Office (ICO Reg. ZC138924) and are fully committed to compliance with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and South Africa's Protection of Personal Information Act (POPIA).
1.2 What Information We Collect
Depending on how you interact with us, we may collect the following categories of personal data:
Information you provide directly:
- Your name and job title
- Your business name and industry
- Your email address and phone number
- Information submitted through our assessment form, contact form or enquiry process
- Correspondence sent to us by email or through our website
Information we collect automatically:
- Your IP address and browser type
- Pages visited and time spent on our website
- Referring website or search term
- Device and operating system information
Information provided by third parties:
- Where you have engaged with us through a referral partner or third-party platform, we may receive basic contact information from that source
We do not collect sensitive personal data (such as health information, financial account details or identity documents) through our website. Where such information is required as part of a service engagement, this is handled under a separate Data Processing Agreement.
1.3 How We Use Your Information
We process your personal data for the following purposes and on the following legal bases:
| Purpose | Legal Basis |
|---|---|
| Responding to enquiries and assessment requests | Legitimate interests / Pre-contractual steps |
| Delivering agreed services | Performance of a contract |
| Sending newsletters and company updates | Consent |
| Improving our website and user experience | Legitimate interests |
| Complying with legal and regulatory obligations | Legal obligation |
| Marketing to existing clients about relevant services | Legitimate interests |
We will never sell, rent, or share your personal data with third parties for their own marketing purposes.
1.4 Who We Share Your Data With
We share personal data only where necessary and only with the following categories of recipients:
- Service providers and platforms who support our operations, including but not limited to email marketing platforms, CRM systems, website hosting providers and analytics tools. These providers are contractually required to handle your data securely and only for the purposes we specify.
- Legal and regulatory authorities where we are required to disclose information by law, court order, or regulatory obligation.
- Professional advisors including solicitors and accountants, where necessary for the operation of our business.
We currently use the following key platforms in the delivery of our services and communications: HubSpot, Google Analytics and Microsoft 365. Each of these providers maintains their own privacy and security standards. Links to their privacy policies are available on request.
1.5 International Data Transfers
Aetherbloom operates across the United Kingdom and South Africa. Where personal data is transferred to or accessed from South Africa, we ensure that appropriate safeguards are in place in accordance with UK GDPR requirements, including contractual protections and data processing agreements with all relevant team members and operational partners.
South Africa's POPIA legislation provides a comparable framework for the protection of personal information, and Aetherbloom complies with both regimes where applicable.
1.6 How Long We Keep Your Data
We retain personal data only for as long as is necessary for the purposes for which it was collected, or as required by law.
| Data Type | Retention Period |
|---|---|
| Enquiry and assessment data | 12 months from last contact |
| Client contract and service data | 7 years from end of engagement |
| Newsletter and mailing list data | Until you unsubscribe or withdraw consent |
| Website analytics data | 26 months (Google Analytics default) |
Where you request deletion of your data, we will action this within 30 days unless we are required by law to retain it.
1.7 Your Rights
Under UK GDPR and POPIA, you have the following rights regarding your personal data:
- Right to access - You can request a copy of the personal data we hold about you.
- Right to rectification - You can ask us to correct any inaccurate or incomplete data.
- Right to erasure - You can ask us to delete your personal data where there is no legitimate reason for us to continue holding it.
- Right to restrict processing - You can ask us to pause processing of your data in certain circumstances.
- Right to data portability - You can ask us to provide your data in a structured, machine-readable format.
- Right to object - You can object to processing based on legitimate interests or for direct marketing purposes.
- Right to withdraw consent - Where processing is based on consent, you can withdraw it at any time without affecting the lawfulness of prior processing.
To exercise any of these rights, please contact us at dpo@aetherbloom.co.uk. We will respond within 30 days. You also have the right to lodge a complaint with the Information Commissioner's Office at www.ico.org.uk if you believe your data has been handled unlawfully.
2.1 What Are Cookies
Cookies are small text files placed on your device when you visit a website. They allow the website to recognise your device, remember your preferences, and understand how you interact with the site. Some cookies are essential for the website to function. Others help us improve your experience or understand how our content is performing.
2.2 What Cookies We Use
Essential Cookies These are required for the website to operate and cannot be switched off. They include cookies that manage your cookie consent preferences and enable basic site functionality.
| Cookie | Purpose | Duration |
|---|---|---|
| Cookie Preferences | Stores your cookie consent choices | 30 days |
Analytics Cookies These cookies help us understand how visitors use our website so we can improve it. All data collected is anonymised and aggregated.
We use Google Analytics, which sets the following cookies:
| Cookie | Purpose | Duration |
|---|---|---|
| _ga | Identifies unique users | 2 years |
| _gid | Identifies users for 24 hours | 24 hours |
| _gat | Throttles request rate | 1 minute |
Marketing Cookies We do not currently use cookies for advertising or retargeting purposes. If this changes, this policy will be updated and you will be asked for fresh consent.
2.3 Managing Your Cookie Preferences
When you first visit our website, you will be presented with a cookie consent banner allowing you to accept or decline non-essential cookies. You can update your preferences at any time by clicking the cookie settings link in the footer of our website.
You can also control cookies directly through your browser settings. Please note that disabling certain cookies may affect the functionality of our website. For guidance on managing cookies in your browser, visit www.aboutcookies.org.
3.1 Our Commitment
Aetherbloom Ltd takes data protection seriously. As a business that handles personal data on behalf of our clients and their customers, we hold ourselves to the highest standard of compliance.
3.2 How We Demonstrate Compliance
ICO Registration Aetherbloom is registered with the Information Commissioner's Office. ICO Reg. ZC138924.
Staff Training All Aetherbloom team members complete UK GDPR training before handling any client data. Compliance is refreshed regularly and built into our onboarding process for every new team member.
Data Processing Agreements Where Aetherbloom processes personal data on behalf of a client, we act as a data processor and the client acts as the data controller. A formal Data Processing Agreement (DPA) is provided as standard during client onboarding. This document sets out the scope, purpose, and conditions of data processing in line with UK GDPR requirements.
Breach Response In the unlikely event of a data breach, Aetherbloom has a documented incident response process in place. We will notify affected clients and, where required, the ICO within 72 hours of becoming aware of a breach.
Subject Access Requests If you wish to submit a Subject Access Request regarding any data Aetherbloom holds about you, please contact us in writing at dpo@aetherbloom.co.uk. We will acknowledge your request within 5 working days and respond in full within 30 calendar days.
3.3 Your Responsibilities as a Client
Where Aetherbloom processes personal data on your behalf, for example, handling customer emails or managing CRM records, you as the client are the data controller. This means you are responsible for ensuring that your collection and use of that data is lawful, and that your customers have been informed appropriately about how their data is used.
Aetherbloom will always act on your documented instructions and will never process client data beyond the scope of the agreed service.
3.4 POPIA Compliance
For our South African operations and team members, Aetherbloom complies with the Protection of Personal Information Act 4 of 2013 (POPIA). This includes ensuring that personal information is collected lawfully, processed for a specific purpose, and protected against unauthorised access, loss, or misuse.
3.5 Contact Our Data Lead
For any data protection queries, subject access requests or compliance concerns, please contact:
Aetherbloom Ltd Data Enquiries
71-75 Shelton Street, Covent Garden, London, WC2H 9JQ
LEGAL NOTICES:
4.1 Company Information
Aetherbloom Ltd is registered in England and Wales. Company Registration Number: 16355910 Registered Office: 71-75 Shelton Street, Covent Garden, London, WC2H 9JQ ICO Registration: ZC138924
4.2 Governing Law
This Privacy and Legal document is governed by the laws of England and Wales. Any disputes arising from its application shall be subject to the exclusive jurisdiction of the courts of England and Wales.
4.3 Changes to This Document
We review and update this document regularly. Where changes are material, we will notify existing clients and update the Last updated date at the top of this page. We encourage you to check this page periodically.
South African Compliance Documents
Aetherbloom Group is registered with the South African Information Regulator (Registration No. 2025-066638). The following documents are available in accordance with the Protection of Personal Information Act (POPIA) and the Promotion of Access to Information Act (PAIA).