Privacy Policy
Updated 2nd June 2025
@ntrnl ("Agency," "we," "us," "our," or "Company") is committed to protecting your privacy and ensuring you have a positive experience on our website and when using our services. This Privacy Policy explains how we collect, use, disclose, and otherwise process your personal data.
If you do not agree with our privacy practices, please do not use our website or services.
1. Who We Are
@ntrnl ai
Postcode: M50 3BU
[email protected]
We are a marketing automation and client acquisition consulting agency operating in the UK and Ireland. For data protection purposes, we are the "Data Controller" for personal data you provide directly to us.
2. What Personal Data We Collect
2.1 Data You Provide Directly
When you interact with us, we collect information you voluntarily provide:
Contact & Inquiry Information:
Name, email address, phone number
Company name and business information
Website URL and social media profiles
Message content when you contact us via email, contact form, or phone
Service Engagement Information:
Business details and operational information
Financial information (for billing purposes)
Account access credentials (with your consent)
Marketing materials, campaigns, and business data you share with us
Target audience information and prospect lists
Payment Information:
Billing address and payment method details
Invoice and transaction records
2.2 Data Collected Automatically
When you use our website or services, we automatically collect:
Website Usage Data:
IP address and device identifiers
Browser type, operating system, and version
Pages visited, time spent on pages, and click patterns
Referral source and search queries used to find us
Cookies and similar tracking technologies (see Section 8)
Service Usage Data:
Login timestamps and frequency
Features accessed and tools used
Communication logs and correspondence timestamps
Analytics & Performance:
Crash logs and error reports
Performance metrics and system diagnostics
2.3 Data from Third Parties
We may receive your personal data from:
Third-party service providers and platform integrations
Your employer or team members (if they engage us on your behalf)
Publicly available sources (LinkedIn, company websites, industry databases)
Marketing platforms and advertising partners
3. Legal Basis for Processing
We process your personal data based on the following legal grounds:
3.1 Contract Performance
Processing necessary to perform services under our engagement agreement with you (e.g., billing, service delivery, account management).
3.2 Legitimate Interests
Processing for business purposes where our interests are not overridden by your rights:
Improving our website and services
Detecting and preventing fraud or security issues
Responding to legal claims
Direct marketing (with opt-out available)
Analytics and business intelligence
3.3 Consent
Where you've explicitly consented to specific processing (e.g., marketing communications, cookies).
3.4 Legal Obligation
Processing required by law (e.g., tax records, legal compliance).
3.5 Your Consent
Marketing communications and promotional emails (with easy opt-out options).
4. How We Use Your Personal Data
4.1 Service Delivery
We use your data to:
Provide agreed services (hot outreach, automation, consulting, strategy)
Create and execute campaigns, strategies, and deliverables
Communicate about your engagement and project status
Invoice and manage payments
Provide customer support and respond to inquiries
Troubleshoot technical issues and improve service quality
4.2 Business Operations
We use your data to:
Maintain business records and comply with legal obligations
Detect, prevent, and address fraud or security incidents
Enforce our agreements and protect legal rights
Conduct internal audits and quality assurance
Manage our website and online services
4.3 Marketing & Communications
We use your data to:
Send service updates, announcements, and newsletters (with opt-out available)
Promote our services and industry insights
Conduct market research and gather feedback
Create case studies and testimonials (with permission)
Respond to inquiries and provide sales information
4.4 Analytics & Improvement
We use your data to:
Analyse website traffic and user behaviour
Understand service usage patterns
Identify areas for improvement
Track campaign performance and effectiveness
Generate business intelligence and reports
4.5 Legitimate Business Purposes
We use your data for other business operations, including:
Protecting and defending our legal interests
Complying with legal requirements
Facilitating business transactions (acquisitions, mergers)
Establishing, exercising, or defending legal claims
5. Who We Share Your Data With
5.1 Service Providers
We share data with third-party vendors who help us deliver services:
Cloud Hosting & Infrastructure: Amazon Web Services (AWS), Google Cloud, or similar providers
Email & Communication: Email service providers, communication platforms
Payment Processing: Payment processors and financial institutions
Analytics: Google Analytics, Mixpanel, or similar analytics tools
Automation Tools: Manus AI, Atlas Browser, n8n, Zapier, or other automation platforms
CRM & Database: HubSpot, Pipedrive, or similar CRM systems
Office Tools: Microsoft 365, Google Workspace, Slack, or similar collaboration tools
Accounting: Xero, FreshBooks, or similar accounting software
All service providers are contractually obligated to process data only as instructed and to maintain appropriate security.
5.2 Legal Requirements
We may disclose your data when required by law or legal process:
In response to court orders, subpoenas, or government requests
To comply with legal obligations (tax authorities, regulatory bodies)
To enforce our agreements or protect our legal rights
To protect public safety or prevent imminent harm
We will provide notice when legally permissible.
5.3 Business Transfers
If we undergo a merger, acquisition, bankruptcy, or sale of assets, your data may be transferred as part of that transaction. We will notify you of any such change and any choices you may have regarding your data.
5.4 With Your Consent
We may share data with third parties with your explicit consent, such as:
When you authorise integration with additional platforms
When you request data sharing for specific purposes
When you participate in partnerships or collaborations
5.5 Aggregate & Anonymized Data
We may share aggregate or anonymised data (data that cannot identify you) with partners, researchers, or the public for analytics, marketing, or business purposes. This data does not constitute personal data and is not subject to this policy.
5.6 No Data Sales
We do not sell, rent, or otherwise monetise your personal data to third parties. Your data is used exclusively to deliver services or for the purposes described in this policy.
6. International Data Transfers
6.1 Data Transfer Mechanisms
As we operate in the UK and Ireland and may work with international partners, your data may be transferred to countries outside the UK/EU, including the United States.
When we transfer data internationally, we ensure appropriate safeguards:
Standard Contractual Clauses (SCCs): Contractual agreements approved by UK/EU regulators
Adequacy Decisions: Transfers to jurisdictions deemed to have adequate data protection
Your Consent: Explicit consent for specific international transfers
6.2 US Transfers
Data transferred to the United States may be subject to different privacy protections than UK/EU law. By using our services, you acknowledge this risk and consent to such transfers where necessary to provide services.
6.3 Data Residency Requests
If you have specific data residency requirements, contact us in writing and we will discuss feasibility.
7. How Long Do We Keep Your Data
7.1 Retention Periods
We retain personal data for as long as necessary to:
Deliver services and fulfill our agreement
Comply with legal obligations
Resolve disputes and enforce agreements
Conduct business operations
Typical retention periods:
Data Type Retention Period Client engagement data Duration of engagement + 3 years Billing & payment records 7 years (tax/legal requirement) Email communications Duration of engagement + 2 years Website analytics 26 months (or as configured) Marketing subscriber lists Until unsubscribe + 2 years Support & inquiry records Duration of engagement + 1 year Prospect research data Duration of project + 1 year
7.2 Deletion & Archival
After retention periods expire, we:
Securely delete personal data from active systems
Archive data offline for legal compliance (if required)
Permanently delete data when no longer needed
You may request earlier deletion (subject to legal retention requirements) by contacting us.
7.3 Data Subject Rights
You have the right to request access, correction, or deletion of your data (see Section 9).
8. Cookies & Tracking Technologies
8.1 What Are Cookies?
Cookies are small text files stored on your device that help us recognise you, remember your preferences, and understand how you use our website.
8.2 Types of Cookies We Use
Essential Cookies:
Authentication (login functionality)
Security and fraud prevention
Website functionality and stability
Performance Cookies:
Google Analytics (anonymous usage patterns)
Mixpanel (feature usage and engagement)
Session tracking and performance monitoring
Marketing Cookies:
Facebook Pixel (if applicable to retargeting campaigns)
LinkedIn Insight Tag (for B2B marketing analytics)
Email tracking pixels (for campaign analytics)
Functional Cookies:
Remembering user preferences
Language and region settings
User-selected display options
8.3 Cookie Control
You can control cookies through:
Browser Settings: Most browsers allow you to reject or delete cookies
Opt-Out Links: We provide opt-out options for specific analytics tools
Cookie Banner: Our website displays cookie consent options (where required by law)
Note: Disabling essential cookies may limit website functionality.
8.4 Third-Party Cookies
Third-party services we use may set their own cookies. Review their privacy policies for details.
8.5 Do Not Track
Some browsers include "Do Not Track" features. We currently do not respond to DNT signals, but you can control tracking through cookie settings.
9. Your Rights & Data Subject Access
Under UK, EU, and Irish data protection laws, you have rights regarding your personal data:
9.1 Right of Access
You have the right to request a copy of all personal data we hold about you, including:
What data we have
How we use it
Who we share it with
How long we keep it
How to request: Email us with "Data Access Request" in the subject line. We will respond within 30 days.
9.2 Right to Correction
You have the right to request correction of inaccurate or incomplete data.
How to request: Notify us of the inaccuracy and provide the correct information.
9.3 Right to Erasure ("Right to Be Forgotten")
You may request deletion of your data, subject to exceptions:
Data needed to fulfil contractual obligations
Data required by law
Data needed to establish, exercise, or defend legal claims
Legitimate business purposes (fraud prevention, etc.)
Limitations: Erasure may not be possible if we have legal obligations to retain data.
9.4 Right to Restrict Processing
You can request that we limit how we use your data while you verify its accuracy or investigate our processing.
9.5 Right to Data Portability
You have the right to request your data in a structured, machine-readable format and to transmit it to another controller.
How to request: Email "Data Portability Request" and we will provide data within 30 days.
9.6 Right to Object
You can object to processing based on legitimate interests, including:
Direct marketing and promotional communications
Analytics and profiling
Business-related communications
How to opt-out: Click the unsubscribe link in emails or contact us directly.
9.7 Right to Withdraw Consent
If we process data based on your consent, you can withdraw consent at any time. This does not affect the lawfulness of processing before withdrawal.
9.8 Right Not to Be Profiled
You have limited rights regarding automated decision-making and profiling (we do not engage in high-risk automated decisions without safeguards).
9.9 Exercising Your Rights
To exercise any of these rights:
Email us: [email protected] with your request and verification of identity
Provide details: Specify which right you're exercising and what data is involved
Timeline: We will respond within 30 days (extendable to 60-90 days for complex requests)
Verification: We may request proof of identity to prevent unauthorised data access
10. Data Security
10.1 Security Measures
We implement industry-standard security measures to protect your data:
Encryption: Data in transit (HTTPS/TLS) and at rest (AES-256 or equivalent)
Access Controls: Role-based access, strong authentication, password policies
Network Security: Firewalls, intrusion detection, regular security audits
Data Minimisation: We collect and retain only necessary data
Incident Response: Procedures to detect, respond to, and report breaches
10.2 Limitations
While we implement robust security, no system is 100% secure. Risks include:
Unauthorised access or interception
Data breaches despite security measures
Third-party service provider vulnerabilities
User error or negligence
We cannot guarantee absolute security. You use our services at your own risk.
10.3 Your Responsibility
You are responsible for:
Maintaining the confidentiality of login credentials
Securing devices used to access our services
Reporting suspicious activity immediately
Keeping contact information current
10.4 Data Breach Notification
If we experience a data breach affecting your data, we will:
Notify you without undue delay (typically within 30 days)
Provide details of the breach, data affected, and steps taken
Offer guidance on protective measures
We are also required to notify relevant regulatory authorities.
11. Children & Minors
11.1 Age Restrictions
Our services are not directed to individuals under 18 years old. We do not knowingly collect data from minors.
11.2 Parental Consent
If we become aware that a minor has provided data, we will delete it promptly. If you believe a minor's data has been collected, contact us immediately.
11.3 COPPA Compliance
We comply with the Children's Online Privacy Protection Act (COPPA) and similar regulations. Our website does not knowingly collect data from children under 13.
12. Third-Party Links & Services
12.1 External Links
Our website may contain links to third-party websites, social media, and services. We are not responsible for their privacy practices.
Review their privacy policies before providing data.
12.2 Social Media Integration
If you interact with us on social media (LinkedIn, Facebook, Twitter, etc.), those platforms' privacy policies apply. We only access data you've authorised us to access.
12.3 Embedded Content
Our website may contain embedded content from third parties (videos, maps, code). These third parties may collect data when you interact with embedded content.
13. Marketing Communications
13.1 Email Communications
We send service-related emails (invoices, updates, support) without opt-out, as they're necessary for our business relationship.
We send marketing emails (newsletters, promotions, insights) only with consent or as permitted by law.
13.2 Opt-Out
To opt out of marketing communications:
Click the unsubscribe link at the bottom of any marketing email
Email us [email protected] with "Unsubscribe" in the subject
Contact us via phone or online form
We will honour requests within 10 business days.
13.3 Legitimate Interest Marketing
We may send marketing communications based on legitimate interest (UK/EU law). You can opt out at any time using the methods above.
13.4 Contact Preferences
Indicate your communication preferences (email, phone, SMS), and we will honour them.
14. Changes to This Privacy Policy
14.1 Policy Updates
We may update this policy to reflect changes in:
Legal requirements
Our data practices
Technology and security measures
14.2 Notification
Material changes will be communicated via:
Updated policy on our website with a new "Last Updated" date
Email notification (for significant changes)
Prominent notice on our website
14.3 Continued Use
Continued use of our website or services after policy changes constitutes acceptance of the updated policy.
15. Data Protection Officer & Compliance
15.1 Data Protection Contact
For privacy-related inquiries or concerns:
Privacy & Data Protection Contact @ntrnl, [email protected]
We respond to inquiries within 10 business days.
15.2 Regulatory Compliance
We comply with:
UK General Data Protection Regulation (GDPR) and Data Protection Act 2018
EU General Data Protection Regulation (GDPR)
Irish Data Protection Acts
California Consumer Privacy Act (CCPA)
Virginia Consumer Data Protection Act (VCDPA)
Other applicable privacy laws
15.3 Data Protection Impact Assessments
For high-risk processing, we conduct Data Protection Impact Assessments (DPIAs) to identify and mitigate privacy risks.
15.4 Privacy by Design
We implement Privacy by Design principles:
Data minimisation (collect only necessary data)
Encryption and security by default
Transparency in our practices
User control and choice
16. Complaint & Dispute Resolution
16.1 Informal Resolution
If you have privacy concerns, contact us first:
Email: [email protected]
We will investigate and respond within 30 days.
16.2 Regulatory Complaints
You have the right to lodge complaints with the relevant data protection authorities:
UK: Information Commissioner's Office (ICO) - https://ico.org.uk
EU/EEA: Your national data protection authority
Ireland: Data Protection Commission - https://www.dataprotection.ie
California: California Attorney General - https://oag.ca.gov
Virginia: Virginia Attorney General - https://www.oag.state.va.us
18.3 Dispute Resolution
For disputes, we may pursue:
Informal negotiation: Good-faith discussion
Mediation: Third-party mediation (if both parties agree)
Arbitration or litigation: As a last resort
19. Data Protection Impact Assessment (DPIA)
For high-risk processing activities, we conduct DPIAs to:
Identify privacy risks
Assess necessity and proportionality
Implement mitigating measures
Document our assessment
We will share DPIA summaries with data subjects upon request.
20. Accessibility
20.1 Language
This policy is available in English. Contact us to request other languages.
20.2 Format
This policy is available in:
Web format (online)
PDF format (downloadable)
Text format (upon request)
For accessibility accommodations, contact us.
21. Contact & Questions
21.1 Questions About This Policy
If you have questions about this privacy policy or our data practices:
@ntrnl ai Privacy Team Email: [email protected] Address: M503BU
We aim to respond to inquiries within 10 business days.
21.2 Data Requests
For data access requests, corrections, deletions, or other rights:
Email us with your specific request
Provide evidence of identity (copy of ID)
Specify the type of data or right you're exercising
We will respond within 30 days
22. Acknowledgement
By using @ntrnl's services, you acknowledge that:
You have read and understood this Privacy Policy
You consent to our data processing practices
You understand how your data will be used and protected
You have the right to contact us with privacy concerns
End of Privacy Policy
