1. Who We Are

This privacy notice explains how It's Off Brand Limited ("OFF+BRAND.", "we", "us", "our") collects, uses, and protects your personal information.

We are registered in Scotland (company number SC675682). Our registered office is at BK Plus, Gordon Chambers, 90 Mitchell Street, Glasgow G1 3NQ.

For any questions about this notice or to exercise your data protection rights, contact:

• ‍Data Protection Contact: Admin
• ‍Email: contact@itsoffbrand.com

2. Legal Framework

This policy complies with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

• Data Protection Contact: Admin
• Email: contact@itsoffbrand.com

3. Information We Collect

‍
We collect and process the following categories of personal data:
Identity Data: Name, title, job role, company name.
Contact Data: Email address, telephone number, postal address.
Technical Data: IP address, browser type and version, device information, time zone, location data, and other technology identifiers when you visit our website.
Communication Data: Records of correspondence when you contact us, including enquiries, project discussions, and feedback.
Transaction Data: Details of services we provide to you and payment records.
Marketing Data: Your preferences for receiving communications from us.
Client Project Data: Information, content, and materials you provide to us in connection with projects we undertake for you.

4. How We Collect Your Information

We collect information:

• Directly from you when you contact us, request a quote, or engage our services
• Through our website when you browse, submit forms, or use interactive features
• From third parties such as referrals, LinkedIn, or public business directories
• Automatically through cookies and similar technologies

5. How We Use Your Information

We process your personal data under the following lawful bases:

Contract Performance
When you engage us for services, we process your data to deliver those services, communicate with you about projects, and manage our contractual relationship.
‍

Legitimate Interests
We may process data where it is necessary for our legitimate business interests, provided these are not overridden by your rights. This includes:

• Responding to enquiries
• Sending relevant information about our services to existing clients
• Maintaining business records
• Protecting our legal rights
• Improving our website and services

Consent
Where you have given explicit consent, we may use your data for marketing communications. You can withdraw consent at any time by contacting us.
‍

Legal Obligation
We may process data where required by law, such as maintaining financial records for tax purposes.

6. Client Project Data

When you engage us to provide creative or development services, we act as a Data Processor for any personal data you provide to us as part of the project (for example, content for your website). You remain the Data Controller for this information.

We will:

• Only process such data in accordance with your instructions
• Implement appropriate security measures
• Not share project data with third parties except subcontractors necessary to deliver the services (who are bound by confidentiality obligations)
• Return or delete project data upon request after project completion

7. Who We Share Your Data With

• Service Providers (not limited to)
  
  • Website hosting: [e.g., Vercel/Netlify — UK/EU hosted]
  • Email services: [e.g., Google Workspace]
  • Analytics: [e.g., Google Analytics / Fathom / Plausible]
  • Payment processing: [e.g., Stripe] — we do not store your payment card details directly; these are processed securely by our payment provider
  • Project management tools: [e.g., Notion, Slack]
    
• Professional Advisers
• Accountants, lawyers, and insurers where necessary.
• Legal and Regulatory Bodies
• Where required by law or to protect our legal rights.
• We do not sell your personal data to third parties.

8. International Transfers

Your data is primarily stored and processed within the United Kingdom.
Where we use service providers based outside the UK, we ensure appropriate safeguards are in place, including:

• UK adequacy regulations
• International Data Transfer Agreements (IDTAs)
• Standard Contractual Clauses approved by the ICO

9. Data Retention

We retain personal data only for as long as necessary for the purposes for which it was collected.

Client project files are retained for 6 years after project completion. Financial and invoicing records are kept for 7 years to meet legal requirements. Marketing contacts are retained until consent is withdrawn or after 3 years of inactivity, whichever occurs first.

Website analytics data is retained for 26 months. Unsuccessful job applications are kept for 12 months in case suitable opportunities arise. Employee records are retained for 6 years after employment ends. General enquiries are kept for 2 years.

After these periods, data is securely deleted or anonymised unless there is a legal requirement or legitimate reason to retain it longer.

‍

10. Cookies

Our website uses cookies to improve your experience and analyse site usage.
Essential Cookies: Required for the website to function. Cannot be disabled.
Analytics Cookies: Help us understand how visitors use our site. [e.g., Google Analytics — you can opt out via your browser settings or our cookie banner.]
Marketing Cookies: Used to deliver relevant advertisements. Only set with your consent.
You can manage cookie preferences through your browser settings or our cookie consent tool. Disabling certain cookies may affect website functionality.
For detailed information about the specific cookies we use, please contact us.

11. Your Rights

Under UK data protection law, you have the following rights:
Right of Access: Request a copy of the personal data we hold about you.
Right to Rectification: Request correction of inaccurate or incomplete data.
Right to Erasure: Request deletion of your data in certain circumstances.
Right to Restrict Processing: Request that we limit how we use your data.
Right to Data Portability: Request transfer of your data to another organisation in a structured, machine-readable format.
Right to Object: Object to processing based on legitimate interests or for direct marketing.
Rights Related to Automated Decision-Making: We do not use automated decision-making or profiling that produces legal or significant effects.
To exercise any of these rights, contact us at stuart@itsoffbrand.com. We will respond within one month.

12. Data Security

We implement appropriate technical and organisational measures to protect your data, including:

• SSL/TLS encryption for data in transit
• Secure password-protected systems
• Limited access on a need-to-know basis
• Regular security reviews

While we take reasonable precautions, no data transmission over the internet is completely secure. We cannot guarantee absolute security.

13. Third-Party Links

Our website may contain links to external sites. We are not responsible for the privacy practices of those sites and encourage you to read their privacy policies.

14. Marketing Communications

We may send you information about our services where:

• You have requested it
• You are an existing client and the information relates to similar services
• You have given consent

You can opt out at any time by clicking "unsubscribe" in any email or contacting us directly.

15. Complaints

If you are unhappy with how we handle your data, please contact us first so we can try to resolve the issue.
You also have the right to lodge a complaint with the Information Commissioner's Office (ICO):

Website: https://ico.org.uk/make-a-complaint/
Telephone: 0303 123 1113

16. Changes to This Policy

‍
We may update this privacy notice from time to time. The date at the top indicates when it was last revised. We encourage you to review this page periodically.

17. Contact Us

‍
For any questions about this privacy notice or our data practices:
Email: contact@itsoffbrand.com
Post: It's Off Brand Limited, BK Plus, Gordon Chambers, 90 Mitchell Street, Glasgow G1 3NQ