Privacy Policy

Version 1 | Dated: 25 April 2018

This policy applies to Stone Collective, a partnership registered to carry out marketing and design services.

The Privacy Policy sets out how Stone Collective uses any personal information we collect about you when you use our website and our wider services.

Glossary of Terms

What is personal data?

Personal data relates to any information about a natural person that makes them identifiable which may include (but is not limited to):

  • Name and job title
  • Contact information including email address
  • Demographic information such as postcode, preferences and interests
  • Other information relevant to customer surveys and/or offers

What is sensitive personal data?

Sensitive personal data refers to the above but includes genetic data and biometric data.  For example:

  • Medical conditions
  • Religious or philosophical beliefs and political opinions
  • Racial or ethnic origin
  • Convictions
  • Biometric data (e.g. photo in an electronic passport)

What is a Data Controller?

For general data protection regulation purposes, the “Data Controller” means the person or organisation who decides the purposes for which and the way in which any personal data is processed.

The Data Controller is Stone Collective.

The Data Protection OFFICER is Richard Stone, Partner who can be contacted on 0191 213 5737 or

What is a Data Processor?

A “data processor” is a person or organisation which processes personal data for the controller.

What is Data Processing?

Data processing is any operation or set of operations performed upon personal data, or sets of it, be it by automated systems or not. Examples of data processing explicitly listed in the text of the GDPR are: collection, recording, organising, structuring, storing, adapting, altering, retrieving, consulting, using, disclosing by transmission, disseminating or making available, aligning or combining, restricting, erasure or destruction.

What information do we collect about you and why?

 Stone Collective, as a Data Controller, is bound by the requirements of the General Data Protection Regulations (GDPR).

At Stone Collective we take your privacy seriously and will only use your personal information to provide the services you have requested from us. We will only use this information subject to your instructions, data protection law and our duty of confidentiality.

We understand the importance of looking after and keeping personal data safe.

As part of running our marketing agency we do collect data to help in the everyday running of the business and to supply services to potential and existing clients. We try to keep the amount of data we collect to a minimum, to efficiently run our business. We do not intentionally or actively collect sensitive personal data as detailed earlier.

We collect names, addresses, company details, telephone numbers, email addresses, social media handles to enable use to communicate with existing and potential clients (where they have given us consent) and suppliers.

We use a CRM system to manage this data and may make notes on conversations we have had to ensure we are serving our clients well.

We use email to communicate with clients, potential client and suppliers and records of these emails are kept.

We sometimes may contact people by text message, so names and numbers will be stored on mobile phones.

For accounting purposes we keep records of client invoices which detail a company name, contact, addresses, emails & phone numbers along with values whether paid or not. We also use these records for creating estimates and proposals.

We use software for suppliers and clients to electronically sign documents. We limit this to name, company, address, email address and electronic signature when provided.

Our work for you may require us to pass your information to our third-party service providers, agents, subcontractors and other associated organisations for the purposes of completing tasks and providing the services to you on our behalf.  However, when we use third party service providers, we disclose only the personal information that is necessary to deliver the services and we have contracts in place that requires them to keep your information secure and not to use it for their own Direct Marketing purposes.

We send our electronic newsletters on a monthly basis along with updates when required.  The personal data we use (with your consent provided and recorded) are First name, Company name and email address. If you interact with these emails the system may log geo location, favourite email client and device used. It also records when emails were opened and any links clicked. This is important for us to know to ensure we are providing relevant content at relevant times and in a readable format.

From time to time, you as a client may provide Stone Collective with personally identifiable information (images, financial information, passwords, etc.) to aid us to carry our contracted service to you. We will store this information locally until the services are completed and signed off. After this time we then permanently delete the details provided. If after this time we need the information again to carry out additional services we will request the information from you.


We collect information about you when you fill in any of the forms on our website i.e. sending an enquiry, signing up for a newsletter, filling in a survey, giving feedback etc.

When submitting forms on our website we use third-party software providers for automated data collection and processing purposes, they will not use your data for any other purposes.


Cookies are text files put on your computer to collect standard internet log information and visitor behaviour information.  This information is then used to track visitor use of the website and to create statistical reports on website activity.  For more information on cookies please visit: or

We use Google Analytics to store information about how visitors use our website so that we may make improvements and give visitors a better user experience.

Google Analytics is a third-party information storage system that records information about the pages you visit, the length of time you were on specific pages and the website in general, how you arrived at the site and what you clicked on when you were there. These cookies do not store any personal information about you e.g. name, address etc and we do not share the data. You can view their privacy policy below:

Google –

What they do not do:

  • They do not harm your computer.
  • They do not deliver viruses to your computer.
  • They cannot run programmes.
  • They do not contain any information that can identify you personally.
  • They do not give us access to your computer.

 What if you don’t want to use cookies?

You can set your web browsers to turn of cookies. We recommend you keep them switched on as cookies are an essential part of how our website works for us and for you.

IP addresses

An IP or Internet Protocol Address is a unique numerical address assigned to a computer as it logs on to the Internet. Stone Collective does not have access to any personal identifiable information and we would never seek this information. Your IP address is logged when visiting our site, but our analytic software only uses this information to track how many visitors we have from particular regions.

Third party websites

Users may find advertising or other content on our Site that link to the sites and services of our partners, suppliers, advertisers, sponsors, licensors and other third parties. We do not control the content or links that appear on these sites and are not responsible for the practices employed by websites linked to or from our Site. In addition, these sites or services, including their content and links, may be constantly changing. These sites and services may have their own privacy policies and customer service policies. Browsing and interaction on any other website, including websites which have a link to our Site, is subject to that website’s own terms and policies.

Security precautions in place about data collected

We are committed to ensuring that your information is secure. In order to prevent unauthorised access or disclosure, we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the information we collect online.

When you give us personal information, we take steps to make sure that it’s treated securely.

Non-sensitive details (your email address etc.) are sent normally over the Internet, and this can never be guaranteed to be 100% secure. As a result, while we strive to protect your personal information, we cannot guarantee the security of any information you transmit to us, and you do so at your own risk. Once we receive your information, we make our best effort to ensure its security on our systems.

Your rights as a data subject

At any point whilst Stone Collective is in possession of or processing your personal data, all data subjects, have the following rights:

  • Right of access – you have the right to request a copy of the information that we hold about you.
  • Right of rectification – you have a right to correct data that we hold about you that is inaccurate or incomplete.
  • Right to be forgotten – in certain circumstances you can ask for the data we hold about you to be erased from our records.
  • Right to restriction of processing – where certain conditions apply to have a right to restrict the processing.
  • Right of portability – you have the right to have the data we hold about you transferred to another organisation.
  • Right to object – you have the right to object to certain types of processing such as direct marketing.

If you have previously agreed to us using your personal information for direct marketing purposes, you may change your mind at any time by writing to or emailing us at

We will not sell, distribute or lease your personal information to third parties unless we have your permission or are required by law to do so, although coincidentally there may be times when your information could be contained in data that Stone Collective has purchased from a third-party list broker, on behalf of a client.

What is a Subject Access Request?

This is your right to request a copy of the information that we hold about you.  If you would like a copy of some or all your personal information, please email or write to us. We will respond to your request within one month of receipt of the request.

We want to make sure your personal information is accurate and up to date.  You may ask us to correct or remove information you think is inaccurate by emailing

Your Right to be Forgotten

Should you wish for us to completely delete all information that we hold about you please for the following: