Privacy Policy

Last updated: 8 April 2026

Introduction

Bright Pebble respects your privacy and is committed to protecting your personal information. This policy explains what information we collect, why we collect it, and how we use it. We operate in accordance with UK data protection laws including the Data Protection Act 2018 and UK GDPR.

By using our website or engaging our services, you agree to the collection and use of information as described in this policy.

Information We Collect

Information You Provide Directly

When you contact us for enquiries or engage our services, we collect information that you voluntarily provide, which may include:

  • Name and contact details
  • Business or organisation name
  • Email address
  • Project requirements and preferences
  • Any other information you choose to share in communications

Information Collected Automatically

When you visit our website, certain technical information is collected automatically through cookies and similar technologies:

  • IP address and general location data
  • Browser type and version
  • Pages visited and time spent on site
  • Referring website addresses
  • Device information and screen resolution

For more details about cookies, please see our Cookies Policy.

How We Use Your Information

We use the information we collect for the following purposes:

  • Responding to enquiries and providing quotes
  • Delivering photography services and managing projects
  • Processing payments and maintaining financial records
  • Sending project updates and delivery notifications
  • Improving our website and services
  • Complying with legal obligations and resolving disputes

We do not use your personal information for marketing purposes unless you have specifically opted in to receive such communications. You can unsubscribe at any time.

Legal Basis for Processing

We process personal data based on the following legal grounds:

  • Contract Performance: Processing necessary to fulfill our contractual obligations when you engage our services
  • Legitimate Interests: Operating our business, improving services, and maintaining website security
  • Legal Obligations: Complying with tax, accounting, and other legal requirements
  • Consent: Where you have explicitly agreed to specific data processing activities

Data Sharing and Disclosure

We do not sell, rent, or trade your personal information. We may share your data with third parties only in the following circumstances:

  • Service Providers: Trusted third parties who assist with business operations such as email hosting, cloud storage, and payment processing. These providers are bound by confidentiality agreements.
  • Legal Requirements: When required by law, court order, or governmental authority.
  • Business Transfers: In the event of a merger, acquisition, or sale of business assets, personal data may be transferred to the acquiring party.

All third-party service providers are carefully selected and must agree to keep your information secure and confidential.

Data Retention

We retain personal information for as long as necessary to fulfill the purposes outlined in this policy or as required by law. Specific retention periods include:

  • Client project files and communications: Retained for the duration of the project plus six years for legal and accounting purposes
  • Financial records: Seven years as required by HMRC regulations
  • Website analytics data: Aggregated and anonymised after 26 months
  • Marketing communications: Until you unsubscribe or withdraw consent

Once the retention period expires, we securely delete or anonymise your personal information.

Your Rights

Under UK data protection law, you have several rights regarding your personal information:

  • Right of Access: Request a copy of the personal data we hold about you
  • Right to Rectification: Request correction of inaccurate or incomplete information
  • Right to Erasure: Request deletion of your personal data in certain circumstances
  • Right to Restrict Processing: Request limitation on how we use your data
  • Right to Data Portability: Receive your data in a structured, commonly used format
  • Right to Object: Object to processing based on legitimate interests
  • Right to Withdraw Consent: Withdraw consent for processing where consent is the legal basis

To exercise any of these rights, please contact us at [email protected]. We will respond to your request within one month.

Data Security

We implement appropriate technical and organisational measures to protect your personal information against unauthorised access, alteration, disclosure, or destruction. These measures include:

  • Encryption of data in transit and at rest
  • Secure password policies and access controls
  • Regular security assessments and updates
  • Staff training on data protection practices
  • Secure backup and disaster recovery procedures

While we take security seriously, no method of electronic transmission or storage is completely secure. We cannot guarantee absolute security but maintain industry-standard protections.

International Data Transfers

We primarily operate within the United Kingdom and store data on servers located in the UK or European Economic Area. If we transfer data outside these regions, we ensure appropriate safeguards are in place, such as standard contractual clauses approved by relevant authorities.

Children's Privacy

Our services are not directed at individuals under 16 years of age. We do not knowingly collect personal information from children. If you believe we have inadvertently collected such information, please contact us immediately so we can delete it.

Changes to This Policy

We may update this privacy policy periodically to reflect changes in our practices or legal requirements. When we make significant changes, we will update the date at the top of this page and notify clients where appropriate. We encourage you to review this policy regularly.

Contact and Complaints

If you have questions about this privacy policy or how we handle your personal information, please contact us:

Email: [email protected]
Address: 42 Rivington Street, Shoreditch, London EC2A 3BN, United Kingdom

You also have the right to lodge a complaint with the Information Commissioner's Office (ICO), the UK supervisory authority for data protection issues:

Website: bright-pebble.com
Telephone: 0303 123 1113