Privacy Policy

PRIVACY POLICY

Last Updated: 8 May 2026
Effective Date: 8 May 2026

  1. INTRODUCTION

BRIK FACTORY LTD (“Brik Factory”, “we”, “us”, or “our”) is committed to protecting and respecting your privacy. This Privacy Policy explains how we collect, use, store, share, and protect your personal information when you visit our website at https://brik-factory.com (the “Website”) or engage with our brand and creator services.

This Privacy Policy applies to all visitors, prospective clients, clients, partners, suppliers, and any other individuals whose personal data we may process in the course of our business activities.

We are registered in England and Wales as a private limited company. Our company details are:

Company Name: BRIK FACTORY LTD
Company Number: 15631479
Registered Office: Innovation Centre Knowledge Gateway, Boundary Road, Colchester, England, CO4 3ZQ, United Kingdom
Email: Hello@brik-factory.com
Phone: +44 7714 743496

We are the data controller responsible for your personal data under the United Kingdom General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

By using our Website or engaging our services, you confirm that you have read and understood this Privacy Policy and consent to the collection and use of your information as described herein.

  1. WHAT INFORMATION WE COLLECT

We collect and process the following categories of personal information:

2.1 Information you provide directly to us:

  • Full name and professional title
  • Email address (such as those submitted via our contact forms)
  • Telephone number
  • Postal address or business address
  • Company or organisation name
  • Job role or industry
  • Project briefs, creative materials, and content shared in connection with our services
  • Billing details (note: full payment card details are processed directly by our payment processor and are never stored on our servers)
  • Communications you send to us (emails, messages, enquiries, feedback)

2.2 Information we collect automatically:

  • IP address and approximate geographic location
  • Browser type, version, and language settings
  • Device type and operating system
  • Referring URL and pages visited on our Website
  • Date, time, and duration of your visit
  • Cookie identifiers and similar tracking data (please refer to our Cookie Policy for full details)

2.3 Information from third parties:

  • Information from publicly available sources, such as professional networks (e.g. LinkedIn) where relevant to a business engagement
  • Information from analytics providers, advertising partners, and search information providers
  • Referrals from existing clients or industry partners
  • Information from our payment processors confirming successful transactions

2.4 Information related to creator and performing arts services:
Where we deliver services to artists, performers, content creators, or their representatives under our SIC 90020 service line (creator and performing arts support), we may also process limited additional information necessary to perform tour promotion, brand packaging, audience engagement, or personal IP development. This may include audience demographic data, social media analytics, performance schedules, and promotional materials. All such information is processed strictly for the agreed scope of work and only with the appropriate lawful basis.

We do not knowingly collect special category data (such as health data, racial or ethnic origin, political opinions, religious beliefs, or sexual orientation) unless it is necessary for a specific creative or PR engagement and you have given explicit consent.

  1. HOW WE USE YOUR INFORMATION

We use your personal information for the following purposes and on the following lawful bases under UK GDPR:

3.1 To provide our services (Lawful basis: performance of a contract)

  • Delivering brand strategy, public relations, market research, and creator support services
  • Communicating with you about your project, deliverables, and timelines
  • Issuing invoices and processing payments
  • Providing customer support and responding to your queries

3.2 To operate and improve our Website (Lawful basis: legitimate interests)

  • Ensuring the Website functions correctly
  • Analysing site usage to improve user experience
  • Securing our systems and detecting fraudulent activity

3.3 To communicate with you (Lawful basis: legitimate interests / consent)

  • Responding to enquiries submitted through our Website or by email
  • Sending project updates, service-related notifications, and administrative messages
  • Sending marketing communications, newsletters, or industry insights (only where you have opted in, and you may withdraw consent at any time)

3.4 To comply with legal obligations (Lawful basis: legal obligation)

  • Maintaining accounting and tax records as required by HMRC and UK law
  • Responding to lawful requests from public authorities
  • Complying with anti-money laundering and counter-fraud requirements

3.5 To protect our business and rights (Lawful basis: legitimate interests)

  • Preventing fraud, unauthorised access, or misuse of our services
  • Enforcing our Terms of Service and other contractual agreements
  • Establishing, exercising, or defending legal claims

We will never sell your personal data to third parties, and we will not use your data for purposes incompatible with those described in this Privacy Policy.

  1. HOW WE SHARE YOUR INFORMATION

We may share your personal information with the following categories of recipients, only when necessary and under appropriate safeguards:

4.1 Service providers and processors:

  • Website hosting and infrastructure providers
  • Email and communication platform providers
  • Payment processors (such as Stripe Payments UK, Ltd.)
  • Cloud storage and file-sharing providers
  • Customer relationship management (CRM) and project management tools
  • Analytics providers (such as Google Analytics)
  • Email marketing platforms (only where you have subscribed)

4.2 Professional advisers:

  • Accountants, auditors, and tax advisers
  • Legal counsel where necessary to obtain advice or defend our interests
  • Business insurers

4.3 Authorities and regulators:

  • HM Revenue & Customs and other UK tax authorities
  • The Information Commissioner’s Office (ICO)
  • Law enforcement, courts, or government agencies where legally required

4.4 Business transfers:
In the event of a merger, acquisition, restructuring, or sale of all or part of our business, your personal data may be transferred to the relevant third party, subject to the same protections set out in this Privacy Policy.

All third parties acting as data processors on our behalf are required to enter into written agreements that obligate them to handle your data in accordance with UK GDPR and to implement appropriate security measures.

  1. INTERNATIONAL DATA TRANSFERS

We are based in the United Kingdom, and most of our data processing activities take place within the UK and the European Economic Area (EEA). However, some of our service providers may be located outside of the UK and EEA, including in the United States and other countries.

Whenever we transfer personal data outside of the UK, we ensure that appropriate safeguards are in place, such as:

  • The country has been recognised by the UK Government as providing an adequate level of data protection
  • We use the UK International Data Transfer Agreement (IDTA) or the UK Addendum to the EU Standard Contractual Clauses
  • The recipient is certified under a valid international transfer framework
  • You have been informed of the transfer and any specific risks, where applicable

You may contact us at Hello@brik-factory.com for further information about international transfers and the safeguards we apply.

  1. HOW LONG WE KEEP YOUR INFORMATION

We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected, including:

  • Client records and project files: for the duration of the engagement and up to 6 years after the end of the relationship, in line with UK statutory limitation periods
  • Accounting, tax, and invoicing records: minimum of 6 years from the end of the relevant accounting period, as required by HMRC
  • Marketing contact data: until you unsubscribe or withdraw consent, or after a period of inactivity (typically 24 months)
  • Website analytics data: typically 26 months or as configured in our analytics tools
  • Enquiry and contact form submissions: up to 24 months unless they lead to a paid engagement
  • Job applications and CVs: up to 12 months unless we are given consent to retain longer

When personal data is no longer required, we will securely delete or anonymise it.

  1. YOUR RIGHTS UNDER UK GDPR

You have the following rights regarding your personal data:

7.1 Right of access — You can request a copy of the personal data we hold about you.
7.2 Right to rectification — You can ask us to correct inaccurate or incomplete data.
7.3 Right to erasure — You can request deletion of your personal data in certain circumstances (“right to be forgotten”).
7.4 Right to restriction of processing — You can ask us to limit how we process your data.
7.5 Right to data portability — You can request a copy of your data in a structured, machine-readable format.
7.6 Right to object — You can object to our processing of your data on the basis of legitimate interests or for direct marketing.
7.7 Right to withdraw consent — Where we rely on consent, you can withdraw it at any time.
7.8 Rights related to automated decision-making — We do not currently use fully automated decision-making that produces legal or similarly significant effects.

To exercise any of these rights, please contact us at Hello@brik-factory.com. We will respond within one calendar month of receiving your request, in line with UK GDPR.

If you are not satisfied with how we handle your data, you have the right to lodge a complaint with the UK Information Commissioner’s Office (ICO):

Information Commissioner’s Office
Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
Helpline: 0303 123 1113
Website: https://ico.org.uk

We would, however, appreciate the chance to address your concerns directly before you contact the ICO.

  1. SECURITY OF YOUR INFORMATION

We take the security of your personal data seriously and have implemented appropriate technical and organisational measures, including:

  • Encryption of data in transit (HTTPS / TLS) and at rest where applicable
  • Access controls and authentication for our internal systems
  • Regular software updates and security patches
  • Confidentiality obligations for all employees, contractors, and freelance collaborators
  • Secure handling and deletion of physical documents
  • Use of reputable, GDPR-compliant third-party processors
  • Regular review of our data protection practices

While we strive to protect your information, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security, but we will notify you and the relevant authorities of any data breach in accordance with UK GDPR requirements.

  1. COOKIES AND TRACKING TECHNOLOGIES

Our Website uses cookies and similar tracking technologies to enhance your browsing experience and to analyse site performance. For full details on the cookies we use, please refer to our separate Cookie Policy, available at https://brik-factory.com/cookie-policy.

You can manage your cookie preferences through the cookie banner displayed on our Website or through your browser settings.

  1. CHILDREN’S PRIVACY

Our Website and services are not directed at children under the age of 16. We do not knowingly collect personal data from children. If you believe a child has provided us with personal information, please contact us at Hello@brik-factory.com and we will delete it promptly.

In the context of our SIC 90020 creator and performing arts services, where any engagement involves a performer or creator under the age of 18, we will only process their data with verifiable parental or legal guardian consent and in accordance with applicable safeguarding requirements.

  1. THIRD-PARTY LINKS

Our Website may contain links to third-party websites, plugins, or services. We are not responsible for the privacy practices or content of those third parties. We encourage you to read their privacy policies before submitting any personal information.

  1. MARKETING COMMUNICATIONS

If you have opted in to receive marketing communications from us, you can unsubscribe at any time by:

  • Clicking the “unsubscribe” link in any of our marketing emails
  • Emailing us at Hello@brik-factory.com with the subject line “Unsubscribe”

We will action your request within 7 working days. Please note that even if you unsubscribe from marketing, we may still contact you about service-related matters such as project updates and invoices.

  1. CHANGES TO THIS PRIVACY POLICY

We may update this Privacy Policy from time to time to reflect changes in our practices, services, technologies, legal requirements, or other factors. The “Last Updated” date at the top of this policy indicates when it was most recently revised.

For material changes, we will notify you by email (where we have your address on file) or by posting a prominent notice on our Website. We encourage you to review this Privacy Policy periodically.

  1. CONTACT US

If you have any questions, concerns, or requests regarding this Privacy Policy or our data processing practices, please contact us:

BRIK FACTORY LTD
Innovation Centre Knowledge Gateway
Boundary Road, Colchester
England, CO4 3ZQ
United Kingdom

Email: Hello@brik-factory.com
Phone: +44 7714 743496
Website: https://brik-factory.com

Company Number: 15631479
Registered in England and Wales

We aim to respond to all privacy-related enquiries within 5 working days.

© 2026 BRIK FACTORY LTD. All rights reserved.

Scroll to Top