top of page
MDM Primary Logo

PRIVACY POLICY

Last updated: 1st June 2026

This Privacy Policy explains how Mitchell Digital Media Ltd collects, uses, stores and protects personal information.

 

Mitchell Digital Media Ltd is a digital marketing agency working primarily with schools, multi-academy trusts, education organisations and community-focused clients. We provide services including social media management, video production, photography, design, website content, marketing support and communications advice.

 

We are committed to protecting personal information and handling it in a lawful, fair and transparent way.

 

This Privacy Policy applies to our website, enquiries, clients, suppliers, prospective clients, professional contacts and other people who interact with Mitchell Digital Media Ltd.

It should be read alongside our Cookies Policy.

 

1. Who we are

This website is operated by:

Mitchell Digital Media Ltd
Company number: 13985260
Registered office: Bank House, The Strand, Calne, England, SN11 0EN
Email: info@mitchelldigitalmedia.co.uk
Website: www.mitchelldigitalmedia.co.uk

In this policy, “we”, “us” and “our” refer to Mitchell Digital Media Ltd.

 

For the purposes of data protection law, Mitchell Digital Media Ltd is usually the “data controller” for the personal information described in this Privacy Policy. This means we decide how and why that information is used.

 

In some cases, particularly when we provide services to schools, multi-academy trusts or other organisations, we may act as a “data processor” on behalf of that client. In those situations, the client remains responsible for deciding how and why personal information is used, and we process it only in line with our agreement with them.

 

2. Personal information we collect

We may collect and use the following types of personal information:

 

Contact details
This may include your name, job title, organisation, email address, phone number, postal address and other contact information.

 

Business and enquiry information
This may include information you provide when you contact us, request a quote, book a meeting, ask about our services, complete a form or communicate with us by email, phone, social media or other channels.

 

Client and project information
This may include information needed to deliver our services, manage projects, communicate with clients, arrange visits, issue invoices, manage approvals and maintain business records.

 

Website usage information
This may include information about how you use our website, such as pages visited, time spent on the site, links clicked, device information, browser type, IP address and cookie preferences.

 

Marketing and communications information
This may include your communication preferences, marketing interactions, email engagement, event attendance, responses to campaigns and whether you have opted out of marketing.

 

Images, video and media content
Where we provide photography, video, social media or design services, we may handle images, video footage, audio recordings, names, job titles or other information included in content. Where this relates to schools, pupils, staff, parents or other individuals, this will usually be handled under the instructions of the school, trust or client organisation.

 

Supplier and contractor information
This may include names, contact details, payment information, invoices, contracts, business correspondence and records relating to services provided to or by us.

 

Recruitment or freelance enquiry information
If you contact us about work, employment, freelance opportunities or collaboration, we may collect information such as your name, contact details, CV, portfolio, experience, availability and correspondence.

 

We do not intentionally collect more personal information than we need.

 

3. How we collect personal information

We may collect personal information when:

  • you visit our website;

  • you complete a form on our website;

  • you email, call or message us;

  • you ask for a quote or proposal;

  • you become a client or supplier;

  • you attend a meeting, event or training session;

  • you interact with us on social media;

  • you subscribe to, receive or respond to our marketing communications;

  • you provide information as part of a project;

  • a client, school, trust or organisation provides information to us so we can deliver services;

  • we obtain publicly available business contact information, such as information published on school, trust, organisation or professional websites.

 

4. How we use personal information

We may use personal information for the following purposes:

  • to respond to enquiries;

  • to provide quotes, proposals and information about our services;

  • to manage client relationships;

  • to deliver our services;

  • to create, edit, approve and publish marketing, photography, video, design or social media content;

  • to arrange meetings, visits, filming, photography or training;

  • to provide customer support;

  • to manage contracts and business records;

  • to issue invoices and process payments;

  • to manage suppliers, freelancers and contractors;

  • to improve our website, services and communications;

  • to send relevant business-to-business marketing communications;

  • to comply with legal, regulatory, accounting or tax obligations;

  • to protect our business, website, systems and legal rights.

 

5. Our lawful bases for using personal information

Under UK data protection law, we must have a lawful basis for using personal information. The lawful basis depends on the purpose for which we use the information.

 

We may rely on the following lawful bases:

Contract
We may use personal information where it is necessary to enter into or perform a contract with you, your organisation, a client, supplier or contractor.

 

This includes using information to provide services, manage projects, communicate with clients, arrange work, issue invoices and deal with service-related queries.

 

Legitimate interests
We may use personal information where it is necessary for our legitimate business interests, provided those interests are not overridden by your rights and freedoms.

 

This may include responding to business enquiries, managing client relationships, improving our services, maintaining business records, promoting our services to relevant organisations, protecting our business and communicating with professional contacts.

 

Where we rely on legitimate interests for marketing, we consider whether the communication is relevant, proportionate and expected in a business context. You can opt out of marketing at any time.

 

Consent
We may rely on consent where you have actively agreed to something, such as receiving certain types of marketing communication or allowing non-essential cookies to be used on our website.

 

Where we rely on consent, you can withdraw it at any time.

 

Legal obligation
We may use personal information where we need to comply with a legal obligation, such as tax, accounting, company record-keeping or responding to lawful requests from regulators or authorities.

Vital interests or public task
These lawful bases are unlikely to apply to most of our normal business activities, but may apply in rare circumstances where necessary.

 

6. Marketing communications

We may contact professional contacts, schools, trusts, organisations, clients or prospective clients about our services where we believe the information may be relevant to them.

 

This may include email newsletters, service updates, event invitations, useful resources, offers, proposals or information about digital marketing, school communications, social media, video, photography, design or related services.

 

Where we send business-to-business marketing, we will do so in accordance with applicable data protection and electronic marketing laws. The ICO confirms that where publicly available business contact details identify an individual, the UK GDPR still applies, and organisations must be clear about their lawful basis and provide privacy information. 

 

You can opt out of marketing communications at any time by clicking the unsubscribe link in our emails, replying to ask us to stop, or contacting us at info@mitchelldigitalmedia.co.uk.

 

We will not sell your personal information to third parties.

 

7. Cookies and website analytics

Our website uses cookies and similar technologies. Some cookies are necessary for the website to work properly, while others help us understand how visitors use the website or support marketing activity.

 

Non-essential cookies, such as analytics or marketing cookies, should only be used where you have given consent.

 

For more information, please see our Cookies Policy.

 

8. Working with schools, trusts and education organisations

Much of our work is with schools, multi-academy trusts and education organisations.

 

As part of this work, we may handle personal information relating to school staff, pupils, parents, governors, trustees or other individuals. This may include names, job titles, images, video footage, audio recordings, social media content, testimonials, case studies or other project-related information.

 

Where a school, trust or client provides this information to us so we can deliver services, they will usually be the data controller and we will act as their data processor. This means the school, trust or client is responsible for deciding the lawful basis for using the information, obtaining any required permissions or consents, providing privacy information to individuals and instructing us on how the information should be used.

 

We process this information only for the purpose of delivering the agreed services and in line with our contract, data processing agreement or written instructions from the client.

 

9. Children’s personal information

Because we work with schools and education organisations, we may process images, video or other information that includes children or young people.

 

We take this responsibility seriously. Where we process children’s personal information on behalf of a school, trust or education organisation, we expect the client to confirm that the relevant permissions, consents, safeguards and privacy information are in place.

 

We do not knowingly collect children’s personal information directly through our website for our own purposes.

 

10. Special category information

Special category information is more sensitive personal information, such as information about health, ethnicity, religion, political opinions, trade union membership, biometric data or sexual orientation.

 

We do not usually need to collect special category information for our own business purposes.

However, some content provided to us by clients, such as photographs, video footage or case study information, may reveal special category information indirectly. Where this happens, we will handle the information carefully and in line with the client’s instructions, our agreement with them and applicable data protection law.

 

11. Who we share personal information with

We may share personal information with trusted third parties where necessary for the purposes described in this policy.

 

This may include:

  • website hosting and website platform providers;

  • email, cloud storage and IT service providers;

  • customer relationship management and project management tools;

  • accounting, bookkeeping and payment providers;

  • professional advisers, such as accountants, insurers or legal advisers;

  • freelancers, contractors or delivery partners who help us provide services;

  • schools, trusts, clients or other organisations involved in a project;

  • regulators, authorities or law enforcement bodies where required by law.

 

We only share personal information where there is a proper reason to do so. Where appropriate, we require service providers and contractors to handle personal information securely and only for authorised purposes.

 

12. International transfers

Some of the third-party tools and service providers we use may process personal information outside the UK.

 

Where personal information is transferred outside the UK, we will take steps to ensure it is protected in accordance with applicable data protection law. This may include using UK-approved transfer mechanisms, adequacy regulations or appropriate contractual safeguards.

 

13. How long we keep personal information

We keep personal information only for as long as necessary for the purposes for which it was collected.

 

The length of time we keep information depends on the type of information and the reason we hold it.

 

As a general guide:

  • enquiry information may be kept for up to 24 months after our last meaningful contact, unless a longer period is appropriate;

  • client and project records may be kept for up to 7 years after the end of the client relationship for legal, tax, accounting and business record purposes;

  • supplier and financial records may be kept for up to 7 years;

  • marketing contact information may be kept until you unsubscribe, object or ask us to delete it, unless we need to retain limited details to maintain a suppression list;

  • recruitment or freelance enquiry information may usually be kept for up to 12 months unless we agree otherwise;

  • website analytics data may be kept for the period set by the relevant analytics provider or cookie settings;

  • project media files, photographs, video footage and design assets may be kept in line with our agreement with the relevant client.

 

Where we act as a processor for a school, trust or client, retention periods may be governed by our contract or the client’s instructions.

 

14. How we protect personal information

We use appropriate technical and organisational measures to protect personal information.

 

These may include secure systems, access controls, password protection, account permissions, staff guidance, secure storage, device security, supplier checks and internal processes designed to reduce the risk of unauthorised access, loss, misuse or disclosure.

 

No system can be guaranteed to be completely secure, but we take reasonable steps to protect the personal information we handle.

 

15. Your rights

Under data protection law, you have rights in relation to your personal information.

These may include the right to:

  • be informed about how your personal information is used;

  • access the personal information we hold about you;

  • ask us to correct inaccurate or incomplete information;

  • ask us to delete your personal information in certain circumstances;

  • ask us to restrict how we use your information in certain circumstances;

  • object to certain types of processing, including direct marketing;

  • ask for your information to be transferred to another organisation in certain circumstances;

  • withdraw consent where we rely on consent;

  • complain to the Information Commissioner’s Office.

 

These rights do not always apply in every situation. If you make a request, we may need to verify your identity and consider whether the right applies in the circumstances.

 

To exercise your rights, please contact us at info@mitchelldigitalmedia.co.uk.

 

16. Complaints

If you have concerns about how we use your personal information, please contact us first so we can try to resolve the issue.

 

You can contact us at:

Mitchell Digital Media Ltd
Email: info@mitchelldigitalmedia.co.uk

 

You also have the right to complain to the Information Commissioner’s Office, which is the UK regulator for data protection.

ICO website: www.ico.org.uk

 

17. Changes to this Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in the law, regulatory guidance, our business, our website or the services we provide.

 

The latest version will always be published on our website with the date it was last updated.

bottom of page