Citadelle Privacy Policy

Last updated: 9 July 2025

1. Who we are

Citadelle Marketing Ltd ("Citadelle", "we", "our", "us") is a limited company registered in England & Wales (Company Nº 15837772) with its registered office at 128 City Road, London, United Kingdom, EC1V 2NX. We provide marketing strategy and growth consultancy services. For the purposes of UK data‑protection law, we act as the data controller when we decide why and how to process personal data collected via citadelle.co.uk.

2. The data we collect

We collect the following categories of personal data:

  • Identity data, such as your name, job title and company. We get this when you fill in a web form, email us or connect via LinkedIn.

  • Contact data, such as email addresses, telephone numbers and postal addresses, supplied through our web forms, business cards or at events.

  • Marketing profile data, such as what content you read, events you attend and how you interact with our emails or social media.

  • Technical data, such as IP address, browser type, device identifiers and cookie IDs captured by cookies and our server logs.

  • Transactional data proposals, such as contracts, invoices and payment records arising from our correspondence.

We do not intentionally collect special‑category data unless you choose to provide it (for example, dietary needs for an event).

3. How and why we use your data (lawful bases)

We only use your personal data when the law allows. The main purposes are:

  • Responding to enquiries and providing our services. This is used to prepare or perform a contract with you (UK GDPR Art. 6 (1)(b)).

  • Sending thought‑leadership content and event invitations, with your consent (Art. 6 (1)(a)) or, if you are an existing client/contact, under our legitimate interests and the PECR soft‑opt‑in (Art. 6 (1)(f)). You can opt out at any time.

  • Website analytics and improving user experience, with your consent obtained through our cookie banner. We use Google Analytics.

  • Maintaining records, invoicing and compliance, to meet legal obligations such as accounting rules and HMRC requirements (Art. 6 (1)(c)).

  • Protecting our website and services, to pursue our legitimate interests in network security and fraud prevention (Art. 6 (1)(f)).

We will clearly identify any additional purposes at the point of collection.

4. Cookies and similar technologies

We use first‑party & third‑party cookies for analytics, functionality and advertising. Non‑essential cookies load only after you grant consent via our cookie banner. You can adjust preferences or withdraw consent at any time.

5. Sharing your data

We share personal data with trusted providers who help us run our business, for example:

  • Web hosting & email (e.g. Cloudflare, Google Workspace)

  • CRM & marketing automation (e.g. HubSpot)

  • Analytics & optimisation tools (e.g. Google Analytics, Hotjar)

  • Professional advisors (lawyers, accountants)

All processors are bound by written agreements and must keep data secure and confidential. We will never sell your data.

6. International transfers

Some suppliers are located outside the UK. Where this results in a transfer to a country without an adequacy decision, we rely on approved safeguards such as the UK Addendum to EU Standard Contractual Clauses.

7. Data retention

We keep personal data only as long as necessary for the purposes set out above, plus any statutory limitation periods. Typical retention periods:

  • Marketing contacts: 24 months after last engagement

  • Client records & contracts: 7 years after relationship ends (accounting)

8. Your rights

You have the right to request access, rectification, erasure, restriction, data portability and to object to certain processing, including automated decision‑making. Where we rely on consent, you may withdraw it at any time. To exercise any right, contact us using the details below.

9. How we keep your data secure

We employ industry‑standard technical and organisational measures such as encryption in transit (TLS), access controls, security monitoring and staff training.

10. Contact us

If you have questions about this notice or wish to exercise a privacy right, please email diandra@citadelle.co.uk or write to Data Protection Lead, Citadelle Marketing Ltd, 128 City Road, London, United Kingdom, EC1V 2NX.

You also have the right to lodge a complaint with the UK Information Commissioner’s Office (www.ico.org.uk) if you believe we have not complied with data‑protection law.

11. Updates

We may update this notice from time to time. Significant changes will be notified on our website or by email. Please check back regularly for the latest version.