Privacy Policy

1. About this Policy

This Privacy Policy explains how we collect, use, share, and protect personal data in connection with our website located at neramarketing.co.uk and any related subdomains, including pay.neramarketing.co.uk and pay.neramarketing.com (together, the “Website”), and the services we provide.

This Policy forms part of our Website Terms of Service available at https://neramarketing.co.uk/terms-of-service.

We are committed to protecting your personal data in accordance with the UK General Data Protection Regulation (“UK GDPR”), the Data Protection Act 2018, the Privacy and Electronic Communications Regulations 2003 (“PECR”), and all other applicable data protection laws.

2. Who We Are

The Website is operated by Nera Marketing Ltd, a company incorporated in England and Wales under company number 15186660, whose registered office is at Unit 73 The Laurels, Manston Business Park, Ramsgate, Kent, CT12 5NQ, United Kingdom, together with Nera Marketing FZ-LLC, a Free Zone Limited Liability Company registered in Ras Al Khaimah, United Arab Emirates under Ras Al Khaimah Economic Zone Authority Licence Number 46002007 and Registration Number 0000004085287, whose registered office is at VUPR1504, Compass Building, Al Hulaila, Al Hulaila Industrial Zone-FZ, Ras Al Khaimah, United Arab Emirates.

References in this Policy to “Nera”, “we”, “us” and “our” include both entities, together with any group company, affiliate, subsidiary, holding company, trading name, or approved subcontractor of either entity, trading under the “Nera” and “Nera Marketing” brand (together, the “Nera Group”).

Nera Marketing Ltd is the data controller for personal data collected in connection with the Website and our services, and is registered with the UK Information Commissioner’s Office under registration reference ZC105960.

If you have any questions about this Policy or your personal data, you can contact us at hello@neramarketing.co.uk.

3. Our Role: Controller and Processor

Depending on the context, we act as either a data controller or a data processor:

As controller, we decide how and why personal data is processed. We act as controller for:

Visitors to the Website and people who submit enquiries, request information, or subscribe to our communications
Our clients, prospects, suppliers, partners, and their respective staff
Users of our subdomains, portals, or payment pages
Recipients of our marketing communications

As processor, we process personal data on behalf of our clients and in accordance with their documented instructions. This typically applies when we deliver marketing, advertising, website, or hosting services to a client whose end-users or customers are the underlying data subjects. In those cases, the client is the data controller and we are the data processor, and our processing is governed by a separate data processing agreement.

4. What Personal Data We Collect

We collect and process the following categories of personal data, depending on your interaction with us:

4.1 Information you provide directly

Identity and contact information: name, job title, company name, email address, telephone number, postal address
Enquiry and project information: details of your project, business, competition or marketing requirements, budgets, timelines, and any other information you share during scoping
Account and login information: username, password, authentication details where you have an account or portal access
Payment information: billing address, card details (processed by Stripe, not stored on our servers), bank account details for direct debit, invoice references, VAT numbers
Communications: content of emails, messages, calls, meetings, and other correspondence with us
Marketing preferences: consent status, subscription preferences, engagement with our communications

4.2 Information collected automatically

Technical data: IP address, browser type and version, device type, operating system, time zone, language preferences
Usage data: pages visited, time spent, click paths, referrer information, search terms used to find the Website
Cookie data and similar tracking technologies, as described in our Cookie Policy
Advertising data: interactions with our advertisements, conversion events, Meta Pixel events, Google Ads conversion data

4.3 Information from third parties

Business information from Companies House, the FCA register, the ICO register, and similar public sources
Lead intelligence from LinkedIn, publicly available professional directories, or lead-generation providers
Analytics and conversion data from Google Analytics, Google Ads, and Meta
Referrals and introductions from partners, clients, or other third parties

We do not intentionally collect special category data (such as health, religion, political views, or biometric data) or children’s data. If you believe you have provided any such data inadvertently, please contact us so we can delete it.

5. Why We Process Your Personal Data, and Our Legal Bases

We process personal data only where we have a lawful basis under UK GDPR. The main purposes and bases are:

5.1 To provide our services and perform a contract

Legal basis: performance of a contract with you, or steps taken at your request before entering a contract.

Responding to enquiries and providing quotes
Delivering the services we have agreed with you, including website builds, compliance packages, advertising management, SEO, hosting, consultancy, and any other service
Invoicing, taking payment, and collecting overdue sums
Managing accounts, portals, and access to deliverables
Communicating about your project, account, or engagement

5.2 To run our business and for our legitimate interests

Legal basis: our legitimate interests (and your interests, rights, and freedoms being protected).

Operating and improving the Website and our services
Business-to-business marketing to corporate contacts where relevant to their role
Analytics, reporting, and measuring the performance of our marketing
Advertising and retargeting, including via Meta and Google
Preventing fraud, protecting our systems, and defending our legal rights (including in connection with chargebacks, disputes, and debt recovery)
Managing relationships with suppliers, partners, and introducers
Internal record-keeping, training, and business development

5.3 To comply with legal obligations

Legal basis: compliance with our legal obligations.

Accounting, tax, VAT, and regulatory record-keeping
Responding to lawful requests from regulators, law enforcement, or courts
Compliance with anti-money laundering and anti-fraud obligations
Compliance with our obligations under UK GDPR, PECR, the Companies Act 2006, and other applicable law

5.4 With your consent

Legal basis: your consent, which you may withdraw at any time.

Subscribing you to our newsletter or marketing emails where you have opted in
Setting non-essential cookies and similar tracking technologies, as described in our Cookie Policy
Any other processing where we have specifically asked for and received your consent

6. Who We Share Your Personal Data With

We share personal data only where necessary and with appropriate safeguards. We share with the following categories of recipient:

6.1 Members of the Nera Group

We share personal data internally across members of the Nera Group, including Nera Marketing Ltd and Nera Marketing FZ-LLC, for the purposes set out in this Policy. Each entity is bound by equivalent confidentiality and data protection standards.

6.2 Our service providers and processors

We use carefully selected third-party service providers to help us deliver our services. These providers process personal data on our behalf under contractual data-processing safeguards. Our key providers include:

WP Engine (website hosting)
Cloudflare (content delivery, DNS, security)
Stripe (payment processing, card tokenisation, direct debit)
Monday.com (project management and client communication)
Google (Google Analytics, Google Ads, conversion tracking)
Meta (Facebook and Instagram Pixel, conversion API, ad targeting)
Email, calendar, and productivity providers (such as Google Workspace or Microsoft 365)
Professional advisers: solicitors, accountants, auditors, insurers
Specialist partner providers where we make introductions, including payment partners for our clients

6.3 Third parties for legal, regulatory, and protective reasons

Tax authorities, including HMRC and the UAE Federal Tax Authority
Regulators including the ICO, ASA, and any other competent authority
Law enforcement, courts, and other public bodies where required by law
Our bank, acquirer, and payment processors in connection with payments, chargebacks, and dispute defence, including sharing of evidence in support of our position in a payment dispute
Debt recovery agencies, fraud prevention databases (such as Cifas), and credit reference agencies where you owe us money or we reasonably suspect fraud
Legal, financial, and professional advisers in connection with actual or potential legal proceedings, corporate transactions, or restructuring

6.4 In a corporate transaction

If we are involved in a sale, merger, restructuring, or transfer of assets, we may transfer personal data to a buyer or successor entity, subject to the protections of this Policy.

We do not sell your personal data to third parties.

7. International Transfers

Because we operate across the UK and the UAE, and because some of our service providers are located outside the UK, your personal data may be transferred to and processed in countries outside the UK, including the United Arab Emirates, the United States, and the European Economic Area.

When we transfer personal data outside the UK, we take appropriate safeguards required by UK GDPR, including:

Transferring to countries with a UK adequacy decision
Using the UK International Data Transfer Agreement, the International Data Transfer Addendum to the EU Standard Contractual Clauses, or equivalent approved transfer mechanisms
Relying on derogations set out in UK GDPR where permitted

You may contact us at hello@neramarketing.co.uk for further information on the specific safeguards applied to any transfer.

8. How Long We Keep Your Personal Data

We retain personal data only for as long as is necessary for the purposes for which it was collected, to comply with our legal obligations, and to defend our legal rights. Our general retention periods are:

Enquiry and prospect data: up to 3 years from last contact, to allow us to respond to ongoing business development conversations
Client and project data: for the duration of the engagement and 6 years thereafter, in line with limitation periods under English law
Accounting, tax, and financial records: 6 years from the end of the relevant tax year, in line with HMRC requirements
Payment card and direct debit authorisation data: for the duration of the engagement and for such period thereafter as is necessary for dispute, chargeback, audit, and recovery purposes
Marketing preferences and consent records: for as long as we send marketing communications to you, and for 3 years after you opt out, to demonstrate compliance with PECR and UK GDPR
Website analytics and cookie data: as set out in our Cookie Policy
Employment, supplier, and professional relationships data: for the duration of the relationship and for such period thereafter as is necessary for legal, tax, and regulatory purposes

At the end of the applicable retention period, we will delete or anonymise your personal data, unless we are required by law to retain it further.

9. Your Rights

Under UK GDPR, you have the following rights in relation to your personal data:

Right of access: you can ask for a copy of the personal data we hold about you
Right to rectification: you can ask us to correct inaccurate or incomplete data
Right to erasure: you can ask us to delete your personal data in certain circumstances
Right to restrict processing: you can ask us to pause processing in certain circumstances
Right to data portability: you can ask us to provide your personal data in a structured, machine-readable format
Right to object: you can object to processing based on our legitimate interests, and to direct marketing at any time
Right to withdraw consent: where we rely on consent, you can withdraw it at any time without affecting the lawfulness of prior processing
Rights in relation to automated decision-making and profiling: we do not make any decisions about you based solely on automated processing that produces legal or similarly significant effects

To exercise any of these rights, please email us at hello@neramarketing.co.uk. We will respond within one month, unless the request is complex, in which case we may extend by a further two months and will notify you.

We may need to verify your identity before responding to a request, to protect your personal data.

Some rights are subject to exceptions and conditions under UK GDPR, and we may need to decline a request or retain certain data where we are legally entitled or required to do so (for example, for tax, accounting, legal defence, or regulatory compliance reasons).

10. How to Complain

If you have any concerns about how we handle your personal data, please contact us first at hello@neramarketing.co.uk so we can try to resolve the matter directly.

You also have the right to lodge a complaint with the UK Information Commissioner’s Office:

Website: https://ico.org.uk
Helpline: 0303 123 1113
Address: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF

11. Marketing Communications

We send marketing communications only in accordance with UK GDPR and PECR. Specifically:

We send email marketing to individuals who have opted in, or to corporate contacts under the legitimate interests basis (“soft opt-in” or business-to-business marketing where relevant to their role)
Every marketing email contains a clear unsubscribe link
You can opt out of marketing at any time by clicking unsubscribe, or by emailing hello@neramarketing.co.uk
Opting out of marketing does not affect transactional or service communications (such as invoices, project updates, or important notices about your account)

12. Cookies and Tracking

We use cookies and similar technologies on the Website, including Google Analytics, Google Ads conversion tracking, Meta Pixel, Cloudflare performance cookies, and other technologies operated by our service providers.

Full details of the cookies we use, their purpose, their duration, and how you can manage your preferences, are set out in our Cookie Policy available at https://neramarketing.co.uk/cookie-policy.

Non-essential cookies are only set where you have given consent via our cookie banner, in line with PECR requirements.

13. Security

We take the security of personal data seriously and apply reasonable and appropriate technical and organisational measures, including:

Access controls, authentication, and role-based permissions on our systems
Encryption in transit (TLS) and, where appropriate, at rest
Use of reputable hosting, CDN, and payment providers (including WP Engine, Cloudflare, and Stripe) who comply with recognised security standards such as PCI DSS and SOC 2
Regular backups and monitoring
Confidentiality obligations on our staff, contractors, and suppliers

No internet-based service is 100% secure. You are responsible for keeping your login credentials confidential and for the security of any device or connection you use to interact with us.

If we become aware of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the ICO and, where legally required, affected individuals, in accordance with UK GDPR.

14. Children

The Website and our services are intended for business users only. We do not knowingly collect personal data from children under 18. If you believe we hold data about a child, please contact us so we can delete it.

15. Third-Party Websites

The Website may contain links to third-party websites and services. We are not responsible for the privacy practices of those third parties, and this Policy does not apply to them. You should review their own privacy policies.

16. Changes to this Policy

We may update this Policy from time to time. The version currently in force is the one shown at the top of this Policy. Where we make a material change, we will notify you by email or by a prominent notice on the Website. Your continued use of the Website or our services following any update constitutes acceptance of the updated Policy.