Legal

Privacy Policy

How we collect, use, and protect your personal data. Last updated: March 2026.

Introduction

Imagefast Ltd ("we", "our", "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website at www.imagefast.co.uk and use our services.

We are registered in England and Wales (Company No. 3352845) and our registered office is at Warnford Court, 29 Throgmorton Street, London, EC2N 2AT. Our ICO registration number is Z6708402.

For the purposes of UK data protection law, Imagefast Ltd is the data controller — meaning we determine how and why your personal data is processed.

1. What Information We Collect

Personal Data You Provide

When you contact us, request a consultation, or subscribe to our newsletter, we may collect your name, email address, phone number, company name, job title, and details about your business needs. If you engage us for services, we may also collect billing details, which are processed securely by third-party payment providers.

Automatically Collected Data

When you visit our website, our hosting provider (Cloudflare) may automatically collect technical information such as your browser type, operating system, device type, general location (country or city level), and basic usage data such as pages visited and referral sources. This data is collected through server logs and essential cookies required for the website to function securely.

Children's Data

Our services are directed at businesses and professionals. We do not knowingly collect personal data from children under the age of 13. If you believe a child has provided us with personal data, please contact us and we will take steps to delete it promptly.

2. How We Use Your Information and Our Lawful Basis

Under UK GDPR, we must have a lawful basis for each way we use your personal data. The table below sets out our purposes and the corresponding legal basis:

Purpose Lawful Basis
Responding to your enquiries and requests Legitimate interests — it is in our mutual interest to respond when you contact us
Providing and delivering contracted services Contractual necessity — processing is needed to fulfil our agreement with you
Processing billing and payments Contractual necessity — required to complete transactions
Sending service-related communications (e.g. project updates, support notifications) Legitimate interests — keeping you informed about services you use
Sending marketing communications about our services and insights Consent — we only send marketing where you have opted in. For existing clients, we may rely on soft opt-in under PECR for similar services
Improving our website and services Legitimate interests — understanding how our site is used helps us improve it
Complying with legal and regulatory obligations Legal obligation — where the law requires us to process or retain data

Where we rely on legitimate interests, we have carried out a balancing assessment to ensure your rights are not overridden. You may request details of this assessment by contacting us.

3. Marketing Communications

We will only send you marketing emails if you have given your explicit consent (for example, by subscribing via our website newsletter form) or if you are an existing client and the marketing relates to similar services to those we have previously provided to you (soft opt-in under PECR).

You can withdraw your consent or opt out of marketing at any time by clicking the unsubscribe link in any marketing email, emailing us at info@imagefast.co.uk, or contacting us by phone. Opting out of marketing will not affect any service-related communications we need to send you.

4. Cookies

Cookies are small text files stored on your device when you visit a website. Our website uses only essential cookies that are strictly necessary for the site to function. These are set by our hosting provider, Cloudflare, and are used for security purposes such as bot detection and DDoS protection.

We do not use analytical cookies, marketing cookies, or any third-party tracking technologies. We do not use Google Analytics or any similar analytics platform. No advertising networks or social media tracking pixels are present on our site.

Because we only use strictly necessary cookies, no cookie consent banner is required under the Privacy and Electronic Communications Regulations (PECR). You can still control cookies through your browser settings, though blocking essential cookies may affect your ability to use the website.

If we introduce any non-essential cookies in the future, we will update this policy and implement an appropriate consent mechanism before doing so.

5. Third-Party Data Sharing

We may share your information with third parties in the following limited circumstances:

  • Hosting Provider: Cloudflare provides hosting and security services for our website
  • Form Processing: Formspree processes form submissions on our behalf
  • Service Delivery: Technology partners we work with to deliver contracted services (only with your knowledge as part of an engagement)
  • Legal Requirements: When required by law, regulation, or legal process
  • Business Transfers: In the event of a merger, acquisition, or sale of assets

We do not sell your personal data. All third-party service providers are contractually obligated to use your information only as necessary to provide their services and to maintain confidentiality.

6. International Data Transfers

Some of our third-party service providers — including Cloudflare (US) and Formspree (US) — are based outside the United Kingdom. When your personal data is transferred outside the UK, we ensure appropriate safeguards are in place in accordance with UK GDPR, including:

  • Transfers to countries that have received a UK adequacy decision from the Secretary of State
  • Standard Contractual Clauses (SCCs) approved by the ICO, also known as International Data Transfer Agreements (IDTAs)
  • Where applicable, the provider's participation in recognised data protection frameworks

You may request further details about the safeguards we have in place by contacting us.

7. Your Rights Under UK GDPR

Under the UK General Data Protection Regulation, you have the right to:

  • Access — request a copy of the personal data we hold about you
  • Rectification — request correction of inaccurate or incomplete data
  • Erasure — request deletion of your personal data (where there is no compelling reason to continue processing)
  • Restrict Processing — request that we limit how we use your data
  • Data Portability — request your data in a portable, machine-readable format
  • Object — object to processing based on legitimate interests or for direct marketing purposes
  • Withdraw Consent — where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of prior processing
  • Complaint — lodge a complaint with the Information Commissioner's Office (ICO)

To exercise any of these rights, please contact us at info@imagefast.co.uk or call 0207 947 4041. We aim to respond to all requests within one month. In exceptional circumstances, where a request is particularly complex, we may extend this by a further two months and will notify you if this is the case.

8. Automated Decision-Making

We do not use any automated decision-making or profiling that produces legal effects or similarly significant effects on you.

9. Data Security

We take the security of your data seriously. Our website is served over HTTPS with SSL/TLS encryption for all data in transit. We implement access controls, Content Security Policy headers, and security best practices across our infrastructure. While we take every reasonable measure to protect your information, no system is completely impenetrable and we cannot guarantee absolute security.

10. Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes outlined in this policy. Our specific retention periods are:

  • Contact and enquiry data: Up to 3 years after your last interaction with us
  • Client contractual and billing records: 6 years after the end of the contract (in line with HMRC requirements and the Limitation Act 1980)
  • Newsletter subscriptions: Until you unsubscribe, subject to periodic review
  • Website server logs: Retained by Cloudflare in accordance with their retention policy

At the end of the applicable retention period, we will securely delete or anonymise your data unless a longer period is required by law.

11. Data Protection Contact

We have appointed a data protection lead who is responsible for overseeing our compliance with data protection law. If you have questions about this Privacy Policy, wish to exercise your data rights, or need to report a concern, please contact:

Data Protection Lead
Imagefast Ltd
Warnford Court, 29 Throgmorton Street
London, EC2N 2AT
United Kingdom

Email: info@imagefast.co.uk
Phone: 0207 947 4041

12. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable laws. Any significant changes will be communicated via a prominent notice on our website. Where changes materially affect how we process your personal data, we will take reasonable steps to notify you in advance and, where required by law, seek your consent before applying those changes to your data.