Privacy Policy

Last Updated: June 3, 2025

North Bureau, a Creative Digital Agency based in London, United Kingdom, and Dhaka, Bangladesh, is committed to protecting the privacy and personal data of our clients, website visitors, and users of our services. This Privacy Policy outlines how we collect, use, store, share, and protect your personal information in compliance with applicable data protection laws, including the UK General Data Protection Regulation (UK GDPR), the EU General Data Protection Regulation (EU GDPR), and other relevant regulations. By accessing our website (northbureau.com) or engaging with our services, you agree to the practices described in this policy.

1. Who We Are

North Bureau is a Creative Digital Agency specializing in Web Design, Branding, and Digital Marketing Strategy. For the purposes of data protection laws, North Bureau is the “data controller” responsible for determining how your personal data is processed. If you have any questions about this Privacy Policy or how we handle your personal data, please contact us at:

  • Email: hello@northbureau.com

2. Information We Collect

We may collect and process the following types of personal data, depending on how you interact with us:

a. Information You Provide Directly

  • Contact Information: Name, email address, phone number, company name, and postal address when you fill out contact forms, request a quote, or engage with our services.
  • Account Information: Username, password, and other details if you create an account on our website or client portal.
  • Payment Information: Billing details, such as credit card information or bank account details, when you purchase our services (processed through secure third-party payment providers).
  • Communication Data: Information you provide when you contact us via email, phone, or other communication channels, including feedback, inquiries, or support requests.
  • Marketing Preferences: Your preferences for receiving marketing communications or newsletters.

b. Information Collected Automatically

  • Website Usage Data: IP address, browser type, device type, operating system, pages visited, time spent on our website, and referral URLs, collected through cookies and similar technologies.
  • Analytics Data: Aggregated data about user behavior on our website, such as click patterns and navigation paths, collected through tools like Google Analytics.
  • Social Media Data: Information from your interactions with our social media accounts (e.g., likes, comments, or shares).

c. Information from Third Parties

  • Business Partners: We may receive personal data from our partners or clients when collaborating on projects or campaigns.
  • Third-Party Services: Data from third-party platforms, such as social media or advertising networks, when you engage with our marketing campaigns or link your accounts.

We do not collect sensitive personal data (e.g., racial or ethnic origins, political opinions, health, or biometric data) unless explicitly required and with your consent.

3. How We Use Your Information

We use your personal data for the following purposes, ensuring compliance with applicable legal bases under data protection laws:

a. To Provide Our Services

  • To process inquiries, provide quotes, and deliver web design, branding, or digital marketing services.
  • To manage client accounts and facilitate communication.
  • To process payments and issue invoices through secure third-party payment processors.

Legal Basis: Performance of a contract or taking steps at your request before entering a contract.

b. To Improve Our Website and Services

  • To analyze website usage and user behavior to enhance user experience and optimize our services.
  • To monitor the performance of our marketing campaigns and improve their effectiveness.

Legal Basis: Legitimate interests (to improve our business operations and services).

c. To Communicate with You

  • To respond to inquiries, provide customer support, or send updates about our services.
  • To send marketing communications, newsletters, or promotional offers, where you have given consent or where permitted by law.

Legal Basis: Consent (for marketing communications) or legitimate interests (for non-marketing communications).

d. To Comply with Legal Obligations

  • To maintain records for tax, accounting, or regulatory purposes.
  • To respond to lawful requests from authorities or comply with legal processes.

Legal Basis: Compliance with legal obligations.

e. To Protect Our Business and Users

  • To detect and prevent fraud, security threats, or unauthorized access to our systems.
  • To enforce our terms and conditions or protect our legal rights.

Legal Basis: Legitimate interests (to ensure the security and integrity of our operations).

4. How We Share Your Information

We do not sell, trade, or rent your personal data to third parties. However, we may share your data in the following circumstances:

a. With Service Providers

We engage trusted third-party service providers to perform functions such as:

  • Hosting and maintaining our website (e.g., web hosting providers).
  • Processing payments (e.g., Stripe, PayPal).
  • Analyzing website usage (e.g., Google Analytics).
  • Managing email marketing or CRM systems (e.g., Mailchimp, HubSpot).

These providers are contractually obligated to protect your data and only process it in accordance with our instructions.

b. With Business Partners

We may share data with partners when collaborating on projects or campaigns, but only with your consent or as necessary to fulfill our services.

c. For Legal Reasons

We may disclose your data if required by law, such as in response to a court order, subpoena, or regulatory request, or to protect our rights, property, or safety.

d. In Business Transfers

If North Bureau is involved in a merger, acquisition, or sale of assets, your personal data may be transferred to the relevant third party, subject to appropriate safeguards.

5. International Data Transfers

As a company with operations in London and Dhaka, we may transfer your personal data between the UK, Bangladesh, and other jurisdictions. Where data is transferred outside the UK or EEA, we ensure compliance with data protection laws by:

  • Transferring data to countries deemed to have adequate data protection by the UK or EU authorities.
  • Using Standard Contractual Clauses (SCCs) or other approved mechanisms to safeguard your data.
  • Implementing appropriate technical and organizational measures to protect your data.

6. Cookies and Tracking Technologies

Our website uses cookies and similar technologies to enhance your experience, analyze usage, and deliver personalized content. Cookies are small text files stored on your device. We use the following types of cookies:

  • Essential Cookies: Necessary for the website to function, such as maintaining user sessions.
  • Performance Cookies: Collect anonymized data about how you use our website (e.g., Google Analytics).
  • Marketing Cookies: Used to deliver personalized ads or track the effectiveness of marketing campaigns.

You can manage your cookie preferences through your browser settings or our website’s cookie consent tool. For more details, please see our Cookie Policy.

7. Data Security

We take reasonable steps to protect your personal data from unauthorized access, loss, misuse, or alteration. These measures include:

  • Encryption of sensitive data (e.g., payment information) during transmission.
  • Secure storage of data on servers with restricted access.
  • Regular security audits and updates to our systems.

However, no method of transmission or storage is 100% secure, and we cannot guarantee absolute security.

8. Your Data Protection Rights

Depending on your location and applicable laws (e.g., UK GDPR, EU GDPR), you may have the following rights regarding your personal data:

  • Right to Access: Request a copy of the personal data we hold about you.
  • Right to Rectification: Request correction of inaccurate or incomplete data.
  • Right to Erasure: Request deletion of your data, subject to legal exceptions.
  • Right to Restrict Processing: Request that we limit the processing of your data.
  • Right to Data Portability: Request a copy of your data in a structured, machine-readable format.
  • Right to Object: Object to processing based on legitimate interests, including direct marketing.
  • Right to Withdraw Consent: Withdraw consent at any time where we rely on it for processing.

To exercise these rights, please contact us at hello@northbureau.com. We will respond within one month, as required by law, unless the request is complex or voluminous. We may need to verify your identity before fulfilling your request.

9. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes outlined in this policy, including:

  • For the duration of our business relationship with you.
  • As required by legal, tax, or accounting obligations (e.g., up to 7 years for financial records).
  • Until you unsubscribe from marketing communications.

When data is no longer needed, we securely delete or anonymize it.

10. Third-Party Links

Our website may contain links to third-party websites or services. We are not responsible for the privacy practices or content of these third parties. We encourage you to review their privacy policies before providing personal information.

11. Children’s Privacy

Our services are not directed at individuals under 16 years of age. We do not knowingly collect personal data from children. If we become aware that a child has provided us with personal data, we will take steps to delete it.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. The updated policy will be posted on our website with the “Last Updated” date. We encourage you to review this policy periodically.

13. Complaints

If you have concerns about how we handle your personal data, please contact us at hello@northbureau.com. You also have the right to lodge a complaint with a supervisory authority, such as:

  • UK: Information Commissioner’s Office (ICO) at www.ico.org.uk.
  • EU: Your local data protection authority (e.g., CNIL in France, Garante in Italy).

14. Contact Us

For any questions, requests, or concerns about this Privacy Policy or our data practices, please contact:

North Bureau
Email: hello@northbureau.com

We are committed to addressing your concerns promptly and transparently.

Start your project