Source Agency Ltd ("we", "us", "our") is committed to protecting your personal data and respecting your privacy. This statement explains how we collect, use, store, and protect personal information in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

1. Who We Are
Source Agency Ltd is a UK-based creative and consulting agency offering marketing, design, digital
content, and strategic services to businesses, freelancers, and organisations.

2. What Information We Collect
We collect personal information that you provide directly, including:
- Full name, email address, and contact number
- Business details (e.g. company name, role, social handles)
- Billing address and payment information
- Project briefs, content submissions, or assets
- IP address, usage data (if using our website or digital forms)
We do not knowingly collect or process any special category data (e.g. health, race, religious beliefs) unless required and explicitly agreed upon.

3. How We Use Your Information
We process personal data to:
- Deliver agreed services (design, consulting, marketing, etc.)
- Manage client and contractor relationships
- Send quotes, invoices, and service agreements
- Respond to enquiries or support requests
- Improve our services and communications
- Meet legal or contractual obligations
We never sell your data or share it with unrelated third parties.

4. Lawful Basis for Processing
We rely on one or more of the following legal bases:
- Consent – when you opt in to marketing or communications
- Contract – to fulfil a service or agreement with you
- Legal Obligation – for tax, accounting, or compliance
- Legitimate Interests – to operate and grow our business

5. Who We Share Data With
We may share data with trusted third-party providers who assist in service delivery, such as:
- Payment processors (e.g. Stripe, PayPal)
- Project management platforms (e.g. Canva, Notion, Trello)
- Cloud storage providers (e.g. Google Drive)
- Legal or accounting partners (when required)
- All third parties are GDPR-compliant and under strict confidentiality terms.

6. Data Retention
- We retain personal data only for as long as necessary:
- Client data: up to 6 years post-project for legal/accounting purposes
- Freelancers/contractors: during the term of engagement and up to 2 years after
- Marketing contacts: until you withdraw consent or unsubscribe

7. Your Rights
You have rights under UK GDPR, including:
- The right to access the data we hold about you
- The right to correct inaccuracies
- The right to request deletion ("right to be forgotten")
- The right to restrict or object to processing
- The right to data portability

8. Cookies & Analytics (if applicable)
Our website may use cookies and analytics tools (like Google Analytics) to track traffic and
improve usability. You can manage or reject cookies in your browser settings.

9. How We Protect Your Data
We use secure systems, password-protected files, two-factor authentication, and encrypted platforms
to protect your data from loss, misuse, or unauthorised access.

10. Complaints
If you’re unhappy with how we handle your data, please contact us first. You also have the right to
lodge a complaint with the Information Commissioner's Office (ICO):
https://ico.org.uk

Changes to This Privacy Statement
We may update this Privacy Statement occasionally. We recommend reviewing it regularly to stay
informed.