Privacy & Cookie Policy

Last updated: 18 June 2025

1. Who We Are

In Demand Associates Ltd (“In Demand”, “we”, “our” or “us”) is a company registered in England & Wales (Company No. 07101940) whose registered office is 101 New Cavendish Street, 1st Floor South, London W1W 6XH, United Kingdom. Our principal place of business is Blackburn House, 22‑26 Eastern Road, Romford RM1 3PJ, United Kingdom. We provide outsourced business support services through our website indemandassociates.com (the “Site”).

For the purposes of the UK General Data Protection Regulation (“UK GDPR”) and the EU General Data Protection Regulation (“EU GDPR”), we are the Data Controller of the personal data described in this policy.

If you have any questions about this policy, or about how we process your personal data, please contact us:

• Email: privacy@indemandassociates.com
• Telephone: +44 (0)203 980 8055
• Postal address: Data Protection Lead, In Demand Associates Ltd, Blackburn House, 22‑26 Eastern Road, Romford RM1 3PJ, UK

2. Scope of this Policy

This policy explains how we collect, use, disclose and otherwise process your personal data when you:

• visit or interact with our Site;
• inquire about or purchase our services;
• receive marketing communications from us; or
• engage with our advertisements on third‑party platforms (e.g. Facebook and Google).

3. Personal Data We Collect

Category	Examples	Source
Identification & Contact Data	name, business name, email, phone, postal address, job title	provided by you via forms, phone, email or chat
Technical & Usage Data	IP address, browser type, device identifiers, pages viewed, referring URL, time spent, interactions, cookie ID, advertising identifiers	collected automatically via cookies, pixels & similar technologies
Marketing & Communications Data	newsletter preferences, marketing opt‑ins, survey responses	provided by you or collected via our CRM
Commercial Data	purchase history, contract details, invoicing information	generated during provision of services
Social Media Data	public profile information, ad interaction data, anonymised audience insights	received from Meta Platforms Ireland Ltd (“Facebook”) and Google Ireland Ltd where you consent to personalised ads

We do not intentionally collect special category (sensitive) personal data or children’s data.

4. Cookies & Similar Tracking Technologies

We use first‑party and third‑party cookies, pixels, tags and local storage to:

1. Make the Site work (Strictly Necessary).
2. Measure performance & analytics. e.g. Google Analytics 4 (_ga, _gid)
3. Personalise content & remember preferences.
4. Deliver and measure advertising. e.g. Meta Pixel (_fbp), Google Ads (_gcl_au).

We obtain your consent for any cookies that are not strictly necessary via our cookie banner. You can withdraw or adjust your consent at any time by selecting “Cookie Settings” in the banner or by changing your browser settings. For full details, see our Cookie Declaration (automatically updated by our Consent Management Platform).

5. Legal Bases for Processing

Under the UK/EU GDPR we rely on the following legal bases:

• Consent – for analytics & advertising cookies, email marketing, and where required for international transfers.
• Performance of a Contract – to provide quotations, fulfil orders, manage accounts, and deliver contracted services.
• Legitimate Interests – to secure the Site, prevent fraud, improve our services, and conduct limited B2B direct marketing (balancing test available on request).
• Legal Obligation – to keep tax records or respond to lawful requests.

Where we process personal data based solely on your consent you may withdraw it at any time without affecting the lawfulness of processing before withdrawal.

6. How We Use Personal Data

• Provide, operate and maintain the Site and our services.
• Respond to enquiries, schedule consultations and issue proposals.
• Manage customer accounts, invoices and payments.
• Send service‑related and transactional communications.
• Analyse Site traffic and improve user experience.
• Advertising & Remarketing – we use Google Ads (including Display & Search Remarketing) and Meta Ads to show you relevant ads based on your interactions with our Site. This involves:
  • embedding the Google Ads Tag and Meta Pixel which collect pseudonymised identifiers (e.g. hashed email, cookie ID, IP address) to create custom audiences;
  • measuring conversions and campaign performance; and
  • ensuring our use complies with Google Ads Policies, Meta Advertising Standards and applicable privacy laws.
• Prevent fraud, defend legal claims and enforce our Terms.

We do not use fully automated decision‑making that produces legal or similarly significant effects.

7. Disclosure of Personal Data

We share personal data only when necessary and in accordance with this policy:

Recipient	Purpose	Safeguards
Service Providers (hosting, CRM, email, analytics, payment, IT support)	Contract fulfilment, analytics, infrastructure	Data Processing Agreements
Meta Platforms Ireland Ltd	Ad delivery, measurement, audience creation	EU Standard Contractual Clauses (2021)
Google Ireland Ltd	Analytics, ad personalisation & remarketing	EU Standard Contractual Clauses (2021)
Professional advisers (lawyers, accountants)	Compliance, establishment or defence of claims	Confidentiality obligations
Authorities (ICO, HMRC, courts)	Compliance with law or court orders	As required by law

We will never sell your personal data.

8. International Transfers

Some recipients are based outside the UK/EEA. Where we transfer personal data internationally we rely on:

• UK/EU adequacy decisions (e.g. transfers to EEA‑based processors);
• the EU Commission & UK‑approved Standard Contractual Clauses;
• additional safeguards where necessary (encryption, pseudonymisation).

You may obtain a copy of the relevant transfer mechanism by contacting us.

9. Data Retention

We keep personal data only for as long as necessary for the purposes set out in this policy:

Data Type	Typical Retention Period
Enquiry data (no contract)	24 months after last contact
Customer contracts & invoices	7 years after contract end (tax law)
Marketing subscription records	until you unsubscribe + 24 months
Analytics & advertising identifiers	26 months (Google Analytics) / 180 days (Meta Pixel) or until cookies are deleted

We securely delete or anonymise data when retention periods expire.

10. Security

We implement appropriate technical and organisational measures, including:

• SSL/TLS encryption in transit;
• ISO27001‑compliant UK data centres;
• access controls & multi‑factor authentication;
• regular security monitoring & staff training;
• documented incident response procedures.

11. Your Rights

Subject to conditions set out in the UK/EU GDPR, you have the right to:

1. Access your personal data.
2. Rectify inaccurate or incomplete data.
3. Erase your data (“right to be forgotten”).
4. Restrict processing.
5. Object to processing based on legitimate interests or direct marketing.
6. Data Portability.
7. Withdraw Consent at any time.

To exercise any rights, email privacy@indemandassociates.com. We aim to respond within one month.

If you believe we have not handled your data properly, you have the right to complain to the Information Commissioner’s Office (ICO) at www.ico.org.uk, or to your local EU supervisory authority.

12. Children

Our Site and services are directed at business users. We do not knowingly collect personal data from children under 16. If you believe a child has provided us with personal data, please contact us and we will delete it.

13. Changes to This Policy

We may update this policy from time to time. Any material changes will be highlighted on this page and, where appropriate, notified to you by email. Please review this page periodically for updates. The “Last updated” date at the top indicates when this policy was last revised.

14. Contact Us

If you have any questions or concerns about this Privacy & Cookie Policy or our data practices, please contact our Data Protection Lead: