Privacy Policy.
Effective date: 20/05/2026
This Privacy Policy applies between you, the User of this Website, and Yoke Creative Agency Ltd, the owner and provider of this Website. Yoke Creative Agency Ltd takes the privacy of your information very seriously. This Privacy Policy applies to our use of any and all Data collected by us or provided by you in relation to your use of the Website.
This Privacy Policy should be read alongside, and in addition to, our Terms and Conditions, which can be found at: https://www.yokecreativeagency.com/boring-but-important.
Please read this Privacy Policy carefully.
Definitions and Interpretation
1. In this Privacy Policy, the following definitions are used:
Data
collectively all information that you submit to Yoke Creative Agency Ltd via the Website. This definition incorporates, where applicable, the definitions provided in the Data Protection Laws;
Cookies
a small text file placed on your computer by this Website when you visit certain parts of the Website and/or when you use certain features of the Website. Details of the cookies used by this Website are set out in the clause below (Cookies);
Data Protection Laws
any applicable law relating to the processing of personal Data, including but not limited to the GDPR, and any national implementing and supplementary laws, regulations and secondary legislation;
GDPR
the UK General Data Protection Regulation;
Yoke Creative Agency Ltd,
we or us
Yoke Creative Agency Ltd, a company incorporated in England and Wales with registered number 11832382 whose registered office is at Plas Eirias Business Centre , Abergele Road, Colwyn Bay , Conwy, LL29 8BF;
UK and EU Cookie Law
the Privacy and Electronic Communications (EC Directive) Regulations 2003 as amended by the Privacy and Electronic Communications (EC Directive) (Amendment) Regulations 2011 & the Privacy and Electronic Communications (EC Directive) (Amendment) Regulations 2018;
User or you
any third party that accesses the Website and is not either (i) employed by Yoke Creative Agency Ltd and acting in the course of their employment or (ii) engaged as a consultant or otherwise providing services to Yoke Creative Agency Ltd and accessing the Website in connection with the provision of such services; and
Website
the website that you are currently using, https://www.yokecreativeagency.com/, and any sub-domains of this site unless expressly excluded by their own terms and conditions.
2. In this Privacy Policy, unless the context requires a different interpretation:
a. the singular includes the plural and vice versa;
b. references to sub-clauses, clauses, schedules or appendices are to sub-clauses, clauses, schedules or appendices of this Privacy Policy;
c. a reference to a person includes firms, companies, government entities, trusts and partnerships;
d. "including" is understood to mean "including without limitation";
e. reference to any statutory provision includes any modification or amendment of it;
f. the headings and sub-headings do not form part of this Privacy Policy.
Scope of this Privacy Policy
3. This Privacy Policy applies only to the actions of Yoke Creative Agency Ltd and Users with respect to this Website. It does not extend to any websites that can be accessed from this Website including, but not limited to, any links we may provide to social media websites.
4. For purposes of the applicable Data Protection Laws, Yoke Creative Agency Ltd is the "data controller". This means that Yoke Creative Agency Ltd determines the purposes for which, and the manner in which, your Data is processed.
Data Collected
5. We may collect the following Data, which includes personal Data, from you:
a. name;
b. contact Information such as email addresses and telephone numbers;
c. IP address (automatically collected);
d. web browser type and version (automatically collected);
e. operating system (automatically collected);
f. a list of URLs starting with a referring site, your activity on this Website, and the site you exit to (automatically collected);
g. business name, website or social media links, enquiry details, project requirements, budget range and any information submitted through contact forms;
in each case, in accordance with this Privacy Policy.
How We Collect Data
6. We collect Data in the following ways:
a. data is given to us by you;
b. data is received from other sources; and
c. data is collected automatically.
Data That is Given to Us by You
7. Yoke Creative Agency Ltd will collect your Data in a number of ways, for example:
a. when you contact us through the Website, by telephone, post, e-mail or through any other means;
b. when you elect to receive marketing communications from us;
c. when you use our services;
in each case, in accordance with this Privacy Policy.
Data That is Received From Publicly Available Third Parties Sources
8. We will receive Data about you from the following publicly available third party sources:
a. LinkedIn;
b. public company websites;
c. Companies House;
d. public social media profiles;
e. Sell2Wales or other public procurement portals.
Data That is Collected Automatically
9. To the extent that you access the Website, we will collect your Data automatically, for example:
a. we automatically collect some information about your visit to the Website. This information helps us to make improvements to Website content and navigation, and includes your IP address, the date, times and frequency with which you access the Website and the way you use and interact with its content.
b. we will collect your Data automatically via cookies, in line with the cookie settings on your browser. For more information about cookies, and how we use them on the Website, see the section below, headed "Cookies".
Our Use of Data
10. Any or all of the above Data may be required by us from time to time in order to provide you with the best possible service and experience when using our Website. Specifically, Data may be used by us for the following reasons:
a. internal record keeping;
b. improvement of our products / services;
c. transmission by email of marketing materials that may be of interest to you;
d. responding to enquiries, preparing quotes and proposals, managing projects, delivering services, communicating with clients and meeting legal, accounting and administrative requirements;
in each case, in accordance with this Privacy Policy.
11. We may use your Data for the above purposes if we deem it necessary to do so for our legitimate interests. If you are not satisfied with this, you have the right to object in certain circumstances (see the section headed "Your rights" below).
12. For the delivery of direct marketing to you via e-mail, we'll need your consent, whether via an opt-in or soft-opt-in:
a. soft opt-in consent is a specific type of consent which applies when you have previously engaged with us (for example, you contact us to ask us for more details about a particular product/service, and we are marketing similar products/services). Under "soft opt-in" consent, we will take your consent as given unless you opt-out.
b. for other types of e-marketing, we are required to obtain your explicit consent; that is, you need to take positive and affirmative action when consenting by, for example, checking a tick box that we'll provide.
c. if you are not satisfied with our approach to marketing, you have the right to withdraw consent at any time. To find out how to withdraw your consent, see the section headed "Your rights" below.
Who We Share Data With
13. We may share your Data with the following groups of people for the following reasons:
a. our employees, agents and/or professional advisors - to deliver our services, manage enquiries and projects, obtain professional advice, maintain business records, support accounting and legal compliance, and protect our business interests;
b. third party service providers who provide services to us which require the processing of personal data - to support website hosting, analytics, email delivery, cloud storage, project management, accounting, marketing communications and other services needed to run our business and deliver our services;
c. relevant authorities - to comply with legal obligations, respond to lawful requests, support tax and regulatory requirements, and assist with the prevention or detection of crime;
in each case, in accordance with this Privacy Policy.
Keeping Data Secure
14. We will use technical and organisational measures to safeguard your Data, for example:
a. access to your account is controlled by a password and a user name that is unique to you.
b. we store your Data on secure servers.
15. Technical and organisational measures include measures to deal with any suspected data breach. If you suspect any misuse or loss or unauthorised access to your Data, please let us know immediately by contacting us via this e-mail address: hello@yokecreativeagency.com.
16. If you want detailed information from Get Safe Online on how to protect your information and your computers and devices against fraud, identity theft, viruses and many other online problems, please visit www.getsafeonline.org. Get Safe Online is supported by HM Government and leading businesses.
Data Retention
17. Unless a longer retention period is required or permitted by law, we will only hold your Data on our systems for the period necessary to fulfil the purposes outlined in this Privacy Policy or until you request that the Data be deleted.
18. Even if we delete your Data, it may persist on backup or archival media for legal, tax or regulatory purposes.
Your Rights
19. You have the following rights in relation to your Data:
a. Right to access - the right to request (i) copies of the information we hold about you at any time, or (ii) that we modify, update or delete such information. If we provide you with access to the information we hold about you, we will not charge you for this, unless your request is "manifestly unfounded or excessive." Where we are legally permitted to do so, we may refuse your request. If we refuse your request, we will tell you the reasons why.
b. Right to correct - the right to have your Data rectified if it is inaccurate or incomplete.
c. Right to erase - the right to request that we delete or remove your Data from our systems.
d. Right to restrict our use of your Data - the right to "block" us from using your Data or limit the way in which we can use it.
e. Right to data portability - the right to request that we move, copy or transfer your Data.
f. Right to object - the right to object to our use of your Data including where we use it for our legitimate interests.
20. To make enquiries, exercise any of your rights set out above, or withdraw your consent to the processing of your Data (where consent is our legal basis for processing your Data), please contact us via this e-mail address: hello@yokecreativeagency.com.
21. If you are not satisfied with the way a complaint you make in relation to your Data is handled by us, you may be able to refer your complaint to the relevant data protection authority. For the UK, this is the Information Commissioner's Office (ICO). The ICO's contact details can be found on their website at https://ico.org.uk/.
22. It is important that the Data we hold about you is accurate and current. Please keep us informed if your Data changes during the period for which we hold it.
Transfers Outside the United Kingdom and European Economic Area
23. Data which we collect from you may be stored and processed in and transferred to countries outside of the UK and European Economic Area (EEA). For example, this could occur if our servers are located in a country outside the UK or EEA or one of our service providers is situated in a country outside the UK or EEA.
24. We will only transfer Data outside the UK or EEA where it is compliant with data protection legislation and the means of transfer provides adequate safeguards in relation to your data, e.g. by way of data transfer agreement, incorporating the current standard contractual clauses adopted by the European Commission.
25. To ensure that your Data receives an adequate level of protection, we have put in place appropriate safeguards and procedures with the third parties we share your Data with. This ensures your Data is treated by those third parties in a way that is consistent with the Data Protection Laws.
Links to Other Websites
26. This Website may, from time to time, provide links to other websites. We have no control over such websites and are not responsible for the content of these websites. This Privacy Policy does not extend to your use of such websites. You are advised to read the Privacy Policy or statement of other websites prior to using them.
Changes of Business Ownership and Control
27. Yoke Creative Agency Ltd may, from time to time, expand or reduce our business and this may involve the sale and/or the transfer of control of all or part of Yoke Creative Agency Ltd. Data provided by Users will, where it is relevant to any part of our business so transferred, be transferred along with that part and the new owner or newly controlling party will, under the terms of this Privacy Policy, be permitted to use the Data for the purposes for which it was originally supplied to us.
28. We may also disclose Data to a prospective purchaser of our business or any part of it.
29. In the above instances, we will take steps with the aim of ensuring your privacy is protected.
Cookies
30. This Website may place and access certain Cookies on your computer. Yoke Creative Agency Ltd uses Cookies to improve your experience of using the Website and to improve our range of services. Yoke Creative Agency Ltd has carefully chosen these Cookies and has taken steps to ensure that your privacy is protected and respected at all times.
31. All Cookies used by this Website are used in accordance with current UK and EU Cookie Law.
32. Before the Website places Cookies on your computer, you will be presented with a message bar requesting your consent to set those Cookies. By giving your consent to the placing of Cookies, you are enabling Yoke Creative Agency Ltd to provide a better experience and service to you. You may, if you wish, deny consent to the placing of Cookies; however certain features of the Website may not function fully or as intended.
33. This Website may place the following Cookies:
Type of Cookie
Purpose
Strictly necessary cookies
These are cookies that are required for the operation of our website. They include, for example, cookies that enable you to log into secure areas of our website, use a shopping cart or make use of e-billing services.
Analytical/performance cookies
They allow us to recognise and count the number of visitors and to see how visitors move around our website when they are using it. This helps us to improve the way our website works, for example, by ensuring that users are finding what they are looking for easily.
Functionality cookies
These are used to recognise you when you return to our website. This enables us to personalise our content for you, greet you by name and remember your preferences (for example, your choice of language or region). By using the Website, you agree to our placement of functionality cookie.
34. You can find a list of Cookies that we use in the Cookies Schedule.
35. You can choose to enable or disable Cookies in your internet browser. By default, most internet browsers accept Cookies but this can be changed. For further details, please see the help menu in your internet browser. You can switch off Cookies at any time, however, you may lose any information that enables you to access the Website more quickly and efficiently.
36. You can choose to delete Cookies at any time; however, you may lose any information that enables you to access the Website more quickly and efficiently including, but not limited to, personalisation settings.
37. It is recommended that you ensure that your internet browser is up-to-date and that you consult the help and guidance provided by the developer of your internet browser if you are unsure about adjusting your privacy settings.
38. For more information generally on cookies, including how to disable them, please refer to aboutcookies.org. You will also find details on how to delete cookies from your computer.
General
39. You may not transfer any of your rights under this Privacy Policy to any other person. We may transfer our rights under this Privacy Policy where we reasonably believe your rights will not be affected.
40. If any court or competent authority finds that any provision of this Privacy Policy (or part of any provision) is invalid, illegal or unenforceable, that provision or part-provision will, to the extent required, be deemed to be deleted, and the validity and enforceability of the other provisions of this Privacy Policy will not be affected.
41. Unless otherwise agreed, no delay, act or omission by a party in exercising any right or remedy will be deemed a waiver of that, or any other, right or remedy.
42. This Agreement will be governed by and interpreted according to the law of England and Wales. All disputes arising under the Agreement will be subject to the exclusive jurisdiction of the English and Welsh courts.
Changes to This Privacy Policy
43. Yoke Creative Agency Ltd reserves the right to change this Privacy Policy as we may deem necessary from time to time or as may be required by law. Any changes will be immediately posted on the Website and you are deemed to have accepted the terms of the Privacy Policy on your first use of the Website following the alterations.
You may contact Yoke Creative Agency Ltd by email at hello@yokecreativeagency.com.
Attribution
44. This Privacy Policy was created using a document from Rocket Lawyer (https://www.rocketlawyer.com/gb/en).
This Privacy Policy was created on 20 May 2026.
Cookies
Below is a list of the cookies that we use. We have tried to ensure this is complete and up to date, but if you think that we have missed a cookie or there is any discrepancy, please let us know.
Strictly necessary
We use the following strictly necessary cookies:
Description
Purpose
strictly necessary website cookies
to enable core website functions, including site navigation, security, page loading, form submission and remembering cookie preferences
security cookies
to help protect the website, prevent misuse and keep the website secure
cookie preference cookies
to remember a visitor’s cookie choices and apply those preferences during future visits
form and session cookies
to support contact forms, page loading and basic website functions during a visitor’s session
Functionality
We use the following functionality cookies:
Description
Purpose
website functionality cookies
to remember visitor choices, improve website usability and support features that help the website work as expected
form functionality cookies
to support contact forms and help the website process information submitted by visitors
display preference cookies
to remember visitor preferences, such as cookie choices or display settings, during future visits
Analytical/Performance
We use the following analytical/performance cookies:
Description
Purpose
analytics and performance cookies
to help us understand how visitors use the website, including which pages are visited, how visitors move around the site and how the website performs
website traffic cookies
to collect general information about website visits, visitor numbers and traffic sources so we can improve the website and its content
performance monitoring cookies
to help identify website performance issues and improve the user experience
Terms & Conditions
Effective date: 20/05/2026
Application and Entire Agreement
1. These Terms and Conditions apply to the provision of the services detailed in our quotation (Services) by Yoke Creative Agency a company registered in England and Wales under number 11832382 whose registered office is at Yoke Creative Agency Ltd, Plas Eirias Business Park, Conwy, LL29 8BF (we or us or Service Provider) to the person buying the services (you or Customer).
2. You are deemed to have accepted these Terms and Conditions when you accept our quotation or from the date of any performance of the Services (whichever happens earlier) and these Terms and Conditions and our quotation (the Contract) are the entire agreement between us.
3. You acknowledge that you have not relied on any statement, promise or representation made or given by or on our behalf. These Conditions apply to the Contract to the exclusion of any other terms that you try to impose or incorporate, or which are implied by trade, custom, practice or course of dealing.
Interpretation
4. A "business day" means any day other than a Saturday, Sunday or bank holiday in England and Wales.
5. The headings in these Terms and Conditions are for convenience only and do not affect their interpretation.
6. Words imparting the singular number shall include the plural and vice-versa.
Services
7. We warrant that we will use reasonable care and skill in our performance of the Services which will comply with the quotation, including any specification in all material respects. We can make any changes to the Services which are necessary to comply with any applicable law or safety requirement, and we will notify you if this is necessary.
8. We will use our reasonable endeavours to complete the performance of the Services within the time agreed or as set out in the quotation; however, time shall not be of the essence in the performance of our obligations.
9. All of these Terms and Conditions apply to the supply of any goods as well as Services unless we specify otherwise.
Your Obligations
10. You must obtain any permissions, consents, licences or otherwise that we need and must give us with access to any and all relevant information, materials, properties and any other matters which we need to provide the Services.
11. If you do not comply with clause 10, we can terminate the Services.
12. We are not liable for any delay or failure to provide the Services if this is caused by your failure to comply with the provisions of this section (Your obligations).
Fees and Deposit
13. The fees (Fees) for the Services are set out in the quotation and are on a time and materials basis.
14. In addition to the Fees, we can recover from you a) reasonable incidental expenses including, but not limited to, travelling expenses, hotel costs, subsistence and any associated expenses, b) the cost of services provided by third parties and required by us for the performance of the Services, and c) the cost of any materials required for the provision of the Services.
15. You must pay us for any additional services provided by us that are not specified in the quotation in accordance with our then current, applicable hourly rate in effect at the time of performance or such other rate as may be agreed between us. The provisions of clause 14 also apply to these additional services.
16. The Fees are exclusive of any applicable VAT and other taxes or levies which are imposed or charged by any competent authority.
17. You must pay a deposit (Deposit) as detailed in the quotation at the time of accepting the quotation.
18. If you do not pay the Deposit to us according to the clause above, we can either withhold provision of the Services until the Deposit is received or can terminate under the clause below (Termination).
19. The Deposit is non-refundable unless we fail to provide the Services and are at fault for such failure (where the failure is not our fault, no refund will be made).
Cancellation and Amendment
20. We can withdraw, cancel or amend a quotation if it has not been accepted by you, or if the Services have not started, within a period of 30 days from the date of the quotation, (unless the quotation has been withdrawn).
21. Either we or you can cancel an order for any reason prior to your acceptance (or rejection) of the quotation.
22. If you want to amend any details of the Services you must tell us in writing as soon as possible. We will use reasonable endeavours to make any required changes and additional costs will be included in the Fees and invoiced to you.
23. If, due to circumstances beyond our control, including those set out in the clause below (Circumstances beyond a party's control), we have to make any change in the Services or how they are provided, we will notify you immediately. We will use reasonable endeavours to keep any such changes to a minimum.
Payment
24. We will invoice you for payment of the Fees either:
a. when we have completed the Services; or
b. on the invoice dates set out in the quotation.
25. You must pay the Fees due within 14 days of the date of our invoice or otherwise in accordance with any credit terms agreed between us.
26. Time for payment shall be of the essence of the Contract.
27. Without limiting any other right or remedy we have for statutory interest, if you do not pay within the period set out above, we will charge you interest at the rate of 8.00% per annum above the base lending rate of the Bank of England from time to time on the amount outstanding until payment is received in full.
28. All payments due under these Terms and Conditions must be made in full without any deduction or withholding except as required by law and neither of us can assert any credit, set-off or counterclaim against the other in order to justify withholding payment of any such amount in whole or in part.
29. If you do not pay within the period set out above, we can suspend any further provision of the Services and cancel any future services which have been ordered by, or otherwise arranged with, you.
30. Receipts for payment will be issued by us only at your request.
31. All payments must be made in British Pounds unless otherwise agreed in writing between us.
Sub-contracting and Assignment
32. We can at any time assign, transfer, charge, subcontract or deal in any other manner with all or any of our rights under these Terms and Conditions and can subcontract or delegate in any manner any or all of our obligations to any third party.
33. You must not, without our prior written consent, assign, transfer, charge, subcontract or deal in any other manner with all or any of your rights or obligations under these Terms and Conditions.
Termination
34. We can terminate the provision of the Services immediately if you:
a. commit a material breach of your obligations under these Terms and Conditions; or
b. fail to make pay any amount due under the Contract on the due date for payment; or
c. are or become or, in our reasonable opinion, are about to become, the subject of a bankruptcy order or take advantage of any other statutory provision for the relief of insolvent debtor; or
d. enter into a voluntary arrangement under Part 1 of the Insolvency Act 1986, or any other scheme or arrangement is made with its creditors; or
e. convene any meeting of your creditors, enter into voluntary or compulsory liquidation, have a receiver, manager, administrator or administrative receiver appointed in respect of your assets or undertakings or any part of them, any documents are filed with the court for the appointment of an administrator in respect of you, notice of intention to appoint an administrator is given by you or any of your directors or by a qualifying floating charge holder (as defined in para. 14 of Schedule B1 of the Insolvency Act 1986), a resolution is passed or petition presented to any court for your winding up or for the granting of an administration order in respect of you, or any proceedings are commenced relating to your insolvency or possible insolvency.
Intellectual Property
35. We reserve all copyright and any other intellectual property rights which may subsist in any goods supplied in connection with the provision of the Services. We reserve the right to take any appropriate action to restrain or prevent the infringement of such intellectual property rights.
Liability and Indemnity
36. Our liability under these Terms and Conditions, and in breach of statutory duty, and in tort or misrepresentation or otherwise, shall be limited as set out in this section.
37. The total amount of our liability is limited to the total amount of Fees payable by you under the Contract.
38. We are not liable (whether caused by our employees, agents or otherwise) in connection with our provision of the Services or the performance of any of our other obligations under these Terms and Conditions or the quotation for:
a. any indirect, special or consequential loss, damage, costs, or expenses or;
b. any loss of profits; loss of anticipated profits; loss of business; loss of data; loss of reputation or goodwill; business interruption; or, other third party claims; or
c. any failure to perform any of our obligations if such delay or failure is due to any cause beyond our reasonable control; or
d. any losses caused directly or indirectly by any failure or your breach in relation to your obligations; or
e. any losses arising directly or indirectly from the choice of Services and how they will meet your requirements or your use of the Services or any goods supplied in connection with the Services.
39. You must indemnify us against all damages, costs, claims and expenses suffered by us arising from any loss or damage to any equipment (including that belonging to third parties) caused by you or your agents or employees.
40. Nothing in these Terms and Conditions shall limit or exclude our liability for death or personal injury caused by our negligence, or for any fraudulent misrepresentation, or for any other matters for which it would be unlawful to exclude or limit liability.
Data Protection
41. When supplying the Services to the Customer, the Service Provider may gain access to and/or acquire the ability to transfer, store or process personal data of employees of the Customer.
42. The parties agree that where such processing of personal data takes place, the Customer shall be the 'data controller' and the Service Provider shall be the 'data processor' as defined in the General Data Protection Regulation (GDPR) as may be amended, extended and/or re-enacted from time to time.
43. For the avoidance of doubt, 'Personal Data', 'Processing', 'Data Controller', 'Data Processor' and 'Data Subject' shall have the same meaning as in the GDPR.
44. The Service Provider shall only Process Personal Data to the extent reasonably required to enable it to supply the Services as mentioned in these Terms and Conditions or as requested by and agreed with the Customer, shall not retain any Personal Data longer than necessary for the Processing and refrain from Processing any Personal Data for its own or for any third party's purposes.
45. The Service Provider shall not disclose Personal Data to any third parties other than employees, directors, agents, sub-contractors or advisors on a strict 'need-to-know' basis and only under the same (or more extensive) conditions as set out in these Terms and Conditions or to the extent required by applicable legislation and/or regulations.
46. The Service Provider shall implement and maintain technical and organisational security measures as are required to protect Personal Data Processed by the Service Provider on behalf of the Customer.
47. Further information about the Service Provider's approach to data protection are specified in its Data Protection Policy, which can be found on our website at www.yokecreativeagency.com/boring-but-important. For any enquiries or complaints regarding data privacy, you can email: hello@yokecreativeagency.com.
Circumstances Beyond a Party's Control
48. Neither of us is liable for any failure or delay in performing our obligations where such failure or delay results from any cause that is beyond the reasonable control of that party. Such causes include, but are not limited to: industrial action, civil unrest, fire, flood, storms, earthquakes, acts of terrorism, acts of war, governmental action or any other event that is beyond the control of the party in question. If the delay continues for a period of 90 days, either of us may terminate or cancel the Services to be carried out under these Terms and Conditions.
Communications
49. All notices under these Terms and Conditions must be in writing and signed by, or on behalf of, the party giving notice (or a duly authorised officer of that party).
50. Notices shall be deemed to have been duly given:
a. when delivered, if delivered by courier or other messenger (including registered mail) during the normal business hours of the recipient;
b. when sent, if transmitted by fax or email and a successful transmission report or return receipt is generated;
c. on the fifth business day following mailing, if mailed by national ordinary mail; or
d. on the tenth business day following mailing, if mailed by airmail.
51. All notices under these Terms and Conditions must be addressed to the most recent address, email address or fax number notified to the other party.
No waiver
52. No delay, act or omission by a party in exercising any right or remedy will be deemed a waiver of that, or any other, right or remedy nor stop further exercise of any other right, or remedy.
Severance
53. If one or more of these Terms and Conditions is found to be unlawful, invalid or otherwise unenforceable, that / those provisions will be deemed severed from the remainder of these Terms and Conditions (which will remain valid and enforceable).
Law and Jurisdiction
54. These Terms and Conditions shall be governed by and interpreted according to the law of England and Wales and all disputes arising under the Terms and Conditions (including non-contractual disputes or claims) shall be subject to the exclusive jurisdiction of the English and Welsh courts.
Data Protection & Security Policy
Effective date: 20/05/2026
Statement and Purpose of Policy
A. Yoke Creative Agency Ltd (the Employer) is committed to ensuring that all personal data handled by us will be processed according to legally compliant standards of data protection and data security.
B. We confirm for the purposes of the data protection laws, that the Employer is a data controller of the personal data in connection with your employment. This means that we determine the purposes for which, and the manner in which, your personal data is processed.
C. The purpose of this Policy is to help us achieve our data protection and data security aims by:
1. notifying our staff of the types of personal information that we may hold about them, our customers, suppliers and other third parties and what we do with that information;
2. setting out the rules on data protection and the legal conditions that must be satisfied when we collect, receive, handle, process, transfer and store personal data and ensuring staff understand our rules and the legal standards; and
3. clarifying the responsibilities and duties of staff in respect of data protection and data security.
D. This is a statement of policy only and does not form part of your contract of employment. We may amend this Policy at any time, in our absolute discretion.
E. For the purposes of this Policy:
1. Data protection laws means all applicable laws relating to the processing of personal data, including, for the period during which it is in force, the UK General Data Protection Regulation.
2. Data subject means the individual to whom the personal data relates.
3. Personal data means any information that relates to an individual who can be identified from that information.
4. Processing means any use that is made of data, including collecting, storing, amending, disclosing, or destroying it.
5. Special categories of personal data means information about an individual's racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, health, sex life or sexual orientation and biometric data.
Data Protection Principles
1. Staff whose work involves using personal data relating to Staff or others must comply with this Policy and with the following data protection principles which require that personal information is:
a. processed lawfully, fairly and in a transparent manner. We must always have a lawful basis to process personal data, as set out in the data protection laws. Personal data may be processed as necessary to perform a contract with the data subject, to comply with a legal obligation which the data controller is the subject of, or for the legitimate interest of the data controller or the party to whom the data is disclosed. The data subject must be told who controls the information (us), the purpose(s) for which we are processing the information and to whom it may be disclosed.
b. collected only for specified, explicit and legitimate purposes. Personal data must not be collected for one purpose and then used for another. If we want to change the way we use personal data, we must first tell the data subject.
c. processed only where it is adequate, relevant and limited to what is necessary for the purposes of processing. We will only collect personal data to the extent required for the specific purpose notified to the data subject.
d. accurate and the Employer takes all reasonable steps to ensure that information that is inaccurate is rectified or deleted without delay. Checks to personal data will be made when collected and regular checks must be made afterwards. We will make reasonable efforts to rectify or erase inaccurate information.
e. kept only for the period necessary for processing. Information will not be kept longer than it is needed and we will take all reasonable steps to delete information when we no longer need it. For guidance on how long particular information should be kept, contact the Office Manager.
f. secure, and appropriate measures are adopted by the Employer to ensure as such.
Who is Responsible for Data Protection and Data Security?
2. Maintaining appropriate standards of data protection and data security is a collective task shared between us and you. This Policy and the rules contained in it apply to all staff of the Employer, irrespective of seniority, tenure and working hours, including all employees, directors and officers, consultants and contractors, casual or agency staff, trainees, homeworkers and fixed-term staff and any volunteers (Staff).
3. Questions about this Policy, or requests for further information, should be directed to the Office Manager.
4. All Staff have personal responsibility to ensure compliance with this Policy, to handle all personal data consistently with the principles set out here and to ensure that measures are taken to protect the data security. Managers have special responsibility for leading by example and monitoring and enforcing compliance. The Office Manager must be notified if this Policy has not been followed, or if it is suspected this Policy has not been followed, as soon as reasonably practicable.
5. Any breach of this Policy will be taken seriously and may result in disciplinary action up to and including dismissal. Significant or deliberate breaches, such as accessing Staff or customer personal data without authorisation or a legitimate reason to do so, may constitute gross misconduct and could lead to dismissal without notice.
What Personal Data and Activities are Covered by This Policy?
6. This Policy covers personal data:
a. which relates to a natural living individual who can be identified either from that information in isolation or by reading it together with other information we possess;
b. is stored electronically or on paper in a filing system;
c. in the form of statements of opinion as well as facts;
d. which relates to Staff (present, past or future) or to any other individual whose personal data we handle or control;
e. which we obtain, is provided to us, which we hold or store, organise, disclose or transfer, amend, retrieve, use, handle, process, transport or destroy.
7. This personal data is subject to the legal safeguards set out in the data protection laws.
What Personal Data Do We Process About Staff?
8. We collect personal data about you which:
a. you provide or we gather before or during your employment or engagement with us;
b. is provided by third parties, such as references or information from suppliers or another party that we do business with; or
c. is in the public domain.
9. The types of personal data that we may collect, store and use about you include records relating to your:
a. home address, contact details and contact details for your next of kin;
b. recruitment (including your application form or curriculum vitae, references received and details of your qualifications);
c. pay records, national insurance number and details of taxes and any employment benefits such as pension and health insurance (including details of any claims made);
d. telephone, email, internet, fax or instant messenger use;
e. performance and any disciplinary matters, grievances, complaints or concerns in which you are involved.
Sensitive Personal Data
10. We may from time to time need to process sensitive personal information (sometimes referred to as 'special categories of personal data').
11. We will only process sensitive personal information if:
a. we have a lawful basis for doing so, e.g. it is necessary for the performance of the employment contract; and
b. one of the following special conditions for processing personal information applies:
i. the data subject has given explicit consent.
ii. the processing is necessary for the purposes of exercising the employment law rights or obligations of the Company or the data subject.
iii. the processing is necessary to protect the data subject's vital interests, and the data subject is physically incapable of giving consent.
iv. processing relates to personal data which are manifestly made public by the data subject.
v. the processing is necessary for the establishment, exercise, or defence or legal claims; or
vi. the processing is necessary for reasons of substantial public interest.
12. Before processing any sensitive personal information, Staff must notify the Office Manager of the proposed processing, in order for the Office Manager to assess whether the processing complies with the criteria noted above.
13. Sensitive personal information will not be processed until the assessment above has taken place and the individual has been properly informed of the nature of the processing, the purposes for which it is being carried out and the legal basis for it.
14. Our Privacy Notice sets out the type of sensitive personal information that we process, what it is used for and the lawful basis for the processing.
How We Use Your Personal Data
15. We will tell you the reasons for processing your personal data, how we use such information and the legal basis for processing in our Privacy Notice. We will not process Staff personal information for any other reason.
16. In general, we will use information to carry out our business, to administer your employment or engagement and to deal with any problems or concerns you may have, including, but not limited to:
a. Staff address lists: to compile and circulate lists of home addresses and contact details, to contact you outside working hours.
b. Sickness records: to maintain a record of your sickness absence and copies of any doctor's notes or other documents supplied to us in connection with your health, to inform your colleagues and others that you are absent through sickness, as reasonably necessary to manage your absence, to deal with unacceptably high or suspicious sickness absence, to inform reviewers for appraisal purposes of your sickness absence level, to publish internally aggregated, anonymous details of sickness absence levels.
c. Monitoring IT systems: to monitor your use of e-mails, internet, telephone and fax, computer or other communications or IT resources.
d. Disciplinary, grievance or legal matters: in connection with any disciplinary, grievance, legal, regulatory or compliance matters or proceedings that may involve you.
e. Performance reviews: to carry out performance reviews.
Accuracy and Relevance
17. We will:
a. ensure that any personal data processed is up to date, accurate, adequate, relevant and not excessive, given the purpose for which it was collected.
b. not process personal data obtained for one purpose for any other purpose, unless you agree to this or reasonably expect this.
18. If you consider that any information held about you is inaccurate or out of date, then you should tell the Office Manager. If they agree that the information is inaccurate or out of date, then they will correct it promptly. If they do not agree with the correction, then they will note your comments.
Storage and Retention
19. Personal data (and sensitive personal information) will be kept securely in accordance with our Information Security Policy.
20. The periods for which we hold personal data are contained in our Privacy Notices.
Individual Rights
21. You have the following rights in relation to your personal data.
22. Subject access requests:
a. You have the right to make a subject access request. If you make a subject access request, we will tell you:
i. whether or not your personal data is processed and if so why, the categories of personal data concerned and the source of the data if it is not collected from you;
ii. to whom your personal data is or may be disclosed, including to recipients outside of the UK or European Economic Area (EEA) and the safeguards that apply to such transfers;
iii. for how long your personal data is stored (or how that period is decided);
iv. your rights of rectification or erasure of data, or to restrict or object to processing;
v. your right to right to complain to the Information Commissioner if you think we have failed to comply with your data protection rights; and
vi. whether or not we carry out automated decision-making and the logic involved in any such decision making.
b. We will provide you with a copy of the personal data undergoing processing. This will normally be in electronic form if you have made a request electronically, unless you agree otherwise.
c. To make a subject access request, contact us at hello@yokecreativeagency.com.
d. We may need to ask for proof of identification before your request can be processed. We will let you know if we need to verify your identity and the documents we require.
e. We will normally respond to your request within 28 days from the date your request is received. In some cases, eg where there is a large amount of personal data being processed, we may respond within 3 months of the date your request is received. We will write to you within 28 days of receiving your original request if this is the case.
f. If your request is manifestly unfounded or excessive, we are not obliged to comply with it.
23. Other rights:
a. You have a number of other rights in relation to your personal data. You can require us to:
i. rectify inaccurate data;
ii. stop processing or erase data that is no longer necessary for the purposes of processing;
iii. stop processing or erase data if your interests override our legitimate grounds for processing the data (where we rely on our legitimate interests as a reason for processing data);
iv. stop processing data for a period if data is inaccurate or if there is a dispute about whether or not your interests override the Employer's legitimate grounds for processing the data.
b. To request that we take any of these steps, please send the request to hello@yokecreativeagency.com.
Data Security
24. We will use appropriate technical and organisational measures to keep personal data secure, and in particular to protect against unauthorised or unlawful processing and against accidental loss, destruction or damage.
25. Maintaining data security means making sure that:
a. only people who are authorised to use the information can access it;
b. where possible, personal data is pseudonymised or encrypted;
c. information is accurate and suitable for the purpose for which it is processed; and
d. authorised persons can access information if they need it for authorised purposes.
26. By law, we must use procedures and technology to secure personal information throughout the period that we hold or control it, from obtaining to destroying the information.
27. Personal information must not be transferred to any person to process (eg while performing services for us on or our behalf), unless that person has either agreed to comply with our data security procedures or we are satisfied that other adequate measures exist.
28. Security procedures include:
a. Any desk or cupboard containing confidential information must be kept locked.
b. Computers should be locked with a strong password that is changed regularly or shut down when they are left unattended and discretion should be used when viewing personal information on a monitor to ensure that it is not visible to others.
c. Data stored on CDs or memory sticks must be encrypted or password-protected and locked away securely when they are not being used.
d. The Office Manager must approve of any cloud used to store data.
e. Data should never be saved directly to mobile devices such as laptops, tablets or smartphones.
f. All servers containing sensitive personal data must be approved and protected by security software.
g. Servers containing personal data must be kept in a secure location, away from general office space.
h. Data should be regularly backed up in line with the Employer's back-up procedure.
29. Telephone precautions. Particular care must be taken by Staff who deal with telephone enquiries to avoid inappropriate disclosures. In particular:
a. the identity of any telephone caller must be verified before any personal information is disclosed;
b. if the caller's identity cannot be verified satisfactorily then they should be asked to put their query in writing;
c. do not allow callers to bully you into disclosing information. In case of any problems or uncertainty, contact the Office Manager.
30. Methods of disposal. Copies of personal information, whether on paper or on any physical storage device, must be physically destroyed when they are no longer needed. Paper documents should be shredded and CDs or memory sticks or similar must be rendered permanently unreadable.
Data Impact Assessments
31. Some of the processing that the Employer carries out may result in risks to privacy.
32. Where processing would result in a high risk to Staff rights and freedoms, the Employer will carry out a data protection impact assessment to determine the necessity and proportionality of processing. This will include considering the purposes for which the activity is carried out, the risks for individuals and the measures that can be put in place to mitigate those risks.
Data Breaches
33. If we discover that there has been a breach of Staff personal data that poses a risk to the rights and freedoms of individuals, we will report it to the Information Commissioner within 72 hours of discovery.
34. We will record all data breaches regardless of their effect in accordance with our Breach Response Policy.
35. If the breach is likely to result in a high risk to your rights and freedoms, we will tell affected individuals that there has been a breach and provide them with more information about its likely consequences and the mitigation measures it has taken.
International Data Transfers
36. In the course of carrying out our business, we may need to transfer your personal information to a country outside the UK or European Economic Area (EEA) including to any group company or to another person with whom we have a business relationship.
37. Your personal data will only be transferred to a country outside of the UK or EEA if there are adequate protections in place. To ensure that your personal data receives an adequate level of protection, we have put in place appropriate procedures with the third parties we share your personal data with, to ensure your personal data is treated by those third parties in a way that is consistent with and which respects the law on data protection.
38. If you wish to know more about international transfers of your personal data, you may contact the Office Manager.
Individual Responsibilities
39. Staff are responsible for helping the Employer keep their personal data up to date.
40. Staff should let the Employer know if personal data provided to the Employer changes, e.g. if you move house or change your bank details.
41. You may have access to the personal data of other Staff members and of our customers in the course of your employment. Where this is the case, the Employer relies on Staff members to help meet its data protection obligations to Staff and to customers.
42. Individuals who have access to personal data are required:
a. to access only personal data that they have authority to access and only for authorised purposes;
b. not to disclose personal data except to individuals (whether inside or outside of the Employer) who have appropriate authorisation;
c. to keep personal data secure (e.g. by complying with rules on access to premises, computer access, including password protection, and secure file storage and destruction);
d. not to remove personal data, or devices containing or that can be used to access personal data, from the Employer's premises without adopting appropriate security measures (such as encryption or password protection) to secure the data and the device; and
e. not to store personal data on local drives or on personal devices that are used for work purposes.
Training
43. We will provide training to all individuals about their data protection responsibilities as part of the induction process and at regular intervals thereafter.
44. Individuals whose roles require regular access to personal data, or who are responsible for implementing this Policy or responding to subject access requests under this Policy will receive additional training to help them understand their duties and how to comply with them.
Attribution
45. This Data Protection and Data Security Policy was created using a document from Rocket Lawyer (https://www.rocketlawyer.com/gb/en).