Privacy Notice 22nd May 2018


This Notice
We have updated this notice, to incorporate the changes brought about by the General Data Protection Regulation (GDPR) that came into force on 25 th May 2018. GDPR includes provisions on Privacy Notices in Articles 12, 13 and 14.

About us
Social Sugar is a PR, social media and digital marketing agency based in the bubbly town of Altrincham, near Manchester. Our overall goal is to get people sweet on you. We work with B2B and B2C companies, from big brands to independent names. Our services include spotlight-stealing social media and PR campaigns, blogging, e-newsletters, and website writing, to name a few.

What is a privacy notice?
A privacy notice is a statement by a company to its customers. It’s all about being transparent and providing accessible information to individuals about how we will use your personal data. It is a key element of the GDPR.

Why issue a privacy notice?
We recognise the importance of protecting personal and confidential information in all that we do take care to meet our legal and regulatory duties. This notice is one of the ways in which we can demonstrate to you our commitment to our values of being transparent and open with your data and its processing. This notice also explains what rights you have to control how we use your information.

Who are we governed by?
Information Commissioner’s Office –

Legal basis for processing your information
We process your information fairly and lawfully by only using it if we have a lawful reason to do so. We make sure that you know how we use your information, and ensure you are informed about your rights.

We rely on the following specific conditions in Articles 6 and 9 of the GDPR to process your information: Article 6(1) (f) provides us with a lawful basis for processing data where processing is necessary for the purposes pursued by us. We do not rely on consent to use your information as a legal basis for processing.

What information do we collect from you, and why?
We may ask for, or hold, personal confidential information about you that will be used to support delivery of the services that you have specifically asked us to provide. We do not collect any children’s personal data. All data is processed within the UK.

Most of your records are electronic and are held on a computer system and secure IT network with business continuity planning in place.

How we use your information
• To enable us to provide you with the best possible PR, digital, and content campaigns and services.
• Solely for the explicit purposes of our business.

How we keep your information safe and confidential
We are committed to keeping your information secure. Information is retained in secure electronic and paper records and access is restricted to only those who need to know. Security and access controls, operational policies and procedures are in place to protect your information. We have both a records retention and data inventory in place to support compliance.

We are registered with the Information Commissioners Office (ICO). Details of our registration can be found on Enter our registration number () and click ‘search register’. Everyone working for the company is subject to the Common Law Duty of Confidentiality, the GDPR and any other prevailing legislation. Information provided in confidence will only be used for the purposes to which you consent to, unless there are other circumstances covered by the law.

Our staff are required to undertake training in data protection, confidentiality, and IT/cyber security. We have had a GDPR compliance assessment completed by a consultant.

Who we share your information with
We do not share any information with third parties, except exclusively for the purposes intended and expected.

Contacting us about your information
We have a senior officer in place, who is responsible for protecting the confidentiality of your information.

If you have any questions or concerns regarding the information we hold on you, the use of your information, or would like to discuss further, please contact…


How can I access the information you hold about me, and what are my rights?
Under the GDPR a person may request access to information (with some exemptions) that is held about them by an organisation. As of 25 th May 2018 there is no charge for this, unless a request is manifestly unfounded or excessive, particularly if it is repetitive. In that case, a reasonable fee may be charged.

Please email for subject access requests.

Your Rights under GDPR Chapter 3 of the GDPR, articles 12-23 as the Data
Subject are:
1. Right to be informed
2. Right to access
3. Right of rectification
4. Right to erasure
5. Right to restriction of processing
6. Right to data portability
7. Right to object
8. Automated individual decision-making, including profiling

We will comply with your rights and our responsibilities as stated above.

Data Breaches under GDPR
The GDPR introduces a duty on us to report certain types of personal data breaches to the Information Commissioner’s Office (ICO). In situations where the likelihood and severity of the resulting breach creates a risk to your rights and freedoms we will notify the ICO without undue delay within 72 hours of becoming aware of the breach, where feasible. If the breach is likely to result in a high risk of it adversely affecting your rights and freedoms, we will also inform you without undue delay.

If you remain dissatisfied with our decision following your complaint, you may wish to contact:

Information Commissioner’s Office
Wycliffe House
Water Lane

Their website address is The information commissioner will not normally consider an appeal until you have exhausted your rights of redress and complaint to us.

If you need further clarification, please contact on or email