1. Who we are
This privacy policy explains how Strive Creative (“we”, “us”, “our”) collects, uses, and protects your personal data when you visit our website, contact us, or use our services.
- Trading name: Strive Creative
- Legal entity: Cameron Harvey, sole trader, trading as Strive Creative
- Contact for privacy queries: privacy@strivecreative.uk
- Data Protection contact: Cameron Harvey, Founder
We are the data controller for the personal data described in this notice.
This privacy policy applies to data we hold about visitors to our website, prospects, leads, and clients of Strive Creative directly. It does not apply to donor or beneficiary data we process on behalf of charity clients. That processing is governed by separate Data Processing Agreements with each charity, and the charity is the data controller of that data.
2. What personal data we collect
We may collect and process the following personal data:
When you visit our website
- IP address (anonymised after 24 hours)
- Browser type and version, device type, operating system
- Pages visited, referring URLs, time spent on pages
- UTM parameters (campaign tracking)
- Cookies (see Cookies)
When you fill in a form (enquiry, lead magnet, demo request)
- Name
- Email address
- Phone number (if provided)
- Charity name and registered charity number (if applicable)
- Role / job title
- Information about your charity, services, or specific enquiry that you provide
When you become a client
- Billing contact details
- Bank account or payment details (held by Stripe; we do not store card numbers)
- Authorised user details for service delivery
From third-party sources
- Publicly available information from the Charity Commission database (charity name, registration, trustees, beneficiary description), used for prospect research where lawful basis applies
- Information you make publicly available on social media (e.g. LinkedIn) when you connect with us professionally
3. Why we use your personal data, and our lawful basis
We process personal data only when we have a lawful basis to do so under UK GDPR.
| Purpose | Lawful basis |
|---|---|
| Responding to your enquiry or contact request | Legitimate interest (responding to your direct request) |
| Sending you a quote or proposal | Legitimate interest / contract preparation |
| Delivering our services to you (if you become a client) | Performance of a contract |
| Sending you direct marketing emails (newsletter, service updates) | Consent (you must opt in) |
| Prospect research using publicly available Charity Commission data | Legitimate interest (the Commission database is public for charity transparency); we will stop processing if you object |
| Complying with legal obligations (tax, accounting, charity regulation) | Legal obligation |
| Defending or pursuing legal claims | Legitimate interest |
| Improving our services (anonymised analytics) | Legitimate interest |
We will never sell your personal data.
5. International transfers
Some of our service providers (GoHighLevel, Google) are based in the United States. Transfers of personal data to the US are protected by UK-recognised safeguards (UK International Data Transfer Agreement, IDTA, or equivalent). Brevo (email) is in the EU and is covered by the UK-EU adequacy decision.
6. How long we keep your data
| Data category | Retention period |
|---|---|
| Website analytics | 24 months from last visit |
| Enquiries / leads with no further engagement | 24 months from last contact |
| Active clients | Duration of contract + 7 years (UK accounting and tax retention requirement) |
| Marketing email subscribers | Until you unsubscribe + 30 days |
| Prospect research (public charity data) | Reviewed annually; deleted if no engagement after 24 months |
8. Your rights
Under UK GDPR you have the following rights regarding your personal data:
- Right to be informed, about how we process your data (this policy)
- Right of access, to a copy of the data we hold about you
- Right to rectification, to correct inaccurate data
- Right to erasure(“right to be forgotten”), in certain circumstances
- Right to restrict processing, in certain circumstances
- Right to data portability, to receive your data in a portable format
- Right to object, to processing based on legitimate interest, or to direct marketing at any time
- Rights related to automated decision-making and profiling, we do not use automated decision-making that has legal or similarly significant effects on you
To exercise any of these rights, contact us at privacy@strivecreative.uk. We will respond within 30 days.
You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO):
- Website: ico.org.uk
- Phone: 0303 123 1113
9. Security
We use appropriate technical and organisational measures to protect your personal data, including:
- Encryption of data in transit (TLS 1.2 or higher)
- Access controls limiting access to personnel with a legitimate need
- Regular security reviews
- Password protection and multi-factor authentication on administrative systems
- Secure backup and disaster recovery procedures
No system is 100% secure. If we become aware of a personal data breach affecting you, we will notify you without undue delay where required by law.
10. Changes to this policy
We may update this policy from time to time. The current version is always available at strivecreative.uk/privacy. Material changes will be notified to active clients by email, and to subscribers by email if we have your consent to contact you.
11. Contact
For privacy questions, requests, or complaints:
Email: privacy@strivecreative.uk
Last reviewed: 2026-05-13
This policy is reviewed annually or when our processing activities materially change.