Privacy Policy for CTI Digital

Effective Date: 26 March 2026

Introduction

CTI Digital Limited (we, us, or our) is committed to protecting your privacy and processing your personal data in compliance with the UK General Data Protection Regulation (UK GDPR), the Privacy and Electronic Communications (EC Directive) Regulations 2003 (PECR 2003), the EU General Data Protection Regulation (EU GDPR) in relation to goods and services we offer to individuals in the European Economic Area (EEA) and other applicable privacy laws. 


We take your privacy very seriously. Please read this privacy policy carefully as it contains important information on who we are and how and why we collect, store, use and share any information relating to you (your personal data). It also explains your rights in relation to your personal data and how to contact us or a relevant regulator in the event you have a complaint.

Who We Are

We are the controller of personal data obtained via our website and from you as a client or potential client, meaning we are the organisation legally responsible for deciding how and for what purposes it is used.

If you are looking for a job at CTI Digital, look at our privacy policy on our careers page - this isn’t the right privacy policy for you.

We are registered as a data controller at the UK Information Commissioner’s Office under number Z342478X. You can contact our Data Protection Officer for any questions about this policy or its contents at [email protected].

Throughout our website we may link to other websites owned and operated by certain trusted third parties. Those third party websites may also gather information about you in accordance with their own separate privacy policies. For privacy information relating to those third party websites, please consult their privacy policies as appropriate.

Categories of Personal Data We Collect

We may collect, use, and store personal data in connection with our services, as well as to improve your experience with our services. Such data includes:

  • Identity and contact information: Name, email address, phone number, company details, job title and postal address;
  • Technical information: IP addresses, browser types, cookies, device identifiers, and your activities on, and use of, our website;
  • Marketing preferences and behaviours: Choices regarding receiving marketing communications and data collected through cookies or tracking technologies;
  • Services: Information about the services we provide to you;
  • Financial information: Payment details (if relevant);
  • User-generated content: Client reviews, survey responses, feedback or content shared through social channels;
  • Professional information: Your professional interests and your professional online presence, eg LinkedIn profile;
  • Affiliate and influencer collaboration data: Engagement analytics and campaign tracking details shared with authorised partnerships;

We will collect personal data from you both:

  • Directly: when you enter or send us information (e.g. fill in a form on our website, sign up for our newsletter, enter into a contract with us for our services, send us feedback or attend an event we have organsied); and
  • Indirectly: your browsing activity on our website and collection of information as explained in Cookies and Tracking Technologies below.

We also collect personal data about you from other sources including publicly available website or trusted data suppliers. If we think you are a potential CTI Digital client, we use trusted data suppliers called Apollo, Linkedin Sales Navigator, Lusha and Lemlist to find accurate business contact details for you.

In some cases, you must provide personal data to us to be able to use our website and/or to benefit from our services, unless we tell you that you have a choice.

Sometimes you can choose if you want to give us your personal data and let us use it. Where that is the case we will tell you and give you the choice before you give the personal data to us. If you decline to share that personal data, we will tell you if this has any effect on your use of the website or any of the services or events we provide. 

Our Website and services are not intended for or targeted at children under 16, and we do not knowingly or intentionally collect information about children under 16. If you believe that we have collected information about a child under 16, please contact us at [email protected], so that we can delete the information. If we learn that we have collected any Personal Information from children under 16, we will take prompt steps to delete such information.

Purpose and Lawful Basis for Processing

We will only process personal data if there is a legal basis to do so. We possess your data to:

  • Register you as a client and to provide our services to you;
  • Get feedback from you about our services;
  • Allow you to use our website and to improve its functionality;
  • Send you our newsletter or blog posts;
  • Invite you to events;
  • Give you updates on our services and provide support;
  • Let you know about services we think you might be interested in (for which we have conducted a proper legitimate interest assessment);
  • Comply with any legal or regulatory obligations.

Typical lawful bases upon which we rely include:

  • Consent: You can withdraw your consent at any time (see Marketing Communications for withdrawal methods).
  • Performance of Contract: Where processing is necessary to deliver services you have requested from us.
  • Legitimate Interests: When processing is required for our legitimate business purposes. 

Where we rely on legitimate interests, we will conduct proper assessments to ensure your rights and freedoms are not overridden. 

Sharing of Your Personal Data

Your personal data may be shared with third parties in connection with the services we provide. These third parties may include:

  • Cloud service providers that manage secure data storage and hosting;
  • Our client relationship management provider, to streamline our communications and ensure you receive the most relevant support;
  • Analytics providers for processing digital performance data using tools that comply with relevant legal standards;
  • Collaborative affiliates and marketing partners, such as third-party advertisers, email service providers or content platforms, who assist us with campaign execution or brand promotion;
  • Payment systems providers or processors for handling financial transactions (if applicable);
  • Other legal entites in our group, including Project Airscope Bidco Limited and Nublue Limited;
  • If you sign up to attend one of our events, we may share your name, work details and contact information with any sponsor or partner of that event. If permitted by law, our sponsors/partners may use that information to market their products and services to you;
  • Our auditors, professional advisors or legal or regulatory bodies when required by law (and always subject to confidentiality obligations).

Some of the tools that we use to provide our services incorporate artificial intelligence (AI) and your personal data may therefore be processed by those tools.

We only allow third party organisations to process your personal data if we are satisfied they take appropriate measures to protect your personal data, including in relation to the use of AI. We also impose contractual obligations on them to ensure they can only process your personal data to provide services to us and to you. Where AI is used, we ensure that your personal data is not used to train or improve the underlying AI model. If any AI tools involve automated decision-making or profiling that produces legal or similarly significant effects on you, we will provide you with meaningful information about the logic involved, as well as the significance and potential consequences of such processing. You will also have the right to contest such decisions or request human intervention, where applicable.

Data Retention

We only retain your personal data for as long as it is necessary for the purposes outlined in this policy. Retention periods vary depending on the purpose of processing. If you require details of our retention periods, please contact us at [email protected].

Once these retention periods lapse, we will securely delete or anonymise your data unless required otherwise under applicable law.

International Data Transfers

It is sometimes necessary for us to transfer your personal data to trusted partners located outside the UK/EEA. If we do this, we will take the steps required by law to ensure your privacy rights continue to be protected. Normally, this involves us conducting a data transfer risk assessment and requiring our suppliers to enter binding contractual commitments with us designed to protect your data.

By providing us with your personal data, you consent to this transfer.

Your Rights

Under the UK GDPR, you have the following rights:

  • Right to access: Obtain a copy of personal data we hold about you; 
  • Right to rectification: Request that we correct any errors in your personal data;
  • Right to erasure: Request deletion of your data under applicable conditions;
  • Right to restrict processing: Limit how your data is processed under certain circumstances;
  • Right to portability: Ask us to transfer your data to another organisation;
  • Right to object: Oppose the processing of your data for legitimate interests or direct marketing;
  • Right not to be subject to automated decision-making (including profiling) that significantly affects you. 

Should you wish to exercise any of these rights, please contact us at [email protected]

Marketing Communications

We may send you marketing information regarding our services or events via various channels (e.g., email, post, social media). 

You can opt-out or withdraw your consent for marketing at any time by:

  • Clicking the unsubscribe link in our emails; or
  • Contacting us directly via [email protected]

Your decision to unsubscribe or opt-out is free of charge.

We may ask you to confirm or update your marketing preferences if you ask us to provide further services in the future, or if there are changes in the law, regulation, or the structure of our business.

Cookies and Tracking Technologies

We use cookies and tools for analytics and online behavioural marketing. The cookie categories include:

  • Essential Cookies: Required for website operations.
  • Analytics Cookies: Monitor and analyse web traffic for performance improvement.
  • Behavioural Advertising Cookies: Used to deliver targeted content and personalisation.

Cookies that are non-essential will only be activated with your clear consent provided via our Cookie Banner. You can manage or withdraw consent at any time using browser settings or by contacting [email protected]. For further information please see our Cookie Policy.

Keeping your personal data secure

We have appropriate security measures to prevent personal data from being accidentally lost, or used or accessed unlawfully. We limit access to your personal data to those who have a genuine need to access it. We regularly test our systems and are ISO 27001 certified, which means we follow top industry standards for information security.

We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.

Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted through any online means, therefore any transmission remains at your own risk.

Complaints

We acknowledge that we may not always get things right, so if something has gone wrong, we need you to tell us. This will help us to improve our standards of service and data protection controls.

You can contact us if you would like to make a complaint by emailing us at [email protected]

In your email please include:

  • Your name and contact details
  • If you are complaining on behalf of someone else, their name and contact details and a copy of your authority to make the complaint
  • Details of your complaint (please provide as much information as possible)

We will acknowledge your complaint within 30 days of receiving it. We will then take reasonable steps to verify your identity: this may involve requesting further information or documentation from you. If the complaint is made on behalf of someone else, we will also need to check that the person making the complaint is properly authorised to do so. If we are not able to identify the person making the complaint or we are not satisfied that they have the proper authority to make the complaint, we may not be able to deal with it. 

We will investigate your complaint. We may also need to ask you for further information or documents, if so we will ask you to do this within a specific period of time. 

We will inform you of the outcome of your complaint without undue delay. We will explain what we have done to resolve your complaint and, where appropriate, any action we have taken as a result. 

If you are unhappy with the outcome of your complaint, you also have the right to lodge a complaint with the Information Commissioner’s Office. They may be contacted using the details at https://ico.org.uk/make-a-complaint or by telephone: 0303 123 1113.

Updates to This Privacy Policy

This privacy policy was last updated on 26 March 2026. We reserve the right to make changes as required by law or operational adjustments. Changes will be published on our website, and significant updates may be communicated directly.

Accessibility

Should you require this policy in an alternative format (e.g., braille, audio), please contact us at [email protected].