Skip to content
Legal · Privacy

Privacy policy.

Plain English up top, formal sub-clauses underneath. We collect as little as we can and never sell anything.

Effective 14 March 2026
Last updated 14 March 2026
Version 3.1
Jurisdiction UK GDPR · EU GDPR

01About this notice

In short

This explains what we collect when you visit bigjump.com or work with us, why, and what you can do about it. We try not to be cute about it.

This privacy notice describes how BigJump® Ltd ("BigJump", "we", "us") collects, uses and shares personal data when you visit our website, contact us, or engage us for services. It is written to comply with the UK GDPR, the Data Protection Act 2018, and the EU GDPR (where applicable).

If anything here is unclear, write to [email protected] and a real person will reply.

02Who we are

The data controller is BigJump® Ltd, a company registered in England and Wales (company no. 05032048), with its registered office at The Grange, Grange Road, Great Malvern, WR14 3HA. We are registered with the Information Commissioner's Office (ZB049952).

You can reach our privacy contact at [email protected]. We are not currently required to appoint a Data Protection Officer; this contact handles day-to-day data protection matters.

03What we collect

In short

Whatever you tell us in the contact form or by email, plus very basic, anonymised analytics about how the site is used. No third-party advertising trackers.

We collect personal data in three ways:

Information you give us

  • Your name, email, company, and the contents of any message when you fill in the contact form.
  • Project details, billing details and correspondence if we end up working together.
  • Anything else you choose to share with us during a project (under a separate engagement contract).

Information we collect automatically

  • Anonymised, aggregated usage statistics via Fathom Analytics — which pages were viewed, rough country, referrer. No cookies, no IP addresses stored, no fingerprinting. See section 11.
  • Standard server logs (IP, user-agent, timestamp) kept by our hosting provider for security and abuse prevention.

Information from third parties

  • Public information from LinkedIn or referrer sources when you reach out, only to the extent it helps us reply usefully.

04How we use it

We use personal data only for purposes that are obvious from how you gave it to us:

  • To reply to enquiries — names, emails, project details from the contact form.
  • To deliver services — when you've engaged us under a Statement of Work.
  • To send invoices and run the business — billing details, contact records.
  • To improve the site — aggregated, anonymous usage statistics only.
  • To meet legal obligations — accounting records, tax records, ICO requests.

We do not use personal data to train AI models, profile individuals, or make automated decisions that significantly affect you. We do not sell or rent personal data to anyone.

05Lawful basis

Contract
Where processing is necessary to deliver services you've engaged us to deliver, or to take steps at your request before entering a contract (e.g. responding to a project enquiry).
Legitimate interests
To run a small consultancy efficiently — replying to enquiries, keeping correspondence records, and understanding which pages of our site are useful (in aggregate). We've balanced this against your rights and don't think it overrides them; you can object at any time.
Legal obligation
Where we must keep records for tax, accounting or regulatory purposes.
Consent
For non-essential cookies, where we ask separately. You can withdraw consent any time via our cookie policy.

06Who we share it with

We share personal data only with carefully chosen processors who help us run the studio. Each is bound by a written processing agreement.

AWS (Amazon Web Services EMEA)
Hosting and storage. Data stored in eu-west-1 (Ireland) and eu-west-2 (London).
Fathom Analytics
Privacy-friendly, cookie-less site analytics. Data processed in Canada under their UK/EU Data Processing Agreement.
Google Workspace
Email and document collaboration.
Xero
Invoicing and accounting records.
Professional advisers
Accountants, lawyers and insurers when strictly necessary.

We may also share data where we are legally required to (court order, regulator request) or to protect our rights.

07International transfers

Some of our processors are based outside the UK and EEA (notably Fathom in Canada, and parts of Google Workspace in the US). Where personal data leaves the UK/EEA, we rely on:

  • UK adequacy regulations or EU adequacy decisions where they exist (Canada has a partial adequacy decision; the US is covered by the UK Extension to the EU-US Data Privacy Framework for participating organisations).
  • The UK International Data Transfer Addendum or the EU Standard Contractual Clauses, with supplementary measures where required.

08How long we keep it

  • Enquiries that don't lead anywhere: 24 months, then deleted.
  • Active client records: for the duration of the engagement plus 6 years, to meet professional and tax requirements.
  • Accounting records: 6 years from the end of the relevant financial year (HMRC).
  • Server logs: 30 days.
  • Analytics: aggregated indefinitely; cannot be tied back to an individual.

09How we protect it

We use technical and organisational measures appropriate to the data we hold, including encryption in transit (TLS 1.3) and at rest, role-based access controls, multi-factor authentication on every business account, and regular access reviews. We work small on purpose; very few people inside the studio touch personal data, and only when necessary.

If we ever suffer a personal data breach that's likely to risk your rights and freedoms, we'll notify the ICO within 72 hours and tell affected people without undue delay.

10Your rights

In short

You can ask us what we have on you, fix it, delete it, take it elsewhere, or tell us to stop. Email [email protected] and we'll act within 30 days.

Under the UK and EU GDPR you have the following rights:

  • Access — a copy of the personal data we hold about you.
  • Rectification — correction of inaccurate data.
  • Erasure — deletion, where there's no overriding reason for us to keep it.
  • Restriction — pause our processing while we resolve a question.
  • Portability — receive your data in a machine-readable format.
  • Object — to processing based on legitimate interests.
  • Withdraw consent — for anything we do with your consent (e.g. analytics cookies).

To exercise any of these, email [email protected]. We aim to respond within 30 days. You can also complain to the ICO at ico.org.uk, but we'd rather you talked to us first.

11Cookies

We use a small number of essential cookies to remember your preferences (theme, cookie choices) and an optional, anonymised analytics tool (Fathom) that does not use cookies at all. We do not use advertising trackers, third-party social pixels, or fingerprinting techniques.

Full details — including each cookie, its purpose and lifetime — are in our Cookie Policy.

12Children's data

Our services are aimed at organisations, not individuals, and certainly not at children. We don't knowingly collect personal data from anyone under 16. If you think a child has shared personal data with us by mistake, email [email protected] and we'll delete it.

13Changes to this notice

We update this notice when our practices change, or when the law requires it. The "last updated" date at the top reflects the most recent change. For material changes, we'll flag it on the site or email anyone with a current contractual relationship with us.

14Contact us

For anything privacy-related, write to:

BigJump® Ltd
The Grange, Grange Road
Great Malvern, WR14 3HA
[email protected]

End of document · v3.1 Terms →Cookie Policy →