DATA PRIVACY NOTICE (UPDATED)

Effective: 5 February 2026
Compliant with UK GDPR, Data Protection Act 2018, and Data (Use and Access) Act 2025

Introduction

The Brand / IconicU is committed to protecting the privacy of our clients, prospective clients, suppliers, and staff. This Data Privacy Notice explains what personal data we collect, why we collect it, how we use it, and your rights in relation to it.

This Notice is issued under UK GDPR and the Data Protection Act 2018, as amended by the Data (Use and Access) Act 2025. It replaces any previous version of our Privacy Notice.

Who Controls Your Personal Data?

IconicU is the Data Controller responsible for your personal data.

• Data Controller: The Brand / IconicU

• Data Protection Representative: Legal Director

• Contact Email: hello@IconicU.com

• You can contact us at any time regarding this Notice or your data.

  
  

What Is Personal Data?

Personal data is any information that can identify you as a living individual, either directly or indirectly.

We do not intentionally collect or process special category data (such as health, biometric, or ethnicity data) as part of our normal business activities.

What Personal Data We Collect

We may collect and process:

• Full name

• Business and/or home address

• Telephone numbers

• Email address

• Communication and correspondence records

• Website usage data (e.g. IP address, browser type, interactions)

  
  

How We Collect Your Data

We collect personal data when:

• You contact us directly

• You engage our services

• You complete forms on our website

• You subscribe to receive insights, guides, or communications

• We obtain publicly available business contact details relevant to our services

Our Lawful Bases for Processing

We rely on the following lawful bases:

Contract (Article 6(1)(b))
To provide services and manage our relationship with you

Legal Obligation (Article 6(1)(c))
To comply with legal and regulatory requirements

Legitimate Interests (Article 6(1)(f))
To operate and improve our business, maintain records, ensure security, and communicate with clients and relevant business contacts

Consent (Article 6(1)(a))
Where you have actively opted in to receive marketing or specific communications

Where applicable, we may rely on recognised legitimate interests under UK law.

How We Use Your Personal Data

We use your data to:

• Provide and deliver our services

• Communicate with you

• Respond to enquiries

• Manage contracts and client relationships

• Improve our website, content, and services

• Maintain internal records and system backups

• Comply with legal obligations

• Handle complaints and enquiries

Marketing Communications

We may send you marketing communications where:

• You have given consent, or

• You are an existing client and the communication relates to similar services

You can opt out of marketing at any time by:

• Clicking the unsubscribe link in emails, or

• Contacting us directly

We do not sell or rent your personal data to third parties for marketing purposes.

Automated Decision-Making and Profiling

We may use tools and systems (including analytics and marketing platforms) to:

• Analyse website usage

• Understand engagement

• Improve the relevance of our communications

This may involve basic profiling or segmentation.

We do not carry out solely automated decisions that have legal or similarly significant effects.

You have the right to object to this processing and to request human review where applicable.

Cookies and Tracking Technologies

Our website uses cookies and similar technologies to:

• Ensure the website functions correctly

• Analyse usage and performance

• Improve user experience

Some cookies may be used without consent where permitted by applicable law (for example, strictly necessary cookies or limited analytics).

For non-essential cookies, we will request your consent before use.

You can manage or withdraw your cookie preferences at any time via your browser settings or cookie controls on our website.

Data Sharing

We may share your data with trusted third parties, including:

• Website hosting providers

• Email and communication platforms

• IT and system providers

• Professional advisers

• Regulatory authorities where required

We ensure appropriate safeguards are in place to protect your data.

International Transfers

Where personal data is transferred outside the UK, we ensure appropriate safeguards are in place so that your data is protected to a standard not materially lower than UK requirements.

This may include:

• Countries with adequacy regulations

• UK International Data Transfer Agreements (IDTAs)

Data Security and Confidentiality

We implement appropriate technical and organisational measures to protect your personal data.

In the event of a data breach that poses a risk to your rights, we will notify the relevant authorities and affected individuals where required.

How Long We Retain Your Data

We retain personal data only as long as necessary.

Typically, data is retained for up to 6 years to:

• Meet legal obligations

• Resolve disputes

• Maintain business records

Where no longer required, data will be securely deleted or anonymised.

Your Rights

You have the right to:

• Access your data

• Correct inaccurate data

• Request deletion

• Restrict processing

• Object to processing (including marketing)

• Data portability

• Withdraw consent

We will respond within one month, subject to reasonable and proportionate requirements.

How to Make a Complaint

If you have concerns about how we handle your data, please contact us first:

Email: hello@IconicU.com

We will investigate and respond as soon as reasonably practicable.

You also have the right to contact the Information Commissioner’s Office https://ico.org.uk.

We may update this Notice from time to time. The effective date will be updated accordingly.

Contact

If you have any questions about this Notice or your data:

Email: hello@IconicU.com
Data Protection Representative: Legal Director, The Brand / IconicU