eMarkss
Legal

Privacy Notice

Last updated: {{LAST_UPDATED}} · Version 1.0 (DRAFT)

DRAFT — review with a qualified solicitor / attorney before use; not legal advice. This template is a starting point. Replace every {{TOKEN}} with your real details and have it reviewed for your jurisdictions before publishing or sending any outreach.

This notice explains who we are, what personal information we handle, why, the legal basis we rely on, how long we keep it, and the rights you have. It covers recipients in the United States (where the CAN-SPAM Act applies to our email) and in the United Kingdom and EU/EEA (where UK GDPR / EU GDPR and PECR apply).

1. Who we are

This service is operated by {{COMPANY_LEGAL_NAME}} ("eMarkss", "we", "us", "our"), a company registered in England & Wales under company number {{COMPANY_NUMBER}}, with its registered office at {{REGISTERED_ADDRESS}}. We are the data controller for the personal information described in this notice.

For UK data-protection purposes we are registered with the Information Commissioner's Office (ICO) under registration number {{ICO_REG_NUMBER}}.

Controller{{COMPANY_LEGAL_NAME}} (company no. {{COMPANY_NUMBER}})
Postal address{{REGISTERED_ADDRESS}}
Privacy contacthello@emarkss.com
ICO registration{{ICO_REG_NUMBER}}

We have not appointed a statutory Data Protection Officer. Direct all privacy questions to the contact above.

2. Who this notice covers

This notice applies to:

  • Prospective customers we contact about our website-rebuild service — typically a business's published role mailbox (e.g. info@, reception@) or, less often, a named business contact.
  • Customers who purchase the service (see §14).
  • Visitors to go.emarkss.com and the preview/demo sites (see §14).

3. What personal information we collect

For outreach to prospective customers we deliberately keep this to a minimum:

CategoryExamples
Business contact detailsBusiness name, business email address (preferring generic role addresses), business website domain, town/area, country.
Publicly available business infoServices listed, how long the existing website appears to have been un-updated, and the public page or listing where we found your details.
Outreach & response dataWhether an email was sent, delivered, bounced, opened a link, replied, or unsubscribed; any objection/opt-out you send us.
Provenance logThe source URL we collected your address from and the date we collected it (kept as our Article 14 evidence and audit trail).

We do not deliberately collect special-category data, and we do not buy or use third-party "marketing lists".

4. Where we got your details (GDPR Article 14)

Because we did not collect your details directly from you, GDPR Article 14 requires us to tell you the source. We obtained your business contact details from publicly available sources — specifically your own business website and/or a public business listing or directory (for example a public regulator/registry listing relevant to your sector).

The specific source and the date we collected your details are recorded in our provenance log, and the first email we send you states it in one line, for example: "You're receiving this because your business is publicly listed — we found your details via your website / a public listing on {{COLLECTED_DATE}}." You can ask us for the exact source and date we hold for you at any time.

5. Why we use your information & our legal basis

We use the information above to identify businesses whose public website looks outdated, to build a free preview rebuild, and to send a small number of relevant emails letting you know the preview exists and how to buy it if you want it.

Legal basis — UK/EU recipients

For recipients in the UK and EU/EEA we rely on our legitimate interests (UK GDPR / EU GDPR Article 6(1)(f)) — namely the legitimate interest of promoting our services to relevant businesses (B2B direct marketing). We have carried out a documented Legitimate Interests Assessment (LIA) weighing our interest against your interests, rights and freedoms, and we limit volume, frequency and targeting accordingly.

Under the Data (Use and Access) Act 2025, direct marketing is treated as an example of a legitimate interest but is not an automatic one — the balancing test and LIA remain mandatory, and we keep ours under review. You always have the absolute right to object (see §8).

Legal basis — US recipients

For recipients in the United States, our commercial email is governed by the CAN-SPAM Act, which permits commercial email without prior consent provided the message meets the requirements summarised in §6. We process the underlying contact data on the basis of our legitimate business interest in marketing our services.

6. United States recipients — CAN-SPAM

Where we email a US business, every message is designed to comply with the CAN-SPAM Act. That means each commercial email:

  • uses accurate, non-deceptive header information (the "From", "Reply-To" and routing identify us truthfully);
  • uses a subject line that is not misleading about the contents;
  • identifies the message as a commercial/marketing message;
  • includes our valid physical postal address — {{REGISTERED_ADDRESS}};
  • provides a clear, working way to opt out (a one-click unsubscribe link and/or a reply such as "STOP"); and
  • honours opt-out requests promptly — we stop emailing you and will not sell or transfer your address to others for their own marketing.

If you are in the US and don't want further email, use the unsubscribe link in any message or email hello@emarkss.com with "unsubscribe". We action opt-outs promptly (and in any event within the period CAN-SPAM allows).

7. UK / EU recipients — GDPR & PECR

Where we email a UK or EU business, we additionally comply with the Privacy and Electronic Communications Regulations (PECR) and UK/EU GDPR:

  • we send business-to-business marketing email only to corporate subscribers (e.g. limited companies and LLPs), and suppress sole traders, individuals and any business whose corporate status we cannot confirm;
  • every email identifies us (our legal name and contact details) and never disguises or conceals the sender;
  • every email contains a working one-click unsubscribe and a visible unsubscribe link;
  • the first email of any sequence carries a short Article 14/21 notice telling you the source of your details, that we rely on legitimate interests, and your right to object; and
  • we keep spam complaints and bounces low and cap how many times we contact you.

Our supervisory authority is the UK Information Commissioner's Office (ICO). You also have the right to lodge a complaint with the ICO or your local EU supervisory authority — see §9 and §15.

8. Your right to object and opt out (GDPR Article 21)

You have an absolute right to object to our use of your data for direct marketing. This is broader than an email unsubscribe: if you object, we will stop all direct marketing to you and suppress your details so we don't contact you again.

How to object or opt out — any of these works, and all are free:

  • click unsubscribe in any email we send you;
  • reply to any email with "STOP" or "remove me";
  • email hello@emarkss.com asking us to stop and/or to erase your details.

We action objections without undue delay — opt-outs are honoured promptly (typically within 48 hours and in any event within one month). To honour your objection we keep the minimum record needed to ensure we don't contact you again (a suppression entry); see §9.

9. How long we keep your information

DataRetention
Prospect contact details & provenance log (where you don't become a customer and don't object) Kept only while there is a live, relevant prospecting interest — reviewed periodically and deleted within {{PROSPECT_RETENTION}} (default: 12 months) of the last contact or last engagement, whichever is later.
Objection / unsubscribe ("do-not-contact") record Kept for as long as necessary to honour your opt-out — i.e. so we never email you again. This is a minimal suppression entry (e.g. your email address plus the fact you opted out).
Customer / billing records Kept for the life of the contract and then as required for tax, accounting and legal purposes (typically up to 6–7 years).
Website / demo analytics & server logs Kept for a short period for security and performance, then deleted or aggregated.

10. Who we share your information with

We do not sell your personal information. We share it only with service providers ("processors") who help us run the service under contract, including:

  • Email sending / sequencing providers that deliver our outreach via our own mailboxes;
  • Hosting / infrastructure (content delivery, TLS, demo and live site hosting);
  • Payments — handled by Stripe when you buy (we never store full card numbers);
  • AI assistant — when you use the on-site chat, your messages are processed by our AI provider to generate a reply (see §14);
  • professional advisers, and authorities where we're legally required to disclose.

11. International data transfers

We are UK-based and some of our providers are located in, or transfer data to, the United States or other countries. Where personal data of UK/EU individuals is transferred outside the UK/EEA, we rely on an appropriate safeguard (such as the UK International Data Transfer Addendum, the EU Standard Contractual Clauses, and/or an applicable adequacy/Data Privacy Framework mechanism). You can request details of the safeguard used.

12. Your other rights

Subject to applicable law, you have the right to: access the personal data we hold about you; have it corrected if inaccurate; have it erased; restrict or object to our processing; and portability of certain data. UK/EU recipients may complain to the ICO (ico.org.uk) or their local supervisory authority. To exercise any right, email hello@emarkss.com. We don't charge for this and aim to respond within one month.

Certain US state privacy laws (e.g. California's CCPA/CPRA) may give some individuals additional rights. As we target businesses and process minimal data, these often don't apply, but if you believe you have such a right, contact us and we'll help.

13. How we protect your information

We use appropriate technical and organisational measures — including encryption in transit (HTTPS/TLS), access controls, reputable processors, and data minimisation — to protect your information against unauthorised access, loss or misuse.

14. Customers, website visitors & the chat assistant

Customers. When you buy, we process the details you provide (business name, billing details, domain, logo, content and change requests) to deliver, host and support your site, and to bill you. Payment is processed by Stripe under its own terms.

Visitors. We keep website analytics minimal and do not run intrusive advertising trackers on this hub. Essential cookies/local storage may be used to remember simple preferences (such as your selected currency). Open-tracking pixels are switched off in our outreach email.

Chat assistant. If you use the on-site assistant, the messages you type are sent to our AI provider to generate a response. Please don't enter sensitive personal data into the chat. Conversations may be retained for a limited time to improve and secure the service.

15. Changes to this notice & how to contact us

We may update this notice; the "last updated" date above shows the current version, and the latest version always lives at go.emarkss.com/privacy.

Questions, requests or objections: hello@emarkss.com or by post to {{COMPANY_LEGAL_NAME}}, {{REGISTERED_ADDRESS}}.

DRAFT — not legal advice. Have this notice and your Legitimate Interests Assessment reviewed by a qualified solicitor/attorney for the UK and the US before relying on them. Replace all {{TOKEN}} placeholders with your verified details and keep the ICO registration current.

Home · Terms of Service · FAQ