Privacy Policy

At Rebel Marketing, we don’t mess about with your data. We take privacy seriously, respect your digital boundaries, and promise never to sell you out to dodgy third parties.

This Privacy Policy explains what we collect, how we use it, and your rights under UK data protection laws (including the UK GDPR and Data Protection Act 2018).

1. Who We Are

Rebel Marketing
Founder: Sarra Richmond
Email: [email protected]
We are a UK-based strategic brand consultancy working with creative founders and personal brands.

For data protection purposes, we are the “data controller” of your personal information.

2. What We Collect

We may collect and process the following types of personal data:

• Contact details: Name, email address, phone number, social media handles

• Business info: Company name, job title, project briefs, brand tone guidelines

• Marketing data: Preferences, engagement with our emails, clicks, downloads

• Transactional data: Purchase records, invoices, services provided

• Automated data: IP address, browser type, referral links, device identifiers (via cookies—see below)

We collect data when:

• You contact us

• You subscribe to our email list or download something

• You join a course, community or coaching programme

• You interact with our website, Substack, Threads, or LinkedIn content

3. Why We Collect It

We only collect what we need, for things like:

• Delivering services you’ve requested

• Sending cheeky marketing emails (with your permission)

• Analysing what’s working and what’s beige

• Complying with legal obligations

The lawful basis depends on context but will usually be one of: consent, contractual necessity, or legitimate interest (e.g. running our business and staying relevant).

4. Who We Share It With

We don’t sell your data. Ever. We may share limited information with:

• Trusted freelancers (bound by confidentiality)

• Our tech stack (e.g. email platforms, payment processors, scheduling tools)

• Legal or regulatory authorities if required

All third-party processors are GDPR-compliant and only use data under our instructions.

5. International Data Transfers

Some of our tools are based outside the UK (e.g. Substack, ConvertKit, Notion). Where this is the case, we ensure appropriate safeguards like Standard Contractual Clauses (SCCs) are in place to keep your data safe.

6. Your Rights

Under UK GDPR, you have rights including:

• Access – See what we hold about you

• Rectification – Correct errors in your data

• Erasure – Ask us to delete your data (aka "the right to be forgotten")

• Objection – Object to processing (especially for direct marketing)

• Restriction – Ask us to pause processing

• Portability – Transfer your data to another provider

You can exercise these rights by emailing: [email protected]

If you’re unhappy with how we handle your data, you can complain to the ICO: ico.org.uk

7. Cookies (Not the Nice Kind)

Our website uses cookies to track how visitors use the site. This helps us figure out what content’s working. You can refuse cookies via your browser settings.

8. Data Retention

We only keep your personal data for as long as necessary:

• For email subscribers: until you unsubscribe

• For clients: up to 6 years (for tax/legal purposes)

• For leads who ghost us: 12 months max

9. Updates to This Policy

We’ll update this page if anything changes. If it’s a big change, we’ll let you know.

Questions?

Email us at [email protected] if you’re still unsure. We’ll answer like a human, not a lawyer.