Privacy Policy

Last updated: 9 October 2025

Revenue Works (“we,” “us,” or “our”) is committed to protecting your privacy and personal information. This Privacy Policy explains how we collect, use, store, share, and protect your personal data when you visit our website (revenueworks.uk), use our services, or interact with us.

This policy applies to all users worldwide and complies with applicable data protection laws, including the UK General Data Protection Regulation (UK GDPR), EU GDPR, California Consumer Privacy Act (CCPA), and other international privacy regulations.
Please read this policy carefully. By using our website or services, you acknowledge that you have read and understood how we handle your personal information.

Revenue Works

Address: Cheyne Way, Farnborough GU14 8RZ, United Kingdom

Contact Us

For the purposes of applicable data protection laws, Revenue Works is the data controller responsible for your personal information.

We collect information that you provide directly to us, information we collect automatically, and information from third-party sources.

• Contact Information: Name, email address, phone number, company name, job title, business address
• Account Information: Username, password, and account preferences (if you create an account)
• Enquiry Information: Details about your business, marketing needs, goals, budget, and any other information you provide in forms or communications
• Payment Information: Billing address, payment method details (processed securely by third-party payment processors)
• Communications: Content of emails, messages, phone calls, video calls, and other communications with us
• Service Delivery Information: Documents, data, credentials, and materials you provide for us to deliver our services
• Feedback and Reviews: Testimonials, survey responses, and feedback you provide

When you visit our website, we automatically collect:

• Device Information: IP address, browser type and version, operating system, device identifiers
• Usage Information: Pages visited, time spent on pages, links clicked, referring website, date and time of visits
• Location Information: General geographic location based on IP address
• Cookies and Tracking Technologies: See our Cookie Policy for detailed information

We may receive information about you from:

• Business Partners: Referral partners, affiliate partners, or professional networks
• Public Sources: Publicly available business information, professional profiles (e.g., LinkedIn), company websites
• Service Providers: Analytics providers, marketing platforms, data enrichment services
• Social Media: If you interact with us on social media platforms

We use your personal information for the following purposes:

• Provide, maintain, and deliver our marketing services
• Communicate with you about projects, deliverables, and service updates
• Process payments and manage billing
• Create and manage your account
• Provide customer support and respond to enquiries

• Analyse and improve our services, website, and user experience
• Conduct research and development
• Manage our business operations and internal record-keeping
• Comply with legal obligations and enforce our terms and conditions

• Send you marketing communications about our services (with your consent where required)
• Provide you with relevant content, offers, and updates
• Conduct market research and customer satisfaction surveys
• Manage referral and loyalty programmes

• Prevent fraud, security breaches, and other illegal activities
• Protect our rights, property, and safety, and that of our users and the public
• Comply with legal obligations, court orders, and regulatory requirements
• Resolve disputes and enforce agreements

We use artificial intelligence tools and automated systems to:

• Analyse data and generate insights for client projects
• Create content, strategies, and marketing materials
• Improve efficiency and service delivery
• Automate routine tasks and communications

Important: While we use AI tools to assist with service delivery, all strategic decisions and client-facing work is reviewed and approved by our senior team. We do not use automated decision-making that produces legal or similarly significant effects without human oversight.

Under UK and EU GDPR, we process your personal data based on the following legal grounds:

• Contract: Processing is necessary to perform our contract with you or take steps before entering into a contract
• Consent: You have given clear consent for us to process your data for specific purposes (e.g., marketing communications)
• Legitimate Interests: Processing is necessary for our legitimate business interests, provided these do not override your rights and freedoms
• Legal Obligation: Processing is necessary to comply with legal or regulatory requirements

You have the right to withdraw consent at any time where we rely on consent as the legal basis.

We do not sell, rent, or trade your personal information to third parties for their marketing purposes. We may share your information in the following circumstances:

We share information with third-party service providers who perform services on our behalf, including:

• Technology Providers: Website hosting, cloud storage, database management, CRM systems
• Communication Tools: Email platforms, scheduling software, video conferencing, project management tools
• Payment Processors: Payment gateways, invoicing systems, accounting software
• Marketing Services: Email marketing platforms, analytics providers, advertising networks
• AI Tools: Artificial intelligence platforms used for content creation, data analysis, and service delivery
• Professional Services: Legal, accounting, and consulting firms

All service providers are contractually obligated to protect your information and use it only for the purposes we specify.

If we are involved in a merger, acquisition, sale of assets, or bankruptcy, your information may be transferred as part of that transaction. We will notify you of any such change and how it affects your personal data.

We may disclose your information if required to do so by law or in response to:

• Legal processes (court orders, subpoenas, warrants)
• Requests from government authorities or law enforcement
• Protection of our rights, property, or safety
• Prevention or investigation of fraud or security issues

We may share your information with third parties when you have given us explicit consent to do so.

Revenue Works is based in the United Kingdom. If you are located outside the UK, your information will be transferred to, stored, and processed in the UK and potentially other countries where our service providers operate.

We ensure appropriate safeguards are in place for international transfers, including:

• Standard Contractual Clauses: Approved by the European Commission or UK Government
• Adequacy Decisions: Transfers to countries deemed to have adequate data protection
• Other Legal Mechanisms: As permitted by applicable data protection laws

By using our services, you acknowledge and consent to the transfer of your information to the UK and other jurisdictions as described in this policy.

We retain your personal information for as long as necessary to fulfil the purposes outlined in this policy, unless a longer retention period is required or permitted by law.

• Client Data: Retained for the duration of our business relationship plus 6-7 years after termination (to comply with UK tax and accounting requirements)
• Financial Records: 6-7 years from the end of the financial year (UK legal requirement)
• Marketing Data: Until you unsubscribe or request deletion, or after 2 years of inactivity
• Website Analytics: Typically 14-26 months, depending on the tool
• Communications: Retained as long as necessary for business purposes or legal requirements

After the retention period expires, we will securely delete or anonymise your information.

We implement appropriate technical and organisational measures to protect your personal information against unauthorised access, alteration, disclosure, loss, or destruction.

• Encryption of data in transit and at rest
• Secure access controls and authentication
• Regular security assessments and updates
• Employee training on data protection
• Secure backup and disaster recovery procedures
• Contracts with service providers requiring data protection

However, no method of transmission over the internet or electronic storage is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.

If we become aware of a data breach that poses a risk to your rights and freedoms, we will notify you and relevant authorities as required by law.

Your rights vary depending on your location. Below are the rights available under different jurisdictions:

You have the right to:

• Access: Request a copy of the personal data we hold about you
• Rectification: Request correction of inaccurate or incomplete data
• Erasure: Request deletion of your data (“right to be forgotten”)
• Restriction: Request that we limit how we use your data
• Objection: Object to processing based on legitimate interests or for direct marketing
• Data Portability: Receive your data in a structured, machine-readable format
• Withdraw Consent: Withdraw consent at any time (where consent is the legal basis)
• Automated Decision-Making: Object to decisions made solely by automated means that significantly affect you
• Complain: Lodge a complaint with the Information Commissioner’s Office (ICO) or your local supervisory authority

California residents have the right to:

• Know: What personal information we collect, use, disclose, and sell
• Access: Request a copy of your personal information
• Delete: Request deletion of your personal information
• Correct: Request correction of inaccurate personal information
• Opt-Out: Opt-out of the “sale” or “sharing” of personal information
• Limit Use: Limit the use and disclosure of sensitive personal information
• Non-Discrimination: Not receive discriminatory treatment for exercising your rights

Do Not Sell My Personal Information: We do not sell personal information in exchange for monetary compensation. However, certain data sharing practices (e.g., with analytics or advertising partners) may be considered a “sale” or “sharing” under CCPA. You can opt out via our cookie consent banner or by contacting us.

We do not knowingly sell personal information of consumers under 16 years of age.

If you reside in Virginia, Colorado, Connecticut, Utah, or other US states with comprehensive privacy laws, you may have rights similar to those under CCPA, including:

• Access and obtain a copy of your personal data
• Correct inaccuracies in your personal data
• Delete your personal data
• Opt-out of targeted advertising
• Opt-out of the sale of personal data
• Opt-out of profiling in furtherance of decisions that produce legal or similarly significant effects

Canadian residents have the right to:

• Access personal information we hold about you
• Challenge the accuracy and completeness of your information
• Withdraw consent for data processing
• Request information about how your data has been used and disclosed
• File a complaint with the Privacy Commissioner of Canada

Australian residents have the right to:

• Access and request correction of personal information
• Request information about how we collect, use, and disclose your data
• Make a complaint to the Office of the Australian Information Commissioner (OAIC)
• Request that we stop sending marketing communications

Brazilian residents have the right to:

• Confirm whether we process your data
• Access your personal data
• Correct incomplete, inaccurate, or outdated data
• Request anonymisation, blocking, or deletion of unnecessary or excessive data
• Request data portability to another service provider
• Delete personal data processed with your consent
• Obtain information about public and private entities with which we share data
• Withdraw consent
• Lodge a complaint with the ANPD (National Data Protection Authority)

If you are located in a jurisdiction not listed above, you may still have rights under local privacy laws. Please contact us to learn more about your specific rights.

To exercise any of the rights described above, please contact us using our contact form.

When submitting a request, please provide:

• Your full name and contact information
• A clear description of your request
• Your location/jurisdiction (to help us apply the correct legal framework)
• Sufficient information to verify your identity
• Any relevant account or reference information

To protect your privacy, we will verify your identity before processing requests to access, delete, or correct your personal information. We may request additional information to confirm your identity.

We will respond to your request within:

• 30 days (UK/EU GDPR)
• 45 days (CCPA/CPRA, extendable to 90 days for complex requests)
• 30 days (Canada PIPEDA)
• 30 days (Australia Privacy Act)
• 15 days (Brazil LGPD)
• Other timeframes as required by applicable laws

If we need more time, we will notify you and explain the reason for the delay.

If we deny your request, you have the right to appeal our decision. We will provide information on how to appeal in our response.

Marketing Communications

We may send you marketing communications about our services, offers, and updates if:

• You have provided consent (where required by law)
• We have a legitimate interest (where permitted by law)
• You are an existing client and the communications relate to similar services

You can opt out of marketing communications at any time by:

• Clicking the “unsubscribe” link in any marketing email
• Updating your communication preferences in your account settings
• Contacting us using our contact form

Please note that even if you opt out of marketing communications, we may still send you transactional or service-related messages (e.g., invoices, service updates, important notices).

Our services are not directed at children under the age of 16 (or the applicable age of digital consent in your jurisdiction). We do not knowingly collect personal information from children.

If you believe we have inadvertently collected information from a child, please contact us immediately, and we will take steps to delete that information as quickly as possible.

Our website may contain links to third-party websites, services, or applications that are not operated by us. This Privacy Policy does not apply to those third-party services.

We are not responsible for the privacy practices of third parties. We encourage you to review the privacy policies of any third-party services you interact with.

We may update this Privacy Policy from time to time to reflect changes in our practices, services, legal requirements, or for other operational reasons.

When we make material changes, we will:

• Update the “Last updated” date at the top of this policy
• Notify you via email or prominent notice on our website (where required by law)
• Obtain your consent for material changes (where required by law)

We encourage you to review this policy periodically. Your continued use of our services after changes are posted constitutes your acceptance of the updated policy.

If you believe we have not handled your personal information properly, you have the right to lodge a complaint with the relevant data protection authority in your jurisdiction:

• UK: Information Commissioner’s Office (ICO) – ico.org.uk
• EU: Your national data protection authority – edpb.europa.eu
• California: California Privacy Protection Agency – cppa.ca.gov
• Canada: Office of the Privacy Commissioner – priv.gc.ca
• Australia: Office of the Australian Information Commissioner – oaic.gov.au
• Brazil: Autoridade Nacional de Proteção de Dados (ANPD) – gov.br/anpd

We would appreciate the opportunity to address your concerns before you contact a supervisory authority, so please contact us first if possible.

If you have any questions about this Privacy Policy, wish to exercise your rights, or want to make a complaint, please contact us:

Address: Cheyne Way, Farnborough GU14 8RZ, United Kingdom

We will respond to your enquiry as quickly as possible and within the timeframes required by applicable laws.

This Privacy Policy is provided in English. If we provide translations into other languages, the English version will prevail in case of any inconsistencies.