Privacy Policy

Published: 23rd May 2018 at 6:58 pm

In order to comply with GDPR all companies must now obtain freely given, specific, informed, and unambiguous consent from their non-business contacts. We (elmtree creative) must clearly explain how we plan to use any personal data. This notice explains what personal data we collect, how we use that data, any reasons we may need to disclose that personal data to others, and how we securely store that personal data.

What personal data do we collect?

We currently receive and retain information from you when you contact us via email or telephone, with a request to engage in a working/business scenario or a request to hold your details for future opportunities. 

This data usually consists of company names, individual names and business titles, email addresses, telephone numbers, social media locations, and any banking details we require to make or receive payments.

We do not currently purchase any marketing contact lists from external sources outside the realm of what is freely available to view/source openly to the public.

How we use your personal data

We currently use your personal data to:

– provide you with our day to day services.

– comply with our contractual obligations we have with you (i.e the provision of art and media files and other materials you have requested from us):

– espond to questions and queries posed by you the company or individual;

– make outgoing payments for goods and services which you as a business or individual may provide us with;

– provide you with news about or updates to our business and services which we feel may be of interest to you where you have consented to be contacted as such.

– offer freelance contracts and employment 

Reasons we may be required to disclose your personal data to others

We do not currently share your personal data with anyone outside of elmtree creative without your consent to do so, other than where we need to provide invoice documentation for accounting purposes under our own legal obligations. AKE Accountancy currently provide this service for us. 

To request information about AKE’s services to us or obtain their data privacy policy please email

How we store your personal data

We store your data in the following ways. This data is held for as long as we deem appropriate to our current or future service to you, or until you directly and specifically request for us not to hold such information – either via email, or via using any unsubscribe link/tool we provide to you).

We use strict procedures to try to comply with your own requested level of privacy, and to prevent any unauthorised access to this information.

Day to day services

We hold email addresses and any other information as disclosed by you to us via email signature setups within our businesses email accounts. We use LCN as our email provider in conjunction with Apple mail. We also use a job database on the Filemaker platform hosted by Molesoft which may hold direct contact details of stakeholders as part of the briefing information.  We may also retain client telephone numbers (direct lines and mobile numbers) on mobile devices (backed up via iCloud) used by our day to day account contacts.

Please visit to request information about LCN’s data privacy policy.

Please visit to request information about Apple’s data privacy policy.

Please visit request information about Molesoft’s data privacy policy.

Historical and live work

We are required to hold our historical artwork for existing and lapsed clients on our server and back up systems which in part uses Dropbox for Business. Some of these jobs may contain contact details as appropriate/advised/consented via the brief at the time of that service being provided. Some of this information may be lapsed and outdated/irrelevant, this forms part of our historical archive of work and is only available to elmtree partners.

Please visit to request information about Dropbox’s data privacy policy.


Occasionally we send HTML emails to update clients with news and changes to our products and services. We currently use Mailchimp to provide this service and hold a list of subscribers who have chosen not to unsubscribe from these emails. 

Please visit to request information about Mailchimp’s data privacy policy.

elmtree Clientzone and other visits to our website

We do hold individual, company names and email addresses for every clientzone account which is accessible to each user via secure individual login and password. Accessed via our website. This is used only to securely exchange files between us and our clients. This is a service we provide to add an extra level of security to business documents. We use cookies to help enable basic functions such as access to this area of the website. The website and access to this area cannot function without these cookies.

We currently do not actively track visits to our website (and therefore use any accompanying data) through the use of any analytics provider. Any change to this protocol will be updated on this document as part of that change and notified directly, where appropriate, to any clients or customers whose business contact email we hold.

Banking processes

In order to pay for goods and services and obtain payment we are required to hold banking details to make and receive those payments. We use Barclays PLC for these transactions. 

We use the Clearbooks system for our invoicing our clients and customers, this holds relevant contact details for that contact in the form of email addresses.

Please visit to request information about Barclays’ data privacy policy.

Please visit to request information about Clearbooks’ data privacy policy.

Important things to remember

We do not currently share your personal or business data with anyone outside of elmtree creative without your consent (or our strong belief that you have consented) to do so. Please DO contact us directly if you have questions about the data we may hold for you or your business, how that data is used, or if you think a change needs to be made to the information we hold about you. We will respond to such requests within 30 days of the request.

Your rights

You have the right to object to our use of your personal or business details, or to ask us to delete, remove, or to stop using it if you feel there is no need for us to keep it. 

This is known as your right to be forgotten. 

We will respond to any such requests within 30 days.

Please remember that if you are current client or we receive a brief from you and you have requested we remove your contact details this may delay or otherwise compromise our ability to deliver that service.

Please contact us first

You can contact us directly with any questions or queries you may have about the data we might hold for you as an individual or a business, how that data is used, or if you feel a change needs to be made to the information and/or use of that information.

In the first instance please contact who is our acting Data Protection Officer. We will respond within 30 days.

If you have a complaint that has not been answered or, in the unlikely event that we cannot reach a sensible resolution, you have the right to make a complaint. In such an instance please visit the Information Commissioner’s Office at https://ico/ to direct your enquiry who will contact us as appropriate.

Please note that the above policy and guidelines is/are subject to change. We will endeavour to communicate to all of our contacts, where it is permitted, when any change to this policy occurs or is requested by the appropriate authorities. 

Privacy notice review and effective date: 23 May 2018