Scream Digital
Quote
Cosmic background
HomePrivacy & Cookie Policy
YOUR PRIVACY MATTERS

Privacy & Cookie Policy

Last updated: 3 June 2026

1. Introduction

Scream Max Studios Ltd ("we", "us", or "our"), trading as Scream Digital, is committed to protecting and respecting your privacy. This Privacy & Cookie Policy ("Policy") explains how we collect, use, store, share, and protect your personal data when you visit our website (screamdigital.co.uk), use our client portal, engage our services, or communicate with us.

This Policy is provided in accordance with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and the Privacy and Electronic Communications Regulations 2003 (PECR). Please read this Policy carefully to understand our practices regarding your personal data.

2. Data Controller

Scream Max Studios Ltd is the data controller responsible for your personal data. This means we determine the purposes and means of processing your personal data.

Company Name: Scream Max Studios Ltd (trading as Scream Digital)
Registered Address: North Lodge Court, South Horrington Village, Wells, Somerset, BA5 3DZ, United Kingdom
Telephone: 0330 043 6454
ICO Registration: Registered with the Information Commissioner's Office (ICO)

3. Information We Collect

We collect personal data through various means depending on how you interact with us. The types of data we collect include:

Information You Provide Directly

  • Full name, email address, telephone number, and postal address
  • Company name, job title, and business information
  • Information provided through contact forms, quote requests, or project enquiries on our website
  • Client portal registration details (email, password, company information)
  • Content you provide for website projects (text, images, brand assets)
  • Correspondence and communications with us via email, phone, live chat, or social media
  • Payment and billing information (card details are processed securely through PCI-compliant third-party providers and are never stored on our servers)
  • Feedback, reviews, testimonials, and survey responses
  • Newsletter subscription preferences and email marketing consent

Information Collected Automatically

  • IP address, browser type and version, and operating system
  • Device information including screen resolution, device type, and unique device identifiers
  • Pages visited, time spent on each page, navigation paths, and referral sources
  • Click patterns, scroll depth, and interaction data
  • Date and time of each visit and session duration
  • Cookie data and similar tracking technologies (see Cookie Policy section below)
  • Error logs and performance data for troubleshooting

Information from Third Parties

  • Analytics data from Google Analytics (anonymised where possible)
  • Social media profile information if you interact with us through social platforms
  • Payment confirmation data from payment processors
  • Referral information from business partners or directories

4. How We Use Your Information

We process your personal data only where we have a lawful basis to do so. The specific purposes include:

Service Delivery

  • To provide, manage, and deliver our web design, development, branding, e-commerce, hosting, and maintenance services
  • To create and manage your client portal account
  • To process quotes, proposals, invoices, and payments
  • To communicate with you about project progress, deliverables, and deadlines
  • To provide technical support and customer service

Website & Business Operations

  • To operate, maintain, and improve our website and services
  • To analyse website usage patterns and optimise user experience
  • To monitor and ensure the security of our systems and data
  • To detect, prevent, and address technical issues, fraud, or abuse

Marketing & Communications

  • To send newsletters, promotional emails, and marketing communications (only with your explicit consent)
  • To inform you about new services, features, or offers that may interest you
  • To personalise your experience and show relevant content
  • To conduct market research and analyse the effectiveness of our marketing

Legal & Compliance

  • To comply with legal obligations, court orders, or regulatory requirements
  • To establish, exercise, or defend legal claims
  • To protect our rights, property, and safety and that of our clients and third parties

7. Analytics & Tracking

We use analytics tools to understand how our website is used and to improve the experience we offer:

Google Analytics 4 (GA4)

  • We use Google Analytics 4 to collect anonymised data about website usage
  • GA4 uses first-party cookies and does not store full IP addresses
  • Data collected includes page views, session duration, traffic sources, device type, and user interactions
  • This data helps us understand which content is most useful and how to improve our website
  • Google's privacy policy: policies.google.com/privacy
  • You can opt out using the Google Analytics Opt-out Add-on

Meta Pixel (Facebook)

  • We may use Meta Pixel to measure the effectiveness of our advertising campaigns
  • The Pixel collects data about actions taken on our website after clicking a Facebook/Instagram ad
  • This data is anonymised and aggregated; we cannot identify individual users
  • You can manage your ad preferences at facebook.com/adpreferences
  • Meta Pixel is only activated if you accept marketing cookies

8. Client Portal Data

Our client portal allows registered clients to manage their projects, communicate with our team, and access their account. The following applies to portal data:

  • Account data (name, email, company) is collected during registration and stored securely in our database
  • Portal passwords are encrypted using industry-standard bcrypt hashing and are never stored in plain text
  • Project files, messages, and communications within the portal are stored securely and accessible only to authorised parties
  • Support tickets and message history are retained for the duration of the client relationship plus 2 years
  • Clients can request account deletion at any time; this will remove personal data but may retain anonymised project records for our portfolio
  • Portal session data is managed through secure HTTP-only cookies that expire when you close your browser or after inactivity

9. Marketing Communications

We respect your communication preferences and comply with PECR regulations:

Email Marketing & Newsletters

  • We only send marketing emails to individuals who have given explicit opt-in consent
  • Each marketing email includes a clear unsubscribe link to opt out at any time
  • Newsletter subscriptions are managed through our website; your email is stored securely
  • We do not sell, rent, or share your email address with third parties for their marketing purposes
  • Unsubscribe requests are processed within 48 hours; you may receive emails already in the queue during this period

Service Communications

  • We may send non-marketing, service-related emails without consent (e.g., project updates, invoice reminders, hosting notifications)
  • These transactional communications are necessary for contract performance and cannot be opted out of while services are active
  • We may contact you about service changes, security updates, or policy changes

10. Data Sharing & Third Parties

We do not sell your personal data. We may share your data with trusted third parties only where necessary:

Service Providers

  • Web hosting and cloud infrastructure providers (for website storage and delivery)
  • Payment processors (for secure transaction handling; we never store card details)
  • Email service providers (for sending transactional and marketing emails)
  • Domain registrars (for domain name registration and management)
  • SSL certificate providers (for website security)

Analytics & Marketing Partners

  • Google Analytics (anonymised website usage data)
  • Meta/Facebook (ad conversion tracking, only with your cookie consent)
  • Search engines (for indexing publicly available website content)

Legal & Professional

  • Legal advisors and accountants (where necessary for business operations)
  • Law enforcement or regulatory bodies (where required by law or court order)
  • Fraud prevention agencies (to protect against fraudulent activity)

All third-party service providers are contractually obligated to protect your data, process it only for specified purposes, and comply with applicable data protection laws. We conduct due diligence on our processors and maintain a record of processing activities.

11. Data Security

We implement robust technical and organisational measures to protect your personal data:

  • SSL/TLS encryption on all website pages and data transmissions
  • Encrypted password storage using bcrypt hashing algorithms
  • Secure, access-controlled hosting infrastructure with regular security updates
  • Regular software updates and security patching
  • Role-based access controls limiting data access to authorised personnel only
  • Regular database backups with encrypted storage
  • CSRF (Cross-Site Request Forgery) protection on all forms
  • Security monitoring and intrusion detection
  • Staff awareness and training on data protection best practices

While we implement industry-standard security measures, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security but will notify you and the ICO of any data breach as required by law.

12. Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected. Our retention periods are:

Retention Periods

  • Client project data and contracts: 6 years after project completion (legal/tax requirements)
  • Financial records and invoices: 6 years (HMRC requirements under the Taxes Management Act 1970)
  • Contact form enquiries: 2 years from last communication unless a project commences
  • Newsletter subscriber data: Until you unsubscribe, plus 30 days for processing
  • Client portal accounts: Duration of client relationship plus 2 years after last activity
  • Website analytics data: 26 months (Google Analytics default retention)
  • Cookie consent records: 12 months, then re-consent is requested
  • Support tickets and correspondence: 3 years from resolution
  • CCTV or security logs: 30 days (if applicable)

Data Deletion

  • When retention periods expire, data is securely deleted or anonymised
  • Anonymised data (which cannot identify you) may be retained indefinitely for statistical and analytical purposes
  • You may request early deletion of your data at any time (subject to legal retention obligations)
  • Backup copies may persist for up to 90 days after deletion from live systems

13. Your Rights Under UK GDPR

You have the following rights regarding your personal data. These rights are not absolute and may be subject to certain conditions:

Right of Access (Article 15)

Request a copy of the personal data we hold about you (Subject Access Request). We will respond within 30 days.

Right to Rectification (Article 16)

Request correction of inaccurate or incomplete personal data. We will make corrections promptly.

Right to Erasure (Article 17)

Request deletion of your personal data where there is no compelling reason for continued processing (also known as the "right to be forgotten").

Right to Restrict Processing (Article 18)

Request that we limit how we process your data in certain circumstances (e.g., while verifying accuracy).

Right to Data Portability (Article 20)

Receive your personal data in a structured, commonly used, machine-readable format (e.g., CSV, JSON).

Right to Object (Article 21)

Object to processing based on legitimate interests or for direct marketing purposes. We will stop processing unless we have compelling grounds.

Right to Withdraw Consent

Where processing is based on consent, you may withdraw it at any time. This does not affect the lawfulness of processing before withdrawal.

Rights Related to Automated Decision-Making

Not to be subject to decisions based solely on automated processing, including profiling, that produce legal or similarly significant effects. We do not currently engage in such processing.

To exercise any of these rights, please email us at [email protected] with the subject line "Data Rights Request". We will verify your identity before processing your request and respond within 30 calendar days. There is no fee for most requests, but we may charge a reasonable fee for repetitive, manifestly unfounded, or excessive requests.

14. International Data Transfers

Your personal data may be transferred to and processed in countries outside the United Kingdom. This may occur when we use third-party services with servers in other jurisdictions.

  • Where data is transferred outside the UK, we ensure appropriate safeguards are in place as required by UK GDPR
  • Safeguards include UK International Data Transfer Agreements (IDTAs) or standard contractual clauses approved by the ICO
  • We may also rely on adequacy decisions where the UK Government has determined a country provides adequate data protection
  • Key transfers may include: website hosting (may use US/EU servers), Google Analytics (Google LLC, USA with appropriate safeguards), and email delivery services
  • You can request details of the specific safeguards applied to international transfers by contacting us

15. Data Breach Procedures

We have robust procedures in place to detect, report, and investigate personal data breaches:

  • In the event of a data breach that poses a risk to your rights and freedoms, we will notify the ICO within 72 hours of becoming aware
  • Where the breach is likely to result in a high risk to your rights and freedoms, we will notify you directly without undue delay
  • Notifications will include a description of the breach, likely consequences, and measures taken or proposed to address it
  • We maintain an internal breach register documenting all incidents, their effects, and remedial actions taken
  • We conduct post-breach reviews to prevent recurrence and improve our security measures

16. Children's Privacy

Our services are primarily directed at businesses and individuals aged 18 and over. We take the following approach to children's data:

  • We do not knowingly collect personal data from children under 13
  • For children aged 13-15, we require verifiable parental consent before processing personal data
  • If we discover that we have inadvertently collected data from a child without appropriate consent, we will delete it promptly
  • If you believe we hold data about a child without proper consent, please contact us immediately at [email protected]
  • Our client portal registration is restricted to users aged 18 and over

17. Social Media & External Links

Our website may include links to social media platforms and external websites:

  • Social media buttons and links on our website may allow those platforms to collect data about your visit even if you do not click them
  • We are not responsible for the privacy practices of external websites or social media platforms
  • External links are provided for convenience; we encourage you to read the privacy policies of any third-party sites you visit
  • If you interact with us through social media (e.g., Facebook, Instagram, LinkedIn), the platform's privacy policy applies in addition to this Policy
  • We may use social media data (e.g., comments, reviews) for testimonials and marketing with your consent

18. Do Not Track (DNT)

Some web browsers transmit a "Do Not Track" (DNT) signal. There is currently no industry-standard technology for recognising or honouring DNT signals. We do not currently respond to DNT signals, but we respect your cookie preferences as set through our consent banner. If a standard is established in the future, we will review and update our practices accordingly.

19. Changes to This Policy

  • We may update this Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors
  • Any material changes will be posted on this page with an updated "Last updated" date
  • For significant changes that affect how we process your data, we will make reasonable efforts to notify you directly (e.g., via email or a prominent notice on our website)
  • Your continued use of our website and services after changes are posted constitutes acceptance of the revised Policy
  • We encourage you to review this Policy periodically to stay informed about how we protect your data
  • Previous versions of this Policy are available upon request

20. Complaints & Supervisory Authority

If you are unhappy with how we have handled your personal data, we encourage you to contact us first so we can try to resolve your concern. We take all complaints seriously and will respond within 14 working days.

You also have the right to lodge a complaint with the Information Commissioner's Office (ICO), the UK's independent supervisory authority for data protection:

Website: ico.org.uk
Helpline: 0303 123 1113
Post: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF

Contact Us About Your Privacy

If you have any questions about this Policy, wish to exercise your data rights, or want to make a complaint about how we handle your personal data, please contact us:

Email:[email protected]
Phone:0330 043 6454
Post: North Lodge Court, South Horrington Village, Wells, Somerset, BA5 3DZ

Supervisory Authority: You have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk or by calling their helpline on 0303 123 1113.

Scream Max Studios Ltd trading as Scream Digital. Registered in England.

Have Questions About Your Data?

We're here to help. Contact us if you have any questions about how we handle your personal information.

Call Us: 0330 043 6454Contact Form