Privacy Notice


BBL/P Ltd (36 Soho Square, London, W1D 3QY) +44 (0) 203 770 7586;; registered in England and Wales No 08239749; “we”, “us”, or “our”) are a creative consultancy offering market intelligence, strategic leadership, consumer insights, transformative creativity and bespoke digital marketing services.

This Privacy Notice sets out how we collect, use, share, and protect any information we collect through this website (“Website”) and information you may share with us, for example when applying for a job or via email communication. This Privacy Notice also explains the measures we take to safeguard your information and describes how you may contact us regarding our privacy practices.

Any data collected, including personal data (as defined under applicable data protection laws, referred to collectively as “Personal Data”), will only be used for the purposes set out in this Privacy Notice. 

Notwithstanding, we may use information that does not identify you (including information that has been aggregated or de-identified) for any purpose except as prohibited by applicable law. 

Please read this Privacy Notice thoroughly. If you disagree with the way personal information will be used, please do not use this Website.

We may include links to other websites, including social media platforms. This Privacy Notice does not apply to the data practices of other websites. We encourage you to read the privacy notices available on other websites you visit.


Data Controller

When data is collected on this Website, BBL/P is acting as a Data Controller. This means that BBL/P determines the purpose and means of the processing of your personal data and BBL/P is responsible for protecting it from harm.

Data Processor

‘Data Processors’ act on behalf of the instructions of a Controller. In a similar way to Data Controllers, Data Processors also have to protect people’s personal data. 

Data Subject 

‘Data Subject’ is someone who can be identified from personal data.

Personal Data

‘Personal Data’ means information which relates to a living person who can be identified from that data on its own, or when taken together with other information which is likely to come into our possession. It includes any expression of opinion about the person and an indication of the intentions of us or others, in respect of that person. It does not include anonymised data.


‘Processing’ means any operation which is performed on personal data such as:

  • collecting, obtaining, handling, recording, organising, structuring or storing;
  • adaption or alteration;
  • retrieval, consultation or use;
  • disclosure by transmission, dissemination or otherwise making available; and
  • restriction, destruction or erasure.

What Personal Data and Sensitive Personal Information do we collect and process through the Website?

The following table describes the categories of Personal Data we collect. 

Through our Website:

Category of Personal DataList of Personal Data processed 
Contact informationFirst name, last name, e-mail address

Through recruitment:

Category of Personal DataList of Personal Data processed 
Application documentationApplication form, CV, education and qualifications, employment history, interview notes, membership of any professional bodies [excl. trade unions], pre-employment assessment exercises or tests, work experience
Contact detailsName, postal address, personal email address
Health and medical conditions (for making reasonable adjustments if requested)Name, postal address, personal email address, health and medical condition
References (incoming)Name, postal address, personal email address
Subject Access RequestName, postal address, personal email address

This list is intended as a guide and is not exhaustive.

Categories of the sources of Personal Data we may collect

We may collect the Personal Data outlined above from the following categories of sources:

  • Directly from you, for example, when you send us your questions or comments or make usage of your privacy rights.
  • Indirectly from you by using automated technologies, such as cookies. Further information about our use of cookies can be found in our Cookies Policy.

Purpose of data collection and legal basis

The following table provides information about our purposes and legal basis for collecting your Personal Data:

Our Purposes for collecting and using your Personal DataBasis for processing
To read and respond to your queries to usDepending on your request, we will rely on our legitimate interest or the performance of pre-contractual measures to respond to individuals’ queries
When you contact us through the data access request formWe rely on our legal obligation to provide you a process to exercise your rights
Operating our Website

For visitors from the European Union, we rely on your consent to obtain your Personal Data through cookies.

For visitors from other geographies, we rely on our legitimate interest to improve our services and develop new products


As indicated below, vendors and other parties may act as our service providers, or in certain contexts independently decide how to process your information. We encourage you to familiarise yourself with and consult their privacy policies and terms of use.

With whom do we share Personal Data?

We may disclose your Personal Data collected and processed through this Website for various purposes related to our business. The disclosure may be to our clients, partners, or vendors. 

We may only share your personal data with Company employees or agents of the Company if the recipient needs to have the data in order to fulfil their role.

We might share your personal data with group companies or our contractors and agents to carry out our obligations under our contract with you or for our legitimate interests. We require those companies to keep your personal data confidential and secure and to protect it in accordance with the law and our policies. They are only permitted to process your data for the lawful purpose for which it has been shared and in accordance with our instructions.

We do not send your personal data outside the European Economic Area.

We also may share any of the Personal Data we collect for the following purposes:

Sharing for Legal Purposes

We may share Personal Data with other parties in order to: 

  • comply with legal process or a regulatory investigation (e.g. regulatory authorities’ investigation, subpoena, or court order);
  • enforce our Terms of Service, this Privacy Notice, or other contracts with you, including investigation of potential violations thereof;
  • respond to claims that any content violates the rights of other parties; and/or
  • protect the rights, property or personal safety of us, our platform, our customers, our agents and affiliates, its users and/or the public.

We likewise may provide information to other companies and organisations (including law enforcement) for fraud protection, spam/malware prevention and similar purposes.

Sharing In Event of a Corporate Transaction

We may also share Personal Data in the event of a major corporate transaction, including for example a merger, investment, acquisition, reorganisation, consolidation, bankruptcy, liquidation, or sale of some or all of our assets, or for purposes of due diligence connected with any such transaction.

Aggregate, Deidentified, or Anonymised Information

We may aggregate, de-identify and/or anonymise any information collected so that such information can no longer be linked to you or your device (“Aggregate/De-Identified Information”). 

We may use Aggregate/De-Identified Information for any purpose, including without limitation for research and marketing purposes, and may also share such data with any other party, including advertisers, promotional partners, and sponsors, in our discretion, unless otherwise prohibited by applicable law.

Your rights and choices regarding your Personal Data

Subject to certain exceptions and the jurisdiction in which you live, if you are a resident of the UK, the UK Data Protection Act 2018 and the UK General Data Protection Regulation, or the EU, then the EU General Data Protection Regulation provides you with specific rights regarding your Personal Data. This subsection describes your rights and explains how to exercise those rights regarding Personal Data that we hold about you. These rights include:

Right to be informed

  • You have the right to information about what personal data we process, how and on what basis as set out in this policy.

Right of access

  • You have the right to access your own personal data, know the origin of this personal data and obtain a copy in an understandable format.
  • If you would like to access the personal data we hold about you, please get in touch with our Data Protection Advisers who will coordinate a response:

    — Pete Petrella
    — Ian Kerrigan
  • We will respond without undue delay and in any event within one month from the date we receive your request.
  • This timeframe can be extended by two months to take the complexity of the request, or the number of requests received into account. In this case, we will inform you within one month from receiving your request, specifying the reasons for extending the response timeframe.

Right to rectification

  • You can ask us to correct any inaccuracies in your personal data. To do so, you should contact the Data Protection Advisers (please see above).

Right to erasure (“right to be forgotten”)

  • You have the right to request that we erase your personal data where we were not entitled under the law to process it, or it is no longer necessary to process it for the purpose it was collected.
  • In most situations we will not rely on your consent as a lawful ground to process your data. If we do however request your consent to the processing of your personal data for a specific purpose, you have the right not to consent or to withdraw your consent later.
  • You have the right to have your personal data erased if we are relying on legitimate interests as our basis for processing, you object to this processing, and there is no overriding legitimate interest to continue the processing.
  • You also have the right for your personal data to be erased if we have processed it for direct marketing and you object to this.
  • There is no fee for personal data erasure. However, if your request is manifestly unfounded or excessive, we may charge a reasonable administrative fee.

The right to erasure does not apply if processing is necessary to: 

  • exercise the right to freedom of expression
  • comply with a legal obligation
  • for the establishment, exercise or defence of legal claims.

Please note that we can refuse to comply with a request to delete data if the request is manifestly unfounded or excessive. If this is the case, we will inform you within one month after receiving the request. 

Right to restrict processing

  • While you are requesting that your personal data be corrected or erased or are contesting the lawfulness of our processing, you can apply for its use to be restricted while the application is made.

Right to data portability

  • You have the right to receive a copy of your personal data and to transfer your personal data to another Data Controller. We will not charge for this and will in most cases aim to do this within one month.
  • This right only applies to personal data that you provided to us and which concern you, for which we are relying on ‘consent’ or ‘contractual obligation’, and when we are processing the data by automated means.
  • The right to data portability must not prejudice the rights and freedoms of others.

Right to object

  • You have the right to object to data processing where we are relying on a legitimate interest to do so, and you think that your rights and interests outweigh our own and you wish us to stop.
  • You have the right to object if we process your personal data for the purposes of direct marketing.

Rights related to automated decision making and profiling

  • If personal data is processed entirely by automatic means and this might have a legal or similarly significant effect on you, you can request some human involvement in the processing.

Right to complain

  • If you are unsatisfied with the way we process your personal data or if your request has been rejected, you may also lodge a formal complaint with your local competent data protection authority.

Information from our clients

If data about you has been processed by us as a Data Processor on behalf of a client and you wish to exercise any rights you have with such data, please inquire with our client directly. 

If you wish to make your request directly to us, please provide the name of our client on whose behalf we processed your Personal Data. We will refer your request to that client and will support them to the extent required by applicable law in responding to your request.

Data security

We use a variety of methods, such as firewalls, intrusion detection software, Mobile Device Management, two-factor authentication and manual security procedures, designed to secure your data against loss or damage and to help protect the accuracy and security of information and to prevent unauthorised access or improper use. 

Nevertheless, transmission via the internet is not completely secure and we cannot guarantee the security of information about you. If you think that the Website or any Personal Data is not secure or that there has been unauthorised access to the Website or your Personal Data, please contact our Data Protection Advisers: 

— Pete Petrella
— Ian Kerrigan

Where the Company engages third parties to process personal data on its behalf, such parties do so on the basis of written instructions, are under a duty of confidentiality and are obliged to implement appropriate technical measures to ensure the security of data. 

Data transfers

We do not send your personal data outside the European Economic Area.

Data storage

Personal data will be stored in accordance with our applicable data retention requirements and company policies. We only hold your personal data for as long as necessary for the purposes for which we collected it. 

The retention period for personal data varies depending on the type of personal data and the purposes of processing it. Our standard retention periods are based on statutory (legally binding) time periods and on recommended best practice. 

Through our Website:

Type of documentRetention period
Contact information (first name, last name, e-mail address)12 months after last communication

Through recruitment:

Type of documentRetention period
Application documentation (incl. application form, CV, education and qualifications, employment history, interview notes, membership of any professional bodies [excl. trade unions], pre-employment assessment exercises or tests, work experience)

6 years post-employment (successful candidates) 

12 months post-recruitment (unsuccessful candidates)

Contact details (incl. name, postal address, personal email address)

6 years post-employment (successful candidates)

12 months post-recruitment (unsuccessful candidates)

Health and medical conditions (for making reasonable adjustments if requested)

6 years post-employment (successful candidates)

6 months post-recruitment (unsuccessful candidates)

References (incoming)

6 years post-termination (successful candidates)

12 months (unsuccessful candidates) 

Subject Access Request12 months after last communication (recommended)

This list is intended as a guide and is not exhaustive.

Use of cookies and other tracking technology

For information about the cookies used by our Website, please see our Cookies Policy.

Use of social media and social media plug-ins

If you follow us on social media (for example, through our account on LinkedIn), we will also collect personal data in order to understand our followers better and understand the public response to our products and services. 

We may use this information to engage in social listening to identify and assess what is being said about us publicly, to understand industry trends and market sentiment. 

If you publicly reference us or our Website on social media (such as by using a hashtag associated with us in a post), we may use your reference on or in connection with our Website. 

Any information you provide to us when you engage with our content (such as through our brand page or via LinkedIn Messenger) is treated in accordance with this Privacy Notice. 

We act as a joint Data Controller with the social media platform for the collection of your personal data when you visit our company page on the social media platform. You can read more regarding our joint controllership with the platforms at the following link:

We have no control over how social media platforms use your personal data and they may independently collect information about you when you leave our Website. The information collected and stored by those parties remains subject to their own policies and practices, including what information they share with us, your rights and choices on their services and devices, and where they store information. We encourage you to read the privacy notices on the various social media platforms you use:

Notification of changes

Any changes to this Privacy Notice will be promptly communicated on this page and you should check back to see whether there are any changes. 

Continued use of the Website after a change in the Privacy Notice indicates your acknowledgement and acceptance of the use of Personal Data in accordance with the amended Privacy Notice.

Further information

This Privacy Notice has been designed to be accessible to people with disabilities. If you experience any difficulties accessing the information here, please contact us on +44 (0) 203 770 7586 or 

If you consider that we are not complying with this Privacy Notice, if you have any questions in relation to this Privacy Notice, or have questions about your rights and choices, please contact our Data Protection Advisers. Data Subjects in Europe may also lodge a formal complaint with their competent data protection authority. 

If you have any questions about our data practices or you wish to exercise your rights or know about the contractual protections in place, please contact our Data Protection Advisers.

Our Data Protection Advisers are:

— Pete Petrella
— Ian Kerrigan

Cookies Policy

Cookies are small text files that are downloaded onto terminal equipment such as a computer or smartphone when a user accesses a website. They allow the website to recognise that user’s device and store some information about the user’s preferences or past actions. 

This Cookies Policy explains what cookies are and how we use them. You should read this policy so you can understand what type of cookies we use, or the information we collect using cookies and how that information is used. 

We only use cookies to provide necessary functionality. We do not store sensitive personal information, such as mailing addresses, account passwords, etc. in the cookies we use.

Type of Cookies We Use

Cookies can be "persistent" or "session" cookies. Persistent cookies remain on your personal computer or mobile device when you go offline, while session cookies are deleted as soon as you close your web browser.

We use both session and persistent cookies for the purposes set out below:

Necessary/Essential Cookies

Type: Session Cookies
Administered by: Us
Purpose: These cookies are essential to provide you with services available through the website and to enable you to use some of its features. Without these cookies, the services that you have asked for cannot be provided, and we only use these cookies to provide you with those services.

Notice Acceptance Cookies

Type: Persistent Cookies
Administered by: Us
Purpose: These cookies identify if users have accepted the use of cookies on the website.

Your Choices Regarding Cookies

If you prefer to avoid the use of cookies on the website, first you must disable the use of cookies in your browser and then delete the cookies saved in your browser associated with this website. You may use this option for preventing the use of cookies at any time.

If you do not accept our cookies, you may experience some inconvenience in your use of the website and some features may not function properly.

If you'd like to delete cookies or instruct your web browser to delete or refuse cookies, please visit the help pages of your web browser.

  • For the Chrome web browser, please visit this page from Google.
  • For the Microsoft Edge web browser, please visit this page from Microsoft.
  • For the Firefox web browser, please visit this page from Mozilla.
  • For the Safari web browser, please visit this page from Apple.
  • For any other web browser, please visit your web browser's official web pages.

We only use cookies to provide necessary functionality

Accept & Close