Privacy policy

This policy covers the personal data processing of the BigBad Wolf Group.

BigBadWolf (BBW) is a digital design marketing agency providing bespoke services to Businesses and Corporate clients. The Parent Co in the UK was established to support work for leading Client and Brand names, with the worldwide offices established to support these clients across the globe.

BBW is a Data Controller for its own employee data, the relationship data of clients, and for any marketing or promotional activity. It is also a Data Processor in the provision of services to clients.

For each country in which we operate, there may be specific data privacy requirements; for example:

  • UK and Paris: the EU and UK GDPR
  • Asia and Pacific:
    • Personal Data (Privacy) Ordinance 1996 in Hong Kong
    • Personal Data Protection Act 2012 for Singapore
  • UAE: Protection of Personal Data Protection (“PDPL”) 2021

Your Personal Data

It is our policy to protect the privacy of our clients, employees, and users of the Website. We are a Business and Corporate provider of services and collect a very limited amount of your personal data (by "personal data", we mean information about you or which can be used to ascertain your identity). For example, we may collect some information about you when you visit the Website or your details as a contact for one of the businesses we support, or when you visit one of our offices. We will also collect personal data in our role as an employer and through our recruitment processes.

The Data We Collect

We will only ever collect the information we need to provide our services and collect information as follows:

  • Personal information: such as name, address, phone number, email address.
  • Contact information: business name, address, and contact details (e.g., business email address, telephone number).
  • Business Financial Information: e.g., bank account details, history of payments, and agreements with us.
  • Technical information: such as online identifiers, IP addresses (the location of the computer on the internet), and network statistics.
  • Non-personal information: such as website pages accessed. This helps us to determine how many people use our website, how many people visit on a regular basis, and how popular our pages are. This information doesn’t tell us anything about who you are or where you live. It simply allows us to monitor and improve our services.

We do not collect data from children nor any special category data.

How Do We Use the Data We Collect?

The personal data collected is needed in order to:

  • Carry out our obligations arising from any contracts or agreements entered between you and us.
  • Look into, and respond to, complaints, incidents, near misses, legal matters, or any other issues.
  • Provide a personalized service to you when you visit our websites – this could include customizing the content and/or layout of our website and webpages for individual users.
  • Provide you with information about other services, events, and products we offer that are similar to those that you have enquired about.
  • Send you information and communications about what we do and how we can help you, and how you can help us.

Our Legal Basis to Process

The personal data is processed mainly using the legal basis to perform the contract, tasks, or services we have agreed with you or as needed for legal requirements. Additionally, there will be instances where we will process information using our legitimate interests, for example in promoting what we do, but only where this is of interest to you; our legitimate interests will include using data in the relationship or support between us. We will seek your consent where needed or where the processing activity is not part of the agreed services.

Security

We have installed security systems to protect your personal information from being inappropriately or accidentally accessed, used, shared, or destroyed, and against it being lost. In addition, we limit access to your personal information to those employees, agents, contractors, and other third parties who have a business need to know. They will only process your personal information on our instructions and they are subject to a duty of confidentiality. To prevent unauthorized access or disclosure, we have put in place suitable physical, electronic, and managerial procedures to safeguard and secure the information we collect.

Direct Marketing

BBW undertakes limited marketing activity and where we do, we will try to tailor and provide you with details of products and services from us that may be of interest to you. We will only do so in accordance with any marketing preferences or permissions you have given us. If you do not want to receive our marketing materials, please send an email to unsubscribe@bb-wolf.com.

Website & Cookies

Any personal data collected from you on the Website will only be used for the specific purposes mentioned at the time of collection or for purposes directly related to those specific purposes as described in this policy.

Like most organizations, BBW has a website and like most websites, we also use ‘Cookies’. These are small pieces of information sent by an organization to your computer and stored on your hard drive to allow that website to recognize you when you visit. They collect statistical data about your browsing actions and patterns and do not identify you as an individual. We do this in order to make a user’s experience more efficient and to provide us with the basic visitor statistics for analysis.

For more information about cookies we use, please refer to our <<Cookie Policy>> link will be added here to the page attached to the website.

Links to Other Websites

Our website and promotions may contain links to other websites of interest. However, you should note that we do not have any control over these other websites. Once you have used any of these links to leave our site, we cannot be responsible for the protection and privacy of any information which you provide whilst visiting these sites and such sites are not governed by this privacy statement.

Disclosure & 3rd Party Access

Access to your personal information is only allowed when required by law or is required as part of fulfilling our service obligations. We do make use of third-party service providers to help us fulfill our services and where we do, the third party is required to take appropriate security measures to protect your personal information in line with our policies. We do not allow our third-party service providers to use your personal data for their own purposes and we only permit them to process your personal data for specified purposes and in accordance with our instructions.

We use third-party providers to:

  • Help us manage and administer our client relationships.
  • Host and administer our website.
  • For financial administration, payments, and invoices.
  • For our IT security and systems.

International Data Transfers

BBW Group will host data where possible within the country or territories in which the Group entity operates. For example, across Asia and Pacific, data will be hosted in China or Singapore to fulfill country privacy requirements.

Please note though that your data may be exported to, as well as stored and processed in, countries outside of the country you operate across the BBW Group or within databases or systems. For our UK and EU clients, in any circumstance where we may have to transfer your personal data out of the UK or EEA, we ensure a similar degree of data privacy and protection is afforded to it by ensuring at least one of the following safeguards is implemented:

  • We will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the UK or EU.
  • Where we use service providers who are not in territories approved by the UK or EU commission, we will look to implement additional safeguards such as a detailed review of security measures and the use of Standard Contractual Clauses (SCCs).

For our overseas offices in APAC and UAE, our Group entities in the UK and in Paris represent the processing of personal data of UK and EU citizens to the Supervisory Authorities for these countries.

Retention of Your Personal Data

We retain your personal information for as long as necessary to fulfill the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.

In some circumstances, we may anonymize your personal information so that it can no longer be associated with you, in which case we may use such information without further notice to you. If you would like more information about our data retention, please contact us via email at:

Your Right of Access to and to Correct Personal Data

It is important that the personal information we hold about you is accurate and current. Please keep us informed if your personal information changes during your working relationship with us.

Your rights of access or control of your data will be determined by the country privacy requirements in which your data is processed but in principle, you may have the right to:

  • Be informed of how we will use your data as provided by this Policy.
  • Access the information held about you. Your right of access can be exercised in accordance with data protection law.
  • Object to us processing or ask us to restrict the processing of your personal information for any of the purposes listed in this Policy, at any time.
  • Ask us to update and correct any out-of-date or incorrect personal information that we hold about you free of charge.
  • Ask us to erase or delete your personal information (in certain circumstances). We will do our best to respond to such requests, but these are subject to certain limitations such as legal requirements.
  • Request a transfer of your personal information (again in certain circumstances).

If you wish to exercise any of the above rights, review, verify, correct or question anything detailed in this policy, or are unhappy with any aspect of how we use your data, please contact us at:

We will respond to your request promptly and look to resolve any query within 30 days and free of charge. However, we reserve the right to refuse or charge an administrative fee for the furthering of any of the above requests if they are done so in a frivolous, vexatious, or excessive manner. We will always notify you if such a charge is being applied.

Complaints

You also have the right to make a complaint at any time, and we appreciate the chance to deal with your concerns in the first instance. To register a complaint please email us at:

If you are unsatisfied with our reply, you have the right to lodge a complaint with the Country Regulator or Supervisory authority for data protection issues within your country.

Changes to Our Privacy Policy

We reserve the right to update this privacy notice at any time, and we will provide you with a new privacy notice when we make any substantial updates. We may also notify you in other ways from time to time about the processing of your personal information.

This Policy statement was last updated in May 2024.