Privacy Policy

Last updated: 25/05/18

Welcome to In The Box Marketing

We provide a service to businesses and don’t (currently) process B2C data for them or us. We hold only very basic client contact data and records of useful information so that we can contact our clients and do the job they pay us to do! Nonetheless, we’re fans of everyone knowing where their data is and what it’s used for, so here’s a quick overview of the data we collect and how we use it.

By the way, if you have any questions about your data and how we use it, you can contact us on [email protected].

Website contact form

Occasionally people contact us via our website (yay!) asking us to get in touch so they can share their marketing woes with us and ask us to help. In these circumstances we would normally create a record of their company and individual business contact details within our private database. We will keep these records for a year unless we are asked to delete them, in which case we will, within 72 hours (except where holidays or unavoidable time away from the office makes this impossible – but in general we will do it at the earliest possible opportunity).

We also receive approaches from individuals looking to work with us or (occasionally) gain work experience (usually students). We wish all these people the best of luck, (usually) send them a nice reply and leave the enquiry in our contact system until it’s time for us to cleanse the system. We do this once a year.

Third parties

As our workload grows, very occasionally we may (in future) use carefully-selected third party marketers who are part of the In The Box team but not direct employees. These people are well known to us and very, very carefully vetted; they simply must reach our standards or we wouldn’t work with them. We haven’t done this yet, but if and when we do, we may need to share client contact details with them only insomuch as it allows them to deliver our services to our clients. We will of course introduce clients to them, so the client will know who they are. They will only ever possess clients’ basic contact details and the knowledge they require in order to execute their job to our standards.

CRM records and Business Development

Obviously, our business has to come from somewhere. So if a potential client interacts with us in person, by phone, email, social media, through our site (or any other way we can’t think of right now) we might create a CRM record with their name, company, role and contact details plus a written record of why we had a conversation. We do this in the hope that we can go on to become a valued and trusted provider.

As above, we will of course remove anyone’s records at the earliest possible opportunity should they request it.

In order to win new clients we may occasionally use business (and strictly only business) contact details we find on websites, social media or in the public domain. More often we are asked to contact businesses by their own third party contacts who believe the business will benefit from our service. In this case we would be given the relevant contact details. (More often still, people contact us – which is very much appreciated, thank you).

In the above cases, if we establish that you’re interested in working with us, or ask us to keep in touch, your basic contact details (name, email, job title and a bit of narrative) will go onto our database until such as time as you ask us to remove it.

Nobody has ever asked us to remove their data, but should this happen, our process would normally be to keep someone’s name and company but make a note that you don’t wish to be contacted and remove your contact details (phone, email etc). If we don’t do this, we have no way of remembering not to contact you! (We won’t be able to anyway, because we won’t have your contact details any more, and we will honour any requests for us to remove absolutely all data, at the earliest possible convenience as above).

Google Analytics

Like many businesses we use Google Analytics to assess the traffic on our website and learn lessons about how best to tailor our own content. Google Analytics does not reveal any personal identification data about our site visitors, but it does use cookies which is, technically, personal data. We do nothing with Google Analytics beyond simply looking at how the traffic on our site behaves – that is, what pages are read the most, how long visitors stay on a page and so on. We don’t know who our visitors are and would never use analytics to try to pursue them or identify them.

Client Google Analytics

As part of our role, we administer content (and only content) on some of our clients’ websites. As such we can access their Google Analytics and we provide regular reports to them showing their website’s performance. As above, none of these reports reveal any personal identification data about their websites’ visitors beyond the fact that Google Analytics uses cookies which is, technically, personal data. (See above).

Client social media

As part of our role, we administer and manage our clients’ social media accounts. This means we communicate with third parties on behalf of our clients whilst providing a “white label” social media service. We normally only interact with these third parties via social media and gain no personal data about them at all, and their contact data remains strictly within the software we are using – e.g. we can see our clients’ Twitter followers from within their Twitter account or our social media management software, but that’s all. We never extract that information into a database or use it for our own ends.

Client email software

On occasion we are granted access into our client’s various software systems, in order to fulfil a marketing service such as designing email templates in Mailchimp. On these occasions we are bound by their data protection rules and our own, and would have no reason to extract or use their customer, and never do or will.


When and if we decide to engage in recruitment activity in our drive for world domination, we will need to receive, review and store CVs. These will contain the usual CV information – contact details, addresses, interests and so on. We will store these in a protected drive in order to evaluate candidates’ suitability for our roles and so that we can get in touch should suitable roles become available (or to ascertain whether the individual/s has applied for a role with us in the past). In each case, if the applicant does not become an employee, we will destroy their CVs and all related data after five years.

Future services

Email Marketing

We are currently too busy (or perhaps just don’t have enough staff) to produce our own regular client newsletter or send out regular email blasts, much as we’d love to. However, if and when we do get around to doing so, we will produce a “subscribe to our newsletter/marketing” signup which will collect the name and email address of subscribers. We will store these in our chosen email system (Mailchimp, Communigator etc) and our CRM system. We will not interpret “sign me up for your newsletter/marketing” as “I give you permission to bombard me with irrelevant sales messages” because we don’t, and won’t.

Nobody will ever be added to our bulk mailing list without their express consent, and every recipient will be able to unsubscribe via a link in each email.


As and when we update our services or get involved in different marketing activities that impact on different segments of privacy law and GDPR, we will update this privacy policy accordingly.

Cookies Policy

How we use cookies

We use a number of different cookies on our site. If you do not know what cookies are, or how to control or delete them, then we recommend you visit for detailed guidance.

The list below describes the cookies we use on this site and what we use them for. By continuing to browse our site, you are agreeing to our use of cookies. If you are not happy to, then you should either not use this site, or you should delete the cookies having visited the site, or you should browse the site using your browser’s anonymous usage setting (called “Incognito” in Chrome, “InPrivate” for Internet Explorer, “Private Browsing” in Firefox and Safari etc.)

How to disable Cookies

All modern browsers allow you to change your cookie settings. These settings will typically be found in the ‘options’ or ‘preferences’ menu of your browser.

First Party Cookies

These are cookies that are set by this website directly. Currently our only cookies of this nature are for Google Analytics.

Google Analytics

We use Google Analytics to collect information about visitor behaviour on our website. Google Analytics stores information about what pages you visit, how long you are on the site, how you got here and what you click on. This Analytics data is collected via a JavaScript tag in the pages of our site and is not tied to personally identifiable information. We therefore do not collect or store your personal information (e.g. your name or address) so this information cannot be used to identify who you are.

You can find out more about Google’s position on privacy regarding its analytics service here.

Third Party Cookies

These are cookies set on your machine by external websites whose services are used on this site. Cookies of this type include social sharing buttons and our embedded Instagram and Twitter feeds. In order to implement these buttons and feeds, and connect them to the relevant social networks and external sites, there are scripts from domains outside of our website. You should be aware that these sites are likely to be collecting information about what you are doing all around the internet, including on this website.

You should check the respective policies of each of these sites to see how exactly they use your information and to find out how to opt out, or delete, such information.

Session Cookies

We use a session cookie to remember your log-in details for you, if you have a user account (for leaving comments on blogs). These we deem necessary to the working of the website. If these are disabled then some functionalities on the site will be broken, including the ability to log-in.