PRIVACY POLICY

1. PRIVACY POLICY Preamble DOBIL MARKETING LTD ("DOBIL," "we," "our," or "us") is a private limited company registered in England and Wales under Company Number 17302630, with its registered office at Office 1353, 85 Dunstall Hill, Wolverhampton, WV6 0SR, United Kingdom. This Privacy Policy sets forth our commitment to protecting the personal data of our clients, website visitors, and business partners in accordance with the United Kingdom General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and the Privacy and Electronic Communications Regulations 2003 (PECR). 1. Data Controller DOBIL MARKETING LTD is the data controller for all personal data processed in connection with our digital marketing services and corporate operations. Our designated contact for data protection matters is the Director, Mr. Angel Gabriel Henao Bolanos, reachable at ceo@dobilmarketing.com or +44 07537 169556. 2. Categories of Personal Data Processed We process personal data across the following categories: 2.1 Identity and Contact Data Full name, professional title, and organisational affiliation Business email address, telephone numbers, and postal address Social media profiles and professional networking identifiers 2.2 Corporate and Commercial Data Company registration details, industry classification, and organisational structure Marketing objectives, campaign parameters, and budgetary frameworks Historical performance metrics and competitive positioning data 2.3 Financial Data Bank account details and payment card information (processed exclusively through PCI-DSS compliant third-party payment processors) Invoicing records, transaction histories, and credit references 2.4 Technical and Behavioural Data Internet Protocol (IP) addresses, device identifiers, and browser fingerprints Website navigation patterns, engagement durations, and conversion events Cookie identifiers and tracking pixel data (detailed in Section 8) 3. Lawful Basis for Processing We process personal data only where a valid lawful basis exists under Article 6 of the UK GDPR: Purpose Lawful Basis Applicable Scenario Service delivery Performance of a contract Executing digital marketing agreements Business development Legitimate interests Prospecting and market analysis Regulatory compliance Legal obligation Tax, accounting, and company law requirements Marketing communications Consent Promotional emails and newsletters 4. Data Subject Rights Pursuant to Chapter III of the UK GDPR, data subjects enjoy the following rights: Article 15 — Right of Access: Obtain confirmation of processing and a copy of personal data Article 16 — Right to Rectification: Request correction of inaccurate or incomplete data Article 17 — Right to Erasure: Request deletion subject to statutory retention requirements Article 18 — Right to Restriction: Limit processing in specified circumstances Article 20 — Right to Data Portability: Receive data in structured, machine-readable format Article 21 — Right to Object: Object to processing based on legitimate interests or direct marketing To exercise these rights, submit a written request to ceo@dobilmarketing.com. We shall respond within one calendar month, extendable by two further months for complex requests. 5. International Data Transfers As a UK-registered entity, we process data primarily within the United Kingdom and the European Economic Area. Where transfers to third countries are necessary, we implement Standard Contractual Clauses (SCCs) approved by the European Commission and the UK Information Commissioner's Office, supplemented by Transfer Impact Assessments where required. 6. Data Retention Schedule Data Category Retention Period Rationale Client contract records 6 years post-termination Limitation Act 1980; HMRC requirements Financial and accounting records 6 years Finance Act 1988; Companies Act 2006 Marketing consent records Until withdrawal + 2 years PECR compliance; evidential purposes Website analytics 26 months Google Analytics default; anonymised thereafter Prospect data (unconverted) 2 years from last contact Legitimate interest assessment 7. Data Security Measures We maintain a comprehensive information security management system incorporating: AES-256 encryption for data at rest; TLS 1.3 for data in transit Role-based access control (RBAC) with principle of least privilege Multi-factor authentication across all administrative systems Annual penetration testing and vulnerability assessments ISO 27001-aligned incident response procedures 8. Cookies and Tracking Technologies Our website deploys cookies in accordance with the following classification: Category Function Duration Consent Required Strictly Necessary Authentication, security, load balancing Session to 12 months No Performance Analytics and error monitoring 26 months Yes Functional Language preferences, form persistence 12 months Yes Targeting Advertising measurement and retargeting 90 days Yes 9. Third-Party Processors We engage the following categories of data processors under Article 28 UK GDPR-compliant contracts: Cloud infrastructure and web hosting providers Payment processing services (Stripe, PayPal) Customer relationship management platforms Analytics and advertising technology vendors 10. Complaints and Regulatory Contact Should you have concerns regarding our data processing practices, you may contact: DOBIL MARKETING LTD: Office 1353, 85 Dunstall Hill, Wolverhampton, WV6 0SR, UK | ceo@dobilmarketing.com Information Commissioner's Office (ICO): Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF | www.ico.org.uk 11. Policy Amendments We reserve the right to amend this Privacy Policy to reflect changes in legislation, technology, or business operations. Material amendments shall be notified via email to active clients and a prominent notice on our website.