Privacy Policy

Introduction

At Ai Social Buzz, we are committed to protecting your privacy and handling your personal data responsibly. This Privacy Policy explains how we collect, use, store, share, and protect personal data when you:
   ● Visit our website (findatrade.org).
   ● Contact us via forms, email, or phone.
   ● Become a client and use our social media management, Google Ads, or related digital marketing services.
We comply fully with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and other applicable UK data protection laws. Ai Social Buzz acts as:
   ● Data controller for data collected directly from you (e.g., website enquiries, client contact details for service delivery).
   ● Data processor for personal data in client campaigns (e.g., leads from ads, audience data) — we process this strictly on behalf of our trade clients (the controllers), under a Data Processing Agreement (DPA).
If you are an end-user/lead from a client’s campaign, refer to that trade business’s privacy notice for their processing details.

Who We Are (Our Contact Details)

Ai Social Buzz
[Your full business address, if applicable]
Email: hello@findatrade.org
Phone: [Your phone number, if you wish to include]
For data protection queries: Use the email above with subject “Privacy Query”.

Data We Collect

We collect only what is necessary:
   ● From website visitors and enquirers (as controller):
○ Contact information: Name, email address, phone number (via contact form or direct enquiry).
○ Business details: Your trade type (e.g., plumber, electrician), service area/location, marketing goals/needs.
○ Technical data: IP address, browser type, device info, pages visited, time/date of access (via cookies/analytics — see our Cookie Policy [link if separate]).
   ● From clients (as controller for account management; processor for campaigns):
○ Additional business info: Company name, address, logo/branding assets, access credentials for ad platforms (Meta, Google, etc.).
○ Campaign-related data: Lead form submissions (e.g., names, phones, emails from prospects), ad performance metrics, audience insights (processed on your instructions).
We do not collect special category data (e.g., health, ethnicity) or children’s data in our services.

How We Collect Your Data

   ● Directly from you (forms, emails, calls, contracts).
   ● Automatically (cookies, server logs — with consent where required).
   ● From third parties (e.g., platform analytics like Google/Meta, but only as needed for
services).

How We Use Your Data (Purposes and Lawful Bases)

We process data for these purposes, with UK GDPR lawful bases:
   ● Responding to enquiries, providing quotes, and onboarding clients — Contractual necessity (or steps prior to contract) / Legitimate interests (efficient business communication).
   ● Delivering services: Managing social media/Google Ads campaigns, content creation, reporting — Contractual necessity (to fulfil our agreement).
   ● Sending performance reports, updates, or service communications — Contractual necessity or Legitimate interests.
   ● Improving our website/services (analytics) — Legitimate interests (with opt-out options via cookies).
   ● Complying with legal obligations (e.g., tax, disputes) — Legal obligation.
For marketing to you (e.g., newsletters) — only with consent (which you can withdraw anytime).

Data Sharing and Recipients

We do not sell personal data. We share only as necessary:
   ● With subprocessors/third-party tools required for services: Meta (Facebook/Instagram), Google (Ads/Analytics), Metricool (scheduling/analytics),
Zoho (reporting/CRM), and similar platforms.
   ● With professional advisors (e.g., accountants, lawyers) if needed.
   ● If required by law, court order, or to protect rights/safety.
As processor for campaigns, we share data only per your (client’s) instructions. Full list of subprocessors available on request.

International Data Transfers

Some tools (e.g., Meta, Google) are based outside the UK (often US). We ensure safeguards:
   ● UK International Data Transfer Addendum / Standard Contractual Clauses.
   ● Reliance on platform adequacy decisions or equivalent measures where applicable.

Data Retention

We keep data only as long as necessary:
   ● Enquiry data: Up to 12 months if no contract, or longer if you consent.
   ● Client data: Duration of contract + up to 6 years for legal/tax reasons.
   ● Campaign/lead data: As per client instructions and platform policies (we delete/return on termination unless legally required).
   ● Technical logs: Typically 12–24 months.

Security

We use appropriate measures:
   ● Encryption (in transit/rest where possible).
   ● Access controls, 2FA, secure tools.
   ● Regular reviews and staff training.
No system is 100% secure, but we aim for high standards.

Your Rights Under UK GDPR

You have rights including:
   ● Access (what data we hold).
   ● Rectification (correct inaccuracies).
   ● Erasure (“right to be forgotten” — where applicable).
   ● Restriction of processing.
   ● Objection (e.g., to legitimate interests processing).
   ● Data portability.
   ● Withdraw consent (where used).
To exercise: Email hello@findatrade.org. We respond within one month (extendable if complex). No fee usually.
For processor activities: Direct requests to your trade client (controller); we assist as required.

Cookies and Similar Technologies

We use cookies for functionality/analytics. See our separate Cookie Policy [link if you have one; otherwise add a section or note consent banner compliance via PECR/UK GDPR].

Automated Decision-Making

We do not use automated decisions with legal/significant effects.

Complaints

If unsatisfied, contact us first. You can complain to:
Information Commissioner’s Office (ICO)
Website: https://ico.org.uk
Phone: 0303 123 1113
This policy is reviewed regularly. Changes posted here with updated date.
By using our website/services, you accept this policy. For questions:
hello@findatrade.org.