Privacy & Data Policy

1  Who we are

​

Policy Brief Media ltd ("we", "us") is a British‑incorporated company (company no. 16638003) with its registered office at 124 City Road, London, EC1V 2NX. We are the data controller for the purposes of the UK and EU General Data Protection Regulation ("GDPR").

 

Responsible Contact: Oliver Lessiter, data@policybrief.co.uk

 

2  What this notice covers

 

This notice explains how we process personal data relating to professionals at organisations we may contact about our products and services ("Business Contacts"). It applies where we obtained your data from publicly available sources or third‑party lead‑generation partners, and not directly from you. For information on data we collect via our website or customer contracts, please see our main privacy policy instead: policybrief.co.uk/privacy-policy

 

3  What data we collect

​

Category

Typical items

Identity & contact

Name, job title, employer, work email address, work telephone number

Professional profile

Information you publish on LinkedIn, your company website, conference biographies, Companies House filings, etc.

Engagement history

Emails exchanged, call notes, marketing preferences, open/click events

Suppression/opt‑out status

Record of unsubscribes or objections

We do not intentionally collect any special‑category or sensitive data about Business Contacts.

 

4  Where your data comes from

​

• Public sources 

• Lead‑generation partners – specialist agencies that supply B2B contact lists.

​

5  Purposes and lawful basis

 

We process your business‑contact data for:

​

1. Direct B2B marketing – to send information about our [products/services] that we believe is relevant to your professional role.

2. Maintaining a suppression list – to ensure we respect opt‑out requests.

​

Our lawful basis under Article 6(1)(f) GDPR is our legitimate interest in promoting our business to professionals who are likely to benefit from our offering. We have carried out a Legitimate‑Interest Assessment and concluded that this activity is proportionate and has a minimal privacy impact. You may request a copy.

​

You can object to marketing at any time (see Section 9).

 

6  Who we share it with

​​

We limit access to your data to employees and contractors who need it for the above purposes. We also use service providers acting as processors (e.g. CRM providers) bound by GDPR‑compliant contracts. We do not sell or rent your data.

 

7  International transfers

 

Where we or our processors transfer your data outside the UK/EEA, we rely on an adequacy decision or implement appropriate safeguards such as the EU Standard Contractual Clauses.

 

8  How long we keep it

​

• Active records – up to 12 months from the last meaningful interaction.

• Suppression‑list records – indefinitely, to honour opt‑out requests.

 

9  Your rights

 

You have the right to:

​

• Request access to the personal data we hold about you;

• Request correction or deletion of inaccurate or unnecessary data;

• Object to processing for direct marketing (we will stop immediately);

• Request restriction of processing;

• Exercise data‑portability rights (where applicable).

​

To exercise any of these rights, email data@policybrief.co.uk. We will respond within one month.

​

10  Automated decision‑making

​

We do not make decisions about Business Contacts that have legal or similarly significant effects based solely on automated processing.

 

11  Complaints

 

If you have concerns, please contact us first at data@policybrief.co.uk. You also have the right to lodge a complaint with your supervisory authority. In the UK this is the Information Commissioner’s Office (ICO) – see ico.org.uk for contact details.

 

12  Changes to this notice

​

We may update this notice from time to time. The current version is always available at this URL.