Privacy Policy

Privacy Policy

Last updated: 12 February 2026

1. Who We Are and How to Contact Us

Them Apples Ltd (“we”, “us”, “our”) is a social-first creative agency based in London, crafting social storytelling, campaigns and strategic creative content.

Company number: 15949881
Registered address: 10 Sunny Way, London N12 0QB

For the purposes of UK data protection law, including the UK General Data Protection Regulation (“UK GDPR”) and the Data Protection Act 2018, we are the data controller of personal data collected through our website and through direct communications with us.

Where we process personal data on behalf of clients in the course of delivering creative, marketing or strategic services, we act as a data processor under separate contractual arrangements with those clients.

If you have any questions about this policy or wish to exercise your rights, please contact:

Email: alec@themapples.agency
Post: 10 Sunny Way, London N12 0QB
Telephone: +44 7981 205383

2. Scope of This Policy

This Privacy Policy applies to:

  • Visitors to our website

  • Individuals who contact us directly

  • Prospective and existing clients

  • Business contacts and collaborators

It does not apply to personal data processed solely on behalf of clients, which is governed by separate data processing agreements.

3. Personal Data We Collect

We may collect and process the following categories of personal data:

a) Information You Provide Directly

  • Name

  • Email address

  • Telephone number

  • Job title

  • Company name

  • Information contained in correspondence, proposals, briefs or communications

b) Automated Information

  • IP address

  • Device type and operating system

  • Browser type

  • Pages visited and website interaction data

  • Cookies and tracking data (subject to consent where required)

c) Client and Campaign Context

In the course of delivering creative or marketing services, we may process business contact data and limited audience data strictly in accordance with client instructions and contractual obligations.

Special Category Data

We do not intentionally collect special category data (such as data revealing racial or ethnic origin, political opinions, religious beliefs, health data or sexual orientation).

If such data is inadvertently provided to us, we will only process it where an appropriate lawful basis under UK GDPR applies.

4. How We Use Your Personal Data and Lawful Bases

We process personal data on the following lawful bases:

a) Contractual Necessity

To:

  • Respond to enquiries

  • Prepare proposals

  • Deliver agreed services

  • Manage contractual relationships

b) Legitimate Interests

To:

  • Communicate effectively with business contacts

  • Improve our website and services

  • Conduct internal analysis and performance evaluation

  • Maintain network security

  • Develop new business relationships in a professional B2B context

Where we rely on legitimate interests, we have carried out a balancing assessment to ensure our interests do not override your rights and freedoms.

You have the right to object to processing based on legitimate interests at any time.

c) Consent

Where required, we rely on consent to:

  • Send marketing communications

  • Place non-essential cookies

  • Distribute newsletters or updates

You may withdraw consent at any time.

d) Legal Obligation

To comply with legal and regulatory requirements, including tax and accounting obligations.

5. Marketing Communications

We may send marketing communications where:

  • You have opted in; or

  • You are a corporate contact and communication is permitted under applicable UK electronic marketing regulations.

You may unsubscribe at any time by using the link in our emails or contacting us directly.

We do not sell personal data or share it for third-party marketing.

6. Cookies and Tracking Technologies

We use cookies and similar technologies to:

  • Ensure website functionality

  • Analyse website traffic

  • Improve user experience

Cookies fall into the following categories:

  • Essential cookies (required for core functionality)

  • Analytics cookies (used to understand website performance)

  • Marketing cookies (if applicable)

Non-essential cookies are placed only with your consent via our cookie banner.

You may withdraw consent or adjust preferences at any time through the cookie settings tool or your browser controls.

7. International Transfers

Some of our service providers (such as cloud hosting, analytics or email platforms) may process data outside the UK.

Where personal data is transferred internationally, we ensure appropriate safeguards are in place, including:

  • UK International Data Transfer Agreements (IDTA); or

  • The UK Addendum to EU Standard Contractual Clauses; or

  • Transfers to countries deemed adequate by the UK Government.

8. Data Retention

We retain personal data only for as long as necessary for the purposes described in this policy, including to meet legal, accounting or reporting obligations.

Typical retention periods:

  • Enquiries and proposals: up to 2 years after last contact

  • Marketing data: until you withdraw consent or object

  • Contractual and financial records: up to 6 years

  • Website analytics data: in accordance with configured retention settings

Retention periods are reviewed periodically.

9. Your Rights

Under UK GDPR, you have the right to:

  • Access your personal data

  • Request rectification of inaccurate data

  • Request erasure in certain circumstances

  • Request restriction of processing

  • Object to processing, including direct marketing

  • Request data portability (where applicable)

  • Withdraw consent at any time

To exercise your rights, please contact us using the details above.

If you are not satisfied with how we handle your data, you may lodge a complaint with the Information Commissioner’s Office (ICO), the UK supervisory authority.

10. Automated Decision-Making

We do not carry out automated decision-making or profiling that produces legal or similarly significant effects.

11. Children’s Data

Our website and services are not directed at children under the age of 13. We do not knowingly collect personal data from children.

If you believe we have collected such data, please contact us so we can take appropriate action.

12. Security

We implement appropriate technical and organisational measures to protect personal data, including:

  • Secure hosting environments

  • Access controls and authentication procedures

  • Encrypted communications where appropriate

  • Contractual safeguards with service providers

  • Regular review of security practices

No system is completely secure, but we take reasonable steps to protect your data.

13. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in legal requirements or business practices.

The latest version will always be available on our website and will include the updated revision date.

 Whatever you're building, we're here to help you take the first step with confidence.