1 Who We Are
Nexura Marketing ("we", "us", "our") is an AI-powered marketing agency based in London, UK. We provide digital marketing services to hospitality businesses including pubs, restaurants, cafés and bars.
We are registered as a data controller and are committed to protecting your personal data in accordance with UK GDPR and the Data Protection Act 2018.
2 Data We Collect
Information you provide to us
- Contact details: Your name, phone number (including WhatsApp number), and email address
- Business information: Your business name, address, type of establishment, website URL, and social media handles
- Account credentials: Login details or access tokens for social media platforms (Instagram, Facebook, TikTok) and Google Business Profile, where you choose to provide them for us to manage your accounts
- Content: Photos, videos, and written content you share with us via WhatsApp or other channels for use in your marketing
- Communications: The content of messages you send us via WhatsApp, email, or any other channel
Information we collect automatically
- Analytics data: Performance data from platforms we manage on your behalf, including reach, impressions, engagement rates, and follower counts
- Review data: Content of reviews posted about your business on Google and other public platforms
- Competitor data: Publicly available information about competitor businesses for the purpose of market analysis
- Website data: If you visit our website, we may collect standard log data including your IP address, browser type, and pages visited (see Cookies section below)
Special categories of data
We do not intentionally collect any special category personal data (such as health information, political views, or biometric data). Please do not send us any such data.
3 How We Use Your Data
We use your personal data for the following purposes:
- Service delivery: To manage and operate your social media accounts, Google Business Profile, email marketing campaigns, and other marketing services you have subscribed to
- Content creation: To create marketing content tailored to your business using AI tools, based on information and assets you provide
- Review management: To monitor online reviews of your business and draft professional responses on your behalf
- SEO and local search: To optimise your online presence and improve your visibility in local search results
- Performance reporting: To compile and send you monthly reports on the performance of your marketing activities
- Competitor monitoring: To track competitor businesses and surface relevant opportunities for your business
- Communication: To communicate with you about your account, services, and any queries you raise via WhatsApp or email
- Billing and administration: To manage your subscription, process payments, and maintain our business records
- Legal compliance: To fulfil our legal obligations and enforce our terms
We will never sell your personal data to third parties. We will never use your data for purposes other than those described in this policy without your explicit consent.
4 Legal Basis for Processing
Under UK GDPR, we must have a lawful basis for processing your personal data. We rely on the following:
- Contract performance (Article 6(1)(b)): Processing necessary to deliver the services you have contracted with us, including managing your marketing channels and creating content
- Legitimate interests (Article 6(1)(f)): Processing for our legitimate business interests, such as improving our services, preventing fraud, and conducting market analysis — where these do not override your rights
- Consent (Article 6(1)(a)): Where we ask for your consent to specific processing activities, such as sending you marketing communications about our own services
- Legal obligation (Article 6(1)(c)): Where we are required to process data to comply with UK law
5 Third Parties We Share Data With
We share your data with third parties only where necessary to deliver our services. We require all third parties to respect the security of your personal data and to comply with applicable data protection law.
Platform providers (necessary for service delivery)
- Meta (Facebook & Instagram): We access your Facebook Page and Instagram Business Account via the Meta API to post content, respond to messages, and retrieve analytics. Meta's privacy policy governs their use of data: facebook.com/privacy/policy
- Google: We access your Google Business Profile to manage posts, photos, and information. Google's privacy policy: policies.google.com/privacy
- TikTok: Where TikTok management is included in your plan, we access your TikTok Business Account to post and manage content. TikTok's privacy policy: tiktok.com/legal/privacy-policy
Service providers (data processors acting on our behalf)
- AI content tools: We use AI platforms (including large language model providers) to assist with content creation. These providers act as data processors under our instructions
- Email marketing platforms: To send email campaigns on your behalf, we use email service providers who process subscriber data under your direction
- Analytics tools: We may use analytics platforms to monitor campaign performance
- Cloud storage: We use secure cloud infrastructure to store data related to your account
Legal requirements
We may disclose your data if required to do so by law, in response to valid legal requests from law enforcement authorities, or to protect the rights, property, or safety of Nexura Marketing, our clients, or others.
International transfers
Some of our third-party service providers are based outside the UK or EEA. Where we transfer data internationally, we ensure appropriate safeguards are in place, such as UK International Data Transfer Agreements (IDTAs) or equivalent protections.
6 Data Retention
We retain your personal data only for as long as necessary for the purposes described in this policy, and in accordance with our legal obligations.
- Active client data: Retained for the duration of our service agreement with you
- Post-contract data: Following termination of your account, we retain basic account records for 6 years to comply with UK tax and legal requirements
- Communications: WhatsApp and email correspondence is retained for 2 years after the last interaction, unless you request earlier deletion
- Social media credentials: Access tokens and credentials are deleted within 30 days of contract termination
- Marketing analytics: Aggregated performance data (which does not personally identify individuals) may be retained indefinitely for benchmarking purposes
When data is no longer required, we securely delete or anonymise it.
7 Your Rights Under UK GDPR
As a data subject, you have the following rights regarding your personal data. You can exercise these rights at any time by contacting us at nexura@nexuramarketing.co.uk.
- Right to access: You have the right to request a copy of the personal data we hold about you (a Subject Access Request)
- Right to rectification: You have the right to request correction of inaccurate or incomplete personal data
- Right to erasure: You have the right to request deletion of your personal data ("the right to be forgotten"), subject to certain legal exceptions
- Right to restrict processing: You have the right to request that we limit how we use your data in certain circumstances
- Right to data portability: Where processing is based on consent or contract, you have the right to receive your data in a structured, commonly used, machine-readable format
- Right to object: You have the right to object to processing based on legitimate interests, and to object to direct marketing at any time
- Rights related to automated decision-making: You have the right not to be subject to solely automated decisions that have a significant effect on you
- Right to withdraw consent: Where processing is based on consent, you may withdraw that consent at any time without affecting the lawfulness of prior processing
We will respond to all valid requests within one calendar month. In complex cases, we may extend this by a further two months, and will notify you accordingly. We will not charge a fee for exercising your rights unless requests are manifestly unfounded or excessive.
Right to complain
If you are dissatisfied with how we handle your data, you have the right to lodge a complaint with the UK's supervisory authority, the Information Commissioner's Office (ICO):
8 Data Security
We take the security of your personal data seriously and have implemented appropriate technical and organisational measures to protect it against unauthorised access, disclosure, alteration, or destruction.
- All data is stored on encrypted, access-controlled cloud infrastructure
- Access to client data is restricted to authorised personnel on a need-to-know basis
- Social media credentials and API tokens are stored using industry-standard encryption
- We use secure, encrypted communication channels where possible
- We regularly review and update our security practices
In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the ICO within 72 hours and inform you without undue delay, in accordance with our obligations under UK GDPR Article 33–34.
9 Cookies Policy
Our website uses cookies and similar technologies to ensure proper functioning and to understand how visitors use it. A cookie is a small text file stored on your device.
Essential cookies
These cookies are necessary for the website to function correctly. They cannot be disabled. They include cookies that remember your cookie preferences and ensure basic security.
Analytics cookies
We may use analytics cookies (such as those provided by privacy-focused analytics tools) to understand how visitors interact with our website — for example, which pages are visited most often. This data is aggregated and anonymous. We will ask for your consent before setting these cookies.
Managing cookies
You can control and delete cookies through your browser settings. Most browsers allow you to refuse cookies, delete existing cookies, or set preferences for specific sites. Note that disabling certain cookies may affect website functionality.
For more information about cookies and how to manage them, visit allaboutcookies.org.
We do not use advertising or tracking cookies for behavioural profiling. We do not share cookie data with advertising networks.
10 Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our services, legal requirements, or data practices. When we make material changes, we will:
- Update the "Last updated" date at the top of this policy
- Notify active clients via WhatsApp or email
We encourage you to review this policy periodically. Continued use of our services after changes are posted constitutes acceptance of the updated policy.