Contact
AW Office Limited ("we", "us", "our") respects your privacy and is committed to protecting your personal data. This policy explains how we collect and use personal data in the course of our work, in accordance with the Isle of Man Data Protection Act 2018 and the applied GDPR, and equivalent UK and EU GDPR standards where relevant.
1. Who we are
AW Office Limited is a strategic and commercial consultancy working with creative studios and brands. We act as the data controller for the personal data we process.
Contact: info@andywilliamson.co Mingulay, Pinfold Hill, Laxey, Isle of Man IM4 7HW
2. What data we collect
We may collect and process:
- Contact details (e.g. name, email address, company, role)
- Client information necessary to deliver our services
- Communications (emails, messages, meeting notes)
We do not intentionally collect special category data. If such data is shared incidentally in the course of our work, it is handled with additional care and deleted when no longer needed.
3. How we collect data
We collect data:
- Directly from you (e.g. when you get in touch or become a client)
- From publicly available sources (e.g. company websites, professional profiles) for relevant business outreach
4. How we use your data
We use personal data to:
- Provide and manage our services
- Communicate with clients and contacts
- Carry out relevant, targeted business development
- Maintain internal records and operations
5. Legal basis for processing
We rely on:
- Contract—where processing is necessary to deliver services
- Legitimate interests—for business development and outreach, where communications are relevant and professional, contact details are publicly available, and individuals can easily opt out. Details of our legitimate interests balancing assessment are available on request.
- Consent—where you have actively opted in (e.g. newsletter subscription). You may withdraw consent at any time without affecting the lawfulness of prior processing.
- Legal obligation—where processing is required to comply with applicable law.
6. Cookies and website tracking
Our website does not currently use cookies or tracking technologies. If this changes in future, we will update this policy and, where required, seek your consent before any non-essential cookies are set.
7. Data sharing
We do not sell personal data.
We may share data with trusted service providers (e.g. email, cloud storage, productivity tools) solely to operate our business. These providers act as data processors and are contractually bound to protect your data.
8. International transfers
Some service providers may process data outside the Isle of Man, UK, or EEA. Where this occurs, we rely on appropriate safeguards, including adequacy decisions, Standard Contractual Clauses (SCCs), or the UK International Data Transfer Agreement (IDTA), to ensure your data remains protected.
9. Data retention
We retain personal data only as long as necessary:
- Client data—retained for the duration of the engagement and for up to seven years afterwards to meet legal, tax, and operational obligations
- Prospect data—reviewed at least every twelve months and deleted where there has been no meaningful engagement
- Newsletter subscribers—retained until you unsubscribe, after which records are deleted within a reasonable period
10. Your rights
Under applicable data protection law, you have the right to:
- Access your personal data
- Request correction of inaccurate data
- Request deletion of your data
- Request restriction of processing
- Object to processing, including for direct marketing and outreach
- Data portability, where applicable
- Withdraw consent at any time, where consent is the legal basis
To exercise any of these rights, contact us at the email above. We will respond within one month.
You also have the right to lodge a complaint with a supervisory authority. In the Isle of Man, this is the Information Commissioner (inforights.im). If you are based in the UK or EU, you may also contact the relevant authority in your jurisdiction.
11. Data security
We take appropriate technical and organisational measures to protect personal data against unauthorised access, loss, or misuse. In the event of a personal data breach that poses a risk to your rights and freedoms, we will notify the Information Commissioner and, where required, affected individuals in line with our legal obligations.
12. Updates
We may update this policy from time to time. The latest version will always be available on our website, with the revision date shown above.