Skip to content

Privacy Policy

Effective date: 01.01.2026

Last updated: 04.06.2026

1. Who we are

MuchMore Creative ("we", "us", "our") is a creative and media agency that produces brand, design, content, and digital work for clients. Our registered office is at 198 Shorncliffe Road,
Folkestone, Kent, England, CT20 3PH. You can reach us at [email protected] or +447909814643.

Our website address is: muchmore.co.

For the purpose of data protection law (GDPR / UK GDPR / CCPA), we act as data controller for personal data collected through our website and as a data processor for data we handle on behalf of clients during project work.

2. What personal data we collect and why

a) Visitors to our website

  • Contact form / project inquiries — name, email, company, phone (optional), and the message you send. Used to respond to your inquiry, prepare proposals, and follow up.
  • Newsletter signups — email address. Used to send periodic updates about our work. You can unsubscribe at any time via the link in any email.
  • Analytics — anonymised data about your visit (pages viewed, referrer, browser, country) via Google Analytics. Used to understand how the site is used and improve it.
  • Server logs — IP address, user agent, timestamps. Used for security and abuse prevention. Retained for 90 days.

b) Clients and project participants

  • Contact details of stakeholders we work with on a project (name, email, role, phone).
  • Project materials you share with us (briefs, brand assets, footage, talent releases, photography).
  • Billing and invoicing details where you are the bill payer.

c) Talent, freelancers, and contributors

  • Name, contact details, portfolio, payment details, ID or right-to-work documents where required by law.
  • Image and likeness when contracted for productions, governed by a separate release form.

d) Job applicants

  • Name, contact details, CV, portfolio, and anything else you choose to share. Retained for 12 months after the role closes unless you ask us to keep it longer.

3. Legal basis for processing (GDPR)

We process personal data on one or more of these bases:

  • Contract — to deliver services you or your employer has engaged us for.
  • Legitimate interests — to run our business, respond to inquiries, secure our systems, market our services to existing clients, and improve our work. We balance these against your rights.
  • Consent — for marketing communications, optional analytics cookies, and any sensitive data processing. You can withdraw consent at any time.
  • Legal obligation — to meet tax, accounting, employment, and anti-fraud requirements.

4. Cookies and similar technologies

We use cookies and similar technologies to operate the site, remember preferences, and measure performance. Categories used:

  • Strictly necessary — required for the site to function (e.g. session, security). Cannot be disabled.
  • Analytics — see how the site is used. Set only with your consent via the cookie banner.
  • Marketing / embeds — set by third-party content (e.g. Vimeo, YouTube, social embeds) when you interact with that content.

You can manage your preferences through our cookie banner at any time, or via your browser settings. See our Cookie Policy for the full list.

5. Embedded content from other websites

Pages on this site may include embedded content (videos from Vimeo / YouTube, social posts, design previews from Figma / Paper, etc.). Embedded content behaves as if you had visited the other site directly. Those services may collect data about you, set cookies, embed additional tracking, and monitor your interaction. We do not control their processing.

6. Who we share data with

We share personal data only as necessary:

  • Service providers that host our site and tools (e.g. Kinsta, AWS, Google Workspace, Slack, project management, accounting). They process data on our behalf under contract.
  • Clients — when you are a stakeholder on a client project, your name and contact details may be visible to the client team.
  • Third-party vendors required to deliver a project (e.g. print houses, ad platforms, media buyers, talent agencies, production crew).
  • Professional advisers — lawyers, accountants, insurers.
  • Authorities when required by law.

We do not sell personal data.

7. International transfers

Some of our providers are based outside the UK. Where data is transferred, we rely on adequacy decisions or Standard Contractual Clauses (SCCs) plus additional safeguards as required.

8. How long we keep data

  • Inquiries that don't lead to a project — up to 12 months.
  • Client and project records — for the life of the engagement plus 7 years for tax and contract reasons.
  • Newsletter subscribers — until you unsubscribe, plus 12 months of suppression list retention.
  • Job applications — 12 months after the role closes.
  • Analytics — anonymised or aggregated indefinitely; raw data per provider settings (typically 14 months).
  • Server logs — 30 days.

9. Your rights

Depending on where you live (GDPR, UK GDPR, CCPA, etc.), you have the right to:

  • Access the personal data we hold about you.
  • Have it corrected or completed.
  • Have it erased ("right to be forgotten"), subject to legal limits.
  • Restrict or object to processing, including marketing.
  • Data portability — receive your data in a structured, machine-readable format.
  • Withdraw consent at any time where processing is based on consent.
  • Not be subject to solely automated decision-making with significant effects on you (we don't currently do this).
  • Restrict or object to processing, including marketing.
  • Data portability — receive your data in a structured, machine-readable format.
  • Withdraw consent at any time where processing is based on consent.
  • Not be subject to solely automated decision-making with significant effects on you (we don't currently do this).
  • (California residents) Opt out of the "sale" or "sharing" of personal information. We do not sell personal data.

To exercise any of these, email [email protected]. We respond within 30 days.
If you are unhappy with how we handle your data you can complain to a supervisory authority — in the UK that's the ICO (ico.org.uk); in the EU, your local DPA.

10. Security

We use reasonable technical and organisational measures to protect personal data — encrypted transport (HTTPS), access controls, least-privilege account management, regular backups, and vendor due
diligence. No system is perfectly secure; if a breach affects your data we will notify you and the relevant authority as required by law.

11. Children

This site is not directed at children under 16. We do not knowingly collect personal data from children. If you believe a child has provided us data, contact us and we will delete it.

12. Changes to this policy

We may update this policy from time to time. The "Last updated" date at the top reflects the most recent version. Material changes will be communicated through the site or by email where
appropriate.

13. Contact

Privacy questions, requests, or complaints:

MuchMore Creative

Email: [email protected]

Address: 198 Shorncliffe Road, Folkestone, Kent, England, CT20 3PH

Data Protection Officer: Ian Harris