Legal
Privacy Policy
Last updated: 31 March 2026
1. About this policy
This Privacy Policy explains how Oneiro Digital ("we", "us", "our") collects, uses, stores, and protects personal data obtained through this website (oneiro.digital) and through our client engagements. We are committed to handling personal data responsibly and in accordance with applicable law. This policy applies to all visitors to our website and to individuals who contact us or engage our services.
2. Who we are
Oneiro Digital is a digital marketing agency specialising in analytics, conversion rate optimisation, paid media, and Shopify migrations for luxury and retail ecommerce brands. Our website address is https://oneiro.digital. For the purposes of UK GDPR and the Data Protection Act 2018, Oneiro Digital is the data controller for personal data collected via this website. For any data protection enquiries, contact us at hello@oneiro.digital.
3. Personal data we collect
We collect the following categories of personal data: (a) Contact information, including name, email address, company name, and any information you voluntarily provide when submitting our contact form or communicating with us directly. (b) Usage data, including pages visited, time on site, browser type, device type, operating system, and referring source, collected via our analytics provider. (c) Communication records, including the content of any messages or emails you send to us. We do not collect sensitive personal data, financial account data, or data relating to children.
4. How we use your personal data
We use the personal data we collect for the following purposes: (a) To respond to enquiries submitted via our contact form and to assess potential project fit. (b) To communicate with prospective and existing clients regarding our services. (c) To improve our website and understand how visitors interact with our content. (d) To comply with legal obligations. We do not use your personal data for automated decision-making or profiling. We do not sell your personal data to third parties. We do not share your personal data with third parties for their marketing purposes.
5. Legal basis for processing (UK GDPR)
For individuals located in the United Kingdom or European Economic Area, we rely on the following legal bases under UK GDPR: (a) Legitimate interests: we process contact form data to respond to enquiries from prospective clients. Our legitimate interest is to communicate with individuals who have proactively reached out to us. (b) Consent: we process analytics data only where you have given consent via our cookie banner. You may withdraw consent at any time by adjusting your browser settings or contacting us. (c) Legal obligation: we may process personal data where required to comply with applicable law.
6. US residents: California (CCPA/CPRA)
If you are a resident of California, the California Consumer Privacy Act 2018 (CCPA) and California Privacy Rights Act 2020 (CPRA) grant you the following rights: the right to know what personal information we collect, use, disclose, and sell; the right to delete personal information we hold about you, subject to certain exceptions; the right to correct inaccurate personal information; the right to opt out of the sale or sharing of personal information (we do not sell or share personal information); the right to limit the use of sensitive personal information (we do not collect sensitive personal information within the meaning of the CPRA); and the right not to be discriminated against for exercising your privacy rights. To exercise these rights, contact us at hello@oneiro.digital. We will respond to verifiable consumer requests within 45 days.
7. US residents: other applicable state laws
Residents of Virginia (Consumer Data Protection Act), Colorado (Colorado Privacy Act), Connecticut (Connecticut Data Privacy Act), Texas (Texas Data Privacy and Security Act), and other states with applicable privacy legislation have rights similar to those described in Section 6, including rights of access, deletion, correction, portability, and the right to opt out of targeted advertising and profiling. We do not engage in the sale of personal data or targeted advertising as defined under these laws. To exercise your rights under any applicable US state privacy law, contact us at hello@oneiro.digital. We will respond within the timeframe required by the applicable law in your state.
8. Third-party services and data processors
We use the following third-party services that may process personal data on our behalf: (a) Resend (resend.com): processes contact form submissions for the purpose of email delivery. (b) Vercel Analytics: a privacy-first, cookieless analytics service. Usage data is aggregated and does not identify individual visitors. (c) Sanity (sanity.io): our content management system. No visitor personal data is stored within Sanity. Each of these providers operates under data processing agreements and their own privacy policies. We do not permit our data processors to use your personal data for any purpose other than providing the specified service.
9. International data transfers
Some of our third-party service providers may process personal data outside of the United Kingdom or European Economic Area. Where such transfers occur, we ensure that appropriate safeguards are in place, including Standard Contractual Clauses approved by the UK Information Commissioner's Office or equivalent mechanisms. For transfers of data from the United States, we rely on applicable data transfer frameworks and contractual protections with our service providers.
10. Data retention
We retain contact form submissions and associated correspondence for a period of up to 24 months following last contact, unless you request earlier deletion or a longer retention period is required by law. Analytics data is retained in accordance with our analytics provider's standard retention periods. We will delete or anonymise your personal data when it is no longer required for the purposes for which it was collected.
11. Data security
We implement appropriate technical and organisational measures to protect personal data against unauthorised access, loss, destruction, or alteration. Our website is served over HTTPS. Access to personal data is restricted to authorised personnel who require it for legitimate business purposes. In the event of a personal data breach that poses a risk to your rights and freedoms, we will notify the relevant supervisory authority and, where required, affected individuals, in accordance with applicable law.
12. Your rights (UK/EEA residents)
Under UK GDPR, you have the following rights in relation to your personal data: the right to access a copy of the personal data we hold about you; the right to rectification of inaccurate or incomplete data; the right to erasure ("right to be forgotten") in certain circumstances; the right to restrict processing in certain circumstances; the right to data portability; the right to object to processing based on legitimate interests; and the right to withdraw consent at any time where processing is based on consent. To exercise any of these rights, contact us at hello@oneiro.digital. We will respond within one calendar month. You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk or by calling 0303 123 1113.
13. Cookies
We use a minimal cookie approach. Our analytics provider, Vercel Analytics, is cookieless and does not require cookie consent. We may set a strictly necessary cookie to store your cookie preference. We do not use advertising, tracking, or third-party marketing cookies. For full details, see our Cookie Policy at oneiro.digital/cookie-policy.
14. Children's privacy
Our website and services are not directed at children under the age of 16. We do not knowingly collect personal data from children. If you believe we have inadvertently collected personal data from a child, please contact us at hello@oneiro.digital and we will delete it promptly.
15. Changes to this policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. The date at the top of this page indicates when it was last revised. We encourage you to review this policy periodically. Where changes are material, we will take reasonable steps to notify you.
16. Contact
For any questions, concerns, or requests relating to this Privacy Policy or our handling of your personal data, contact us at hello@oneiro.digital. We aim to respond to all enquiries within five business days.