Privacy policy

When we say “personal information”, we mean anything that could identify you – such as your name, email address, details about your device, or how you use our website.

This policy covers our website, contentious.ltd, and any other sites we run. If you click through to another website, they’ll have their own privacy policy.

Last updated: 12 December 2025

Information we collect

We collect two types of information:

information you choose to share with us
information collected automatically when you visit our site

“Voluntarily provided” information is anything you knowingly share – like when you contact us or sign up for emails.

“Automatically collected” information is sent by your device when you browse, such as basic technical details and how you use our pages.

Log data

When you visit our website, our servers automatically log some basic information your browser sends. This includes your IP address, browser type and version, which pages you visit, and when.

If something goes wrong while you’re using the site, we might collect technical information about the error – what you were doing at the time and details about your device and browser.

On its own, this information doesn’t usually identify you. But in some cases it could be combined with other data to do so, which is why we treat it as personal information.

Personal information

We might ask for some personal information when you subscribe to our newsletter or contact us. This could include:

your name
your email address

Why we process your personal information

We only collect and use your personal information when we have a good reason to do so. And we only collect what we reasonably need to provide our services.

Collection and use of information

We might collect personal information from you when you:

Sign up to receive updates from us via email or social media
Use a mobile device or web browser to access our content
Contact us via email, social media, or similar
Mention us on social media

We collect, hold, use and share information for these purposes (and we won’t use your personal information in ways that don’t fit with these purposes):

to provide you with our platform’s core features and services

We might combine the information you give us with automatically collected data and general research data from other trusted sources. For example, our marketing and research activities might uncover insights that we combine with information about how visitors use our site to improve your experience.

Keeping your personal information secure

When we collect and store personal information, we protect it using commercially reasonable methods to prevent loss, theft, unauthorised access, disclosure, copying, use or modification.

That said, no method of electronic transmission or storage is 100% secure and we can’t guarantee absolute data security.

You’re responsible for choosing a strong password and keeping your information secure within our services. For example, don’t make your personal information publicly available through our platforms.

How long we keep your personal information

We only keep your personal information for as long as we need it. How long depends on what we’re using it for, as set out in this policy. For example, if you contact us with a question, we’ll keep your details while your enquiry is open and for our own records so we can handle similar questions in future. Once we don’t need it anymore, we’ll delete it or make it anonymous.

However, we might need to keep your personal information if we have a legal, accounting or reporting obligation, or for archiving in the public interest, or for scientific, historical or statistical purposes.

Children’s privacy

We don’t aim any of our products or services at children under 13 and we don’t knowingly collect personal information about them.

Your rights and controlling your personal information

Your choice: By giving us personal information, you understand we’ll collect, hold, use and share it as set out in this policy. You don’t have to provide it, but if you don’t, it might affect how you can use our website or services.
Information from third parties: If we receive personal information about you from someone else, we’ll protect it as set out here. If you’re providing personal information about someone else, you confirm you have their consent to share it with us.
Marketing permission: If you previously agreed to us using your information for direct marketing, you can change your mind any time by contacting us.
Access: You can request details of the personal information we hold about you.
Correction: If you think any information we hold about you is inaccurate, out of date, incomplete, irrelevant or misleading, please contact us. We’ll take reasonable steps to correct it.
Non-discrimination: We won’t discriminate against you for exercising any of these rights. Unless your personal information is needed to provide you with a particular service, we won’t deny you goods or services, charge you different prices, or provide you with a different level or quality of goods or services.
Notification of data breaches: We’ll comply with applicable laws about data breaches.
Complaints: If you think we’ve breached data protection law and want to complain, please contact us with full details. We’ll investigate promptly and respond in writing with the outcome and what we’ll do about it. You also have the right to contact a regulatory body or data protection authority about your complaint.
Unsubscribe: To unsubscribe from our email list or opt out of communications (including marketing), contact us or use the opt-out facilities in the communication. We might need to request specific information to confirm your identity.

Use of cookies and analytics

We don’t use cookies to track you across this website or the wider web. We don’t use advertising cookies or third-party trackers like Meta Pixel or Google Analytics.

We use Umami to understand how people use our website so we can improve our content and services. Umami is configured to be privacy-friendly and doesn’t use tracking cookies. It only collects aggregate, anonymous usage data (like which pages are viewed and for how long) and doesn’t build individual visitor profiles.

Our server keeps standard technical logs (such as IP address, browser type and pages visited) for security, debugging and performance monitoring. We don’t use this to try to identify you.

See our cookie policy for more information.

Business transfers

If we or our assets are acquired, or if we go out of business or enter bankruptcy, your personal information would be among the assets transferred to whoever acquires us. You acknowledge that such transfers might happen, and that whoever acquires us might continue to use your personal information according to this policy (to the extent permitted by law).

Limits of our policy

Our website might link to external sites we don’t run. We have no control over the content and policies of those sites, and we can’t accept responsibility for their privacy practices.

Changes to this policy

We might change this privacy policy to reflect updates to our business processes, current practices, or legal or regulatory changes. If we do, we’ll post the changes here at this link.

If required by law, we’ll get your permission or give you the opportunity to opt in or out of any new uses of your personal information.

Data controller / data processor

The GDPR distinguishes between organisations that process personal information for their own purposes (“data controllers”) and organisations that process it on behalf of others (“data processors”). We, Contentious, are a data controller for the personal information you provide to us.

We’ll only collect and use your personal information when we have a legal right to do so. We’ll do it lawfully, fairly and transparently. If we need your consent to process your personal information and you’re under 16, we’ll seek your parent or legal guardian’s consent.

Our legal basis depends on which services you use and how you use them. We only collect and use your information on these grounds:

When you give us consent to collect and use your personal information for a specific purpose. You can withdraw your consent any time using the facilities we provide, though this won’t affect any use that’s already happened. You might consent to providing your email for marketing emails from us. While you can unsubscribe any time, we can’t recall emails we’ve already sent. If you have questions about withdrawing consent, please ask using the contact details below.

Performance of a contract or transaction

When you’ve entered into a contract or transaction with us, or to take steps before entering into one. For example, if you contact us with a question, we might need your name and contact details to respond.

Our legitimate interests

When we assess it’s necessary for our legitimate interests – such as to provide, operate, improve and communicate our services. We consider our legitimate interests to include research and development, understanding our audience, marketing and promoting our services, operating efficiently, marketing analysis, and protecting our legal rights and interests.

Compliance with law

Sometimes we have a legal obligation to use or keep your personal information. This might include (but isn’t limited to) court orders, criminal investigations, government requests and regulatory obligations. If you have questions about how we keep personal information to comply with the law, please ask using the contact details below.

International transfers outside the European Economic Area (EEA)

We’ll make sure any transfer of personal information from EEA countries to countries outside the EEA is protected by appropriate safeguards – for example by using standard data protection clauses approved by the European Commission, or binding corporate rules or other legally accepted means.

Restrict: You can request that we restrict processing of your personal information if: you’re concerned about its accuracy; you believe it’s been unlawfully processed; you need us to keep it solely for a legal claim; or we’re considering your objection to processing based on legitimate interests.
Objecting to processing: You can object to processing of your personal information based on our legitimate interests or public interest. If you do, we must provide compelling legitimate grounds that override your interests, rights and freedoms to continue processing.
Data portability: You can request a copy of the personal information we hold about you. Where possible, we’ll provide this in CSV or another easily readable machine format. You might also be able to request that we transfer this to a third party.
Deletion: You can request that we delete the personal information we hold about you, and we’ll take reasonable steps to do so. If you ask, we’ll let you know how deletion affects your use of our website or services. There might be exceptions for specific legal reasons which we’ll explain in our response. If you delete your account, we’ll delete your personal information within 30 days. Be aware that search engines and similar third parties might still have copies of your personal information that was once public (like certain profile information and public comments), even after you’ve deleted it from our services or deactivated your account.

The GDPR distinguishes between organisations that process personal information for their own purposes (“data controllers”) and those that process it on behalf of others (“data processors”). For the purposes covered by this policy, we’re a data controller for the personal information you provide and we comply with our data controller obligations under GDPR.

Third-party provided content

We might indirectly collect personal information about you from third parties who have your permission to share it. For example, if you buy something from a business working with us and give permission for us to use your details to complete the transaction.

We might also collect publicly available information about you, such as from social media and messaging platforms you use. What’s available depends on those platforms’ privacy policies and your own privacy settings.

Additional disclosure for collection and use of personal information

Beyond the purposes mentioned above, we might also conduct marketing and market research activities, including studying how visitors use our site to find improvement opportunities and enhance user experience.

Personal information no longer required

If we no longer need your personal information, or if you instruct us under your data subject rights, we’ll delete it or make it anonymous by removing all identifying details. However, we might need to keep it if we have a legal, accounting or reporting obligation, or for archiving in the public interest, or for scientific, historical or statistical purposes.

Data protection and privacy laws let us collect and use your personal data on a limited number of grounds. We’ll do it lawfully, fairly and transparently. We never directly market to anyone under 18.

Our legal basis depends on which services you use and how you use them. Here are the main bases we use:

When you give us consent to collect and use your personal information for a specific purpose. You can withdraw consent any time using the facilities we provide, though this won’t affect any use that’s already happened. When you contact us, we assume consent based on your action of contacting us, so you consent to us using your name and email to respond.

When you agree to receive marketing from us, we’ll do so based solely on your consent or until you tell us not to, which you can do any time.

While you can request that we delete your contact details any time, we can’t recall emails we’ve already sent. If you have questions about withdrawing consent, please ask using the contact details below.

Sometimes we have a legal obligation to use or keep your personal information. This might include (but isn’t limited to) court orders, criminal investigations, government requests and regulatory obligations. For example, we’re required to keep financial records for 7 years. If you have questions about how we keep personal information to comply with the law, please ask using the contact details below.

International transfers of personal information

The personal information we collect is stored and/or processed in the United Kingdom by us. Following an adequacy decision by the EU Commission, the UK has been granted an essentially equivalent level of protection to that guaranteed under UK GDPR.

Sometimes when we share your data with third parties, they might be based outside the UK or European Economic Area (EEA). These countries might not have the same data protection laws as the country where you provided the information.

If we transfer your personal information to third parties in other countries:

we’ll do so in accordance with UK GDPR (Article 45) and Data Protection Act 2018
we’ll use appropriate safeguards to protect the transferred data, including in transit, such as standard contractual clauses or binding corporate rules

Your data subject rights

Right to restrict processing

You can request that we restrict processing of your personal information if: you’re concerned about its accuracy; you believe it’s been unlawfully processed; you need us to keep it solely for a legal claim; or we’re considering your objection to processing based on legitimate interests.

Right to object

You can object to processing of your personal information based on our legitimate interests or public interest. If you do, we must provide compelling legitimate grounds that override your interests, rights and freedoms to continue processing.

Right to be informed

You have the right to know how your data is collected, processed, shared and stored.

Right of access

You can request a copy of the personal information we hold about you by submitting a Data Subject Access Request (DSAR). The statutory deadline for us to fulfil a DSAR is 30 calendar days from when we receive your request.

Right to erasure

In certain circumstances, you can ask for your personal data to be erased from our records. This is a qualified right – it’s not absolute and only applies in certain circumstances.

When might the right to erasure apply?

When the personal data is no longer needed for the purpose it was originally collected for.
If consent was the legal basis for processing and that consent has been withdrawn. (Contentious rarely relies on consent to process personal data.)
We’re relying on legitimate interests as a legal basis and you’ve exercised the right to object, and we’ve determined we have no overriding legitimate grounds to refuse.
Personal data is being processed for direct marketing purposes (like your name and email) and you object.
There’s legislation requiring that personal data be destroyed.

Right to portability

You can get some of your personal data from us in an accessible and machine-readable way, like a CSV file. You can also ask us to transfer your personal data to another organisation.

However, the right to portability:

only applies to personal data you’ve directly given us in electronic form
onward transfer is only available where it’s “technically feasible”

Right to rectification

If personal data is inaccurate, out of date or incomplete, you can correct, update or complete it. This is called the right to rectification. It might involve filling gaps or adding a supplementary statement to highlight any inaccuracy or claim, depending on the processing purposes.

This right only applies to your own personal data – you can’t seek rectification of someone else’s information.

Notification of data breaches

If we discover a data breach, we’ll investigate and report it to the UK’s data protection regulator and to you, if we deem it appropriate.

Complaints

You can lodge a complaint with the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk), at any time. However, we’d appreciate the chance to deal with your concerns first, so please contact us using the details below. Give us as much information as you can about the alleged breach. We’ll investigate promptly and respond in writing with the outcome and what we’ll do about it.

Enquiries, reports and escalation

To ask about Contentious’ privacy policy or to report violations of user privacy, contact our Data Protection Officer using the details in the Contact us section.

If we fail to resolve your concern to your satisfaction, you can also contact the Information Commissioner’s Office (ICO), the UK data protection regulator:

Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF

Tel: 0303 123 1113 (local rate)

Website: www.ico.org.uk

Contact us

For any questions or concerns about your privacy, you can contact us:

Julius Honnor

https://contentious.ltd/contact/