Privacy Policy

Privacy Notice

Restless Marketing Services LTD

Last updated: April 2026

‍

We believe in doing things properly. That includes how we handle your data.

This notice tells you exactly what we collect, how we use it, and what control you have over it.

‍

Some technical terms are unavoidable in data protection law. Any word that starts with a capital letter in this notice is defined in the Glossary at the end. If anything still isn't clear, drop us a line at hello@restless.co — we're happy to explain.

‍

1. Who we are

Restless Marketing Services LTD is an AI marketing company. We build smarter social content, faster - for brands who want a real performance edge. We're incorporated in England & Wales, and our address is 2nd Floor, 42 Southwark Street, London, SE1 1UN. This notice applies to everyone who interacts with us: website visitors, candidates, clients and suppliers.

‍

2. The legal bit

We operate under UK GDPR - the UK's post-Brexit version of the EU's General Data Protection Regulation. That means the Data Protection Act 2018 and the Data Protection, Privacy and Electronic Communications (Amendments etc) (EU Exit) Regulations 2019 (SI 2019/419).

Depending on the situation, we act as either a Data Controller (for example, when you're applying for a role with us) or a Data Processor (when we're running services on behalf of a client). Our data protection regulator is the Information Commissioner's Office ("ICO").

‍

3. What data we work with

The type of data we hold depends on how you engage with us. Here's the full picture:

• Identity Data — name, title, date of birth.
• Contact Data — phone number, email, business and billing address.
• Communications & Marketing Data — your preferences around cookies and marketing.
• Financial Data — bank details, VAT numbers.
• Profile Data — agreements you've entered into with us, such as our terms.
• Transaction Data — invoices and payment records.
• Technical Data — IP addresses, browser type, time zone, location.
• Usage Data — how you move around and use our website.

‍

We also work with Aggregated Data — statistical or demographic information that can't be traced back to any individual. If we ever combine that aggregated data with Personal Data in a way that makes you identifiable, we treat the combined set as Personal Data.

Occasionally we collect Special Category Personal Data — for example, health information from job applicants. We only do this where we have a clear legal ground (usually your explicit Consent). We don't collect Criminal Convictions Data unless the law requires it as part of employment background checks.

‍

4. If you're a website visitor

What we collect

Technical Data and Usage Data automatically as you browse. If you reach out to us, we'll also collect Identity Data, Contact Data and Communications & Marketing Data.

How we collect it

Automatically via cookies and similar technologies when you visit www.restless.co, and directly through any contact you initiate with us.

Our legal ground(s)

• Consent — you choose to share your details with us.
• Legitimate Interests — running and developing our business, including our marketing.
• Legal obligation — for example, honouring opt-out requests for direct marketing.

‍

5. If you're applying for a role

What we collect

Technical Data, Usage Data, and everything you share with us as part of your application — Identity Data, Contact Data and relevant Communications Data.

How we collect it

Directly from you, through our website, and occasionally from third parties like recruitment agencies or the references you provide.

Our legal ground(s)

• Consent — you're choosing to put yourself forward for a role with us.
• Contract — we need your information to potentially enter into an employment agreement.

‍

6. If you're a client

What we collect

Technical Data, Usage Data, Identity Data, Contact Data, Financial Data, Transaction Data, Profile Data and Communications & Marketing Data — everything needed to deliver and manage our services.

How we collect it

Through our website, through direct contact with you, and occasionally via relevant third parties.

Our legal ground(s)

• Contract — we need this data to deliver and manage your account.
• Legitimate Interests — for example, recovering any amounts owed to us.
• Legal obligation — to meet our financial, tax and regulatory requirements.

‍

7. If you're a supplier

What we collect

Technical Data, Usage Data, Identity Data, Contact Data, Financial Data, Transaction Data and Profile Data relating to your engagement with us.

How we collect it

Through direct interaction with you and your team — we hold data on individuals from your organisation who work with us.

Our legal ground(s)

• Contract — to manage and perform our agreement with you.
• Legitimate Interests — keeping accurate records to run our business effectively.
• Legal obligation — to meet our financial, tax and regulatory requirements.

‍

8. Who we share your data with

We only share Personal Data when we have to. Here's who that involves:

• Technology partners — the platforms and tools we use to communicate and deliver work, such as Slack, Google and Meta.
• Professional advisers — lawyers, accountants and banks we engage in the course of running our business.
• Business transaction parties — if we ever sell, transfer or merge parts of our business, some Personal Data may need to be shared as part of that process.
• Regulators and government authorities — where the law requires it.

‍

Every third party we work with — outside of regulators — is bound by a contractual agreement that includes appropriate data protection obligations. Your data is their responsibility too.

‍

9. International data transfers

When your Personal Data needs to travel outside the UK or EEA, we make sure it's properly protected. We do this through one of two routes:

• Transferring only to countries that the European Commission has deemed to offer adequate data protection.
• Using specific contracts with international partners that guarantee your data receives the same standard of protection it would in the UK or EEA.

‍

Want to know the specific mechanism used for any particular transfer? Reach out at hello@restless.co

‍

10. How long we keep your data

We hold Personal Data only for as long as we need it — whether that's to deliver our services, meet a legal obligation, or satisfy tax and reporting requirements. Where there's an active dispute or a reasonable prospect of legal proceedings, we may retain data for longer.

When deciding how long to retain data, we weigh up the nature and sensitivity of the information, the risk of unauthorised use, why we collected it, and what legal or regulatory requirements apply.

In some cases, we'll anonymise data rather than delete it — stripping out everything that could identify you — and use that for research or analysis. Once anonymised, it's no longer Personal Data, and we may use it without further notice.

‍

11. Your rights

Under UK GDPR, you have meaningful rights over your Personal Data. Here's what you're entitled to:

• Access — you can ask to see the Personal Data we hold on you.
• Rectification — you can ask us to correct anything that's inaccurate or incomplete.
• Erasure — in certain circumstances, you can ask us to delete your data. This won't always be possible — for example, where we have an ongoing contractual relationship.
• Restriction — you can ask us to pause Processing while we review accuracy or handle a deletion request.
• Objection — you can object to Processing based on our Legitimate Interests, or to any direct marketing.
• Portability — where Processing is based on Consent or contract and carried out by automated means, you have the right to receive your data in a portable format.
• Complaint — you can lodge a complaint with the ICO at any time.

‍

To exercise any of these rights, contact us at hello@restless.co. We won't charge you for reasonable requests. We aim to respond within one month — if a request is complex or there are several at once, we'll let you know and keep you updated.

We may need to verify your identity before acting on a request. This protects you — we won't share data with someone who hasn't the right to see it.

‍

12. How we protect your data

We take data security seriously. We have technical and organisational measures in place to prevent your Personal Data from being lost, altered, accessed without authorisation, or disclosed inappropriately. Access to your data is limited to those who genuinely need it — employees, contractors and partners with a legitimate business reason.

We have clear policies and procedures in place to deal with any suspected data breach. We hope we never need to use them.

‍

13. Third-party links

Our website links to third-party sites, tools and applications. Clicking through to those means leaving our environment — we don't control what those platforms do, and we're not responsible for their privacy practices. We'd encourage you to read their privacy documentation before you share anything with them.

‍

14. Marketing

We may use your Identity Data, Contact Data, Technical Data, Usage Data and Profile Data to shape our view of what might be useful or relevant to you — and to decide which services or offers to put in front of you.

If you've asked us for information, or you're an existing client, we may contact you with relevant updates — unless you've opted out. We'll always get your explicit Consent before sharing your data with any third party for marketing.

‍

To stop hearing from us, or to withdraw Consent at any time, email hello@restless.co. Opting out of marketing won't affect any communications we need to send you in connection with an active contract.

‍

15. Get in touch

For any questions about this notice, email us at hello@restless.co.

If you're not satisfied with how we've handled your data, you have the right to escalate to the ICO: www.ico.org.uk. Data protection law evolves, and so do we. This notice will be updated when it needs to be.

‍

Restless Marketing Services LTD

2nd Floor, 42 Southwark Street, London, SE1 1UN

‍

Glossary

‍

Consent: Freely given, specific, informed and unambiguous agreement to the Processing of Personal Data — expressed through a clear statement or positive action.

‍

Criminal Convictions Data: Personal Data relating to criminal convictions, offences, allegations and proceedings.

‍

Data Controller: An organisation that determines the purposes and means of Processing Personal Data. We act as a Data Controller in certain circumstances — for example, when handling job applications.

‍

Data Protection Laws: The UK GDPR, comprising the Data Protection Act 2018 and the Data Protection, Privacy and Electronic Communications (Amendments etc) (EU Exit) Regulations 2019 (SI 2019/419), together with the EU GDPR (2016/679) where applicable.

‍

Data Processor: An organisation that Processes Personal Data on behalf of a Data Controller. We act as a Data Processor when delivering certain services for clients.

‍

European Economic Area ("EEA"): The 27 EU member states plus Iceland, Liechtenstein and Norway.

‍

Legitimate Interest: A lawful basis for Processing where our business interests are genuine and proportionate — and don't override your rights and freedoms. We assess this carefully before relying on it.

‍

Personal Data: Any information that identifies or could identify a living individual — directly or in combination with other data. Includes Special Category Personal Data, Criminal Convictions Data and pseudonymised data, but not truly anonymous data.

‍

Processing / Process: Anything done with Personal Data: collecting, storing, organising, accessing, sharing, deleting, transferring — the full lifecycle.

‍

Special Category Personal Data: Sensitive data covering racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, health, sexual life or orientation, and biometric or genetic data.

‍