Privacy Policy

Toad’s Island Productions (“we,” “us,” or “our”) is the data controller for the personal data we process. We are a UK-based freelancer operating under the trading name Toad’s Island Productions, committed to protecting your privacy in compliance with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and the Privacy and Electronic Communications Regulations (PECR).

This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website [toadsisland.com] (the “Site”), interact with our services, or engage with us through third-party platforms like LinkedIn. Please read this policy carefully. If you do not agree with the terms of this policy, please do not access the Site.

Contact Details: Toad’s Island Productions, 99 Poplar Road, Weaverham, Northwich, CW8 3DP. Email: . We do not have a Data Protection Officer (DPO), but data protection queries are handled directly.We reserve the right to make changes to this Privacy Policy at any time and for any reason. We will alert you about any changes by updating the “Last Updated” date of this Privacy Policy. Any changes will be posted on this page, and your continued use of the Site following the posting of changes will mean that you accept and agree to the changes. You are encouraged to periodically review this Privacy Policy to stay informed of updates. For significant changes affecting your rights, we may notify you directly (e.g., via email).

Data Collected

We collect personal data fairly and transparently, only as necessary for our purposes.

  • Automatic Data: Includes IP address, browser details, OS, language settings, pages visited, time spent, search queries, and access times/dates. This is used for abuse detection and analytics without identifying individuals. Legal basis: Legitimate interests (site security and improvement).
  • Personal Information: Voluntarily provided details like name, email, address, username, password, or content (e.g., articles, images, feedback) when creating accounts, submitting forms, or using site features. You can opt out, but it may limit access to certain functionalities. Legal basis: Contract (for account features) or consent/legitimate interests (for feedback).

We also collect personal information through third-party services, such as LinkedIn Lead Generation Forms (“Lead Gen Forms”). When you submit a Lead Gen Form on LinkedIn (e.g., via our sponsored content or ads), LinkedIn may share pre-filled data from your profile with us, including your first name, last name, email address, job title, company name, and country/region. This data is collected only if you explicitly submit the form on LinkedIn, where you will see a link to this Privacy Policy and descriptions of how we will use your information. We do not access or store your full LinkedIn profile beyond what is shared via the form. Legal basis: Consent (provided via the LinkedIn form). Providing this data is not required by law or contract, but opting out means we cannot follow up on your interest.

Sources: Most data comes directly from you, but LinkedIn-sourced data is from a third party. We do not obtain data from other sources without your knowledge.

How Data Is Used

We process personal data for specified, explicit, and legitimate purposes, and only in ways compatible with those purposes.

We use the information we collect for account management, communications (e.g., admin notices, responses to queries), feedback requests, service improvements, prize draws, policy enforcement, abuse protection, legal compliance, and site operations. Legal bases: As above, plus legal obligation where applicable.

For data collected via LinkedIn Lead Gen Forms, we use it primarily for lead generation and business development purposes, such as contacting you to discuss our services, sending marketing materials (e.g., emails or newsletters), or inviting you to events. This may include adding your information to our customer relationship management (CRM) system or email marketing tools. As LinkedIn leads are typically business/professional (B2B), our legal basis is legitimate interests in growing our business, balanced against your rights (you can object at any timeā€”see Section 4). For any B2C leads (e.g., individual consumers), we rely on consent from the form and comply with PECR (specific opt-in required for electronic marketing). Processing also relies on your consent provided through the LinkedIn form (including any specific checkboxes for uses like marketing communications). We comply with LinkedIn’s privacy safeguards, which encrypt lead data during transmission. We do not use data for automated decision-making or profiling that produces legal effects.

Data Sharing and International Transfers

We share personal data only when necessary and with appropriate safeguards.

Data may be stored/transferred internationally (details available on request). No routine sharing with third parties except for legal reasons (e.g., subpoenas) or service providers (e.g., for newsletters or CRM), who must keep it confidential and are bound by UK GDPR-equivalent contracts.

For LinkedIn Lead Gen Form data, we may share it with trusted third-party service providers to manage leads (e.g., email service providers like Mailchimp or CRM tools like HubSpot), but only under strict confidentiality agreements and data processing agreements compliant with UK GDPR. We do not sell, rent, or trade your personal data. Aggregated, anonymized data (e.g., lead trends) may be used for analytics.

International Transfers: Data from LinkedIn involves transfers to the US (where LinkedIn/Microsoft operates). We ensure adequate safeguards, including reliance on the UK-US Data Privacy Framework (as extended) or Standard Contractual Clauses approved by the UK Information Commissioner’s Office (ICO). You can request details of these safeguards.

Aggregated, anonymized data may be retained and used after personal info is deleted.

User Rights

Under UK GDPR, you have rights regarding your personal data. These apply to all data we hold, including that collected via LinkedIn Lead Gen Forms. If you submitted a lead through LinkedIn, you can exercise these rights by contacting us, and we will respond within one month (free of charge, unless requests are excessive).

  • Access: Confirm if we process your data and get a copy.
  • Rectification: Correct inaccurate data.
  • Erasure (“right to be forgotten”): Request deletion if no longer needed or consent withdrawn.
  • Restriction: Limit processing in certain cases (e.g., while accuracy is verified).
  • Objection: Object to processing based on legitimate interests (e.g., marketing) or direct marketing; we will stop unless we have compelling reasons.
  • Portability: Receive your data in a structured, machine-readable format.
  • Withdraw Consent: At any time, without affecting prior processing (though legitimate interests may still apply for B2B).

For marketing: You can opt out of future communications at any time using the unsubscribe link in emails or by contacting us. We maintain a suppression list for opt-outs and screen against it. California residents can request details on shared data for marketing (once per year), though UK GDPR takes precedence.

If unsatisfied with our response, complain to the ICO (www.ico.org.uk, 0303 123 1113). Rights can be exercised via our contact form or email.

Data Retention and Security

We retain personal data only as long as necessary for the purposes described, or as required by law (e.g., 6 years for certain contracts). For LinkedIn leads, we retain data for up to 2 years for marketing/business development, or until you object/withdraw consent, whichever is sooner. After that, we securely delete or anonymize it.

Security measures (e.g., encryption, access controls) are in place to protect data, but no guarantees on internet transmissions. Breaches will be notified to you and the ICO if required (within 72 hours for the ICO).

Contact Us

For privacy queries: . We respond promptly.

Other Notes

No collection from children under 13; users must be 16+ or have parental consent where required (per UK GDPR and Age-Appropriate Design Code).

Optional newsletters with unsubscribe; complies with CAN-SPAM Act and PECR (opt-out in every message).

Cookies used for personalization (see our cookie policy); you can accept/decline. We address Do Not Track signals, but third-party tracking may occur.

When using LinkedIn Lead Gen Forms, we adhere to LinkedIn’s data protection standards, including encryption of lead data. Your submission of a form constitutes consent under LinkedIn’s terms, but you retain all UK GDPR rights outlined here. For B2B leads, we may contact corporate subscribers without prior consent under PECR, but personal data processing follows UK GDPR.

Policy changes posted with update date; continued use implies consent.

Last Updated: September 8, 2025