Last updated: March 2026

1. Introduction

Fathom Communications Limited ("we", "us", "our") is committed to protecting your personal data. This privacy policy explains how we collect, use, store, and share your personal information when you interact with our website (wearefathom.com) or engage with us as a client or prospect.

This policy is issued in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. Please read it carefully.

2. What Personal Data We Collect

2.1 Data you provide directly

When you contact us via our website contact form or by email, we collect:

  • Your name
  • Company name
  • Email address
  • Telephone number
  • The content of your enquiry or message
  • Whether you opt in to our mailing list

2.2 Data collected automatically

When you visit our website, we automatically collect technical data including:

  • Your IP address
  • Browser type and version
  • Pages visited and time spent on each page
  • Date and time of your visit
  • Referring website

We do not collect sensitive personal data (as defined under UK GDPR Article 9), such as health information, racial or ethnic origin, or political opinions.

3. Legal Basis for Processing

We rely on the following lawful bases under UK GDPR Article 6 to process your personal data:

Legitimate Interests (Art. 6(1)(f))

To respond to enquiries, manage client relationships, improve our website, and send relevant direct marketing to existing clients and prospects. We have carried out a legitimate interests assessment and determined these interests are not overridden by your rights.

Consent (Art. 6(1)(a))

Where you have opted in to receive our newsletter or marketing emails. You may withdraw consent at any time by clicking 'unsubscribe' in any email or contacting us directly.

Contract (Art. 6(1)(b))

Where processing is necessary to perform a contract with you or to take steps at your request before entering a contract.

Legal Obligation (Art. 6(1)(c))

Where we are required to process data to comply with a legal obligation, such as financial record-keeping requirements.

4. How We Use Your Personal Data

We use the personal data we collect for the following purposes:

  • Responding to your enquiries and communicating with you about your project requirements
  • Managing our ongoing client relationships and delivering our services
  • Sending you relevant marketing communications and company updates (where you have consented or where we have a legitimate interest as an existing client)
  • Improving and maintaining our website and services
  • Complying with our legal and regulatory obligations
  • Maintaining our business records

5. Cookies and Tracking Technologies

Our website uses cookies and similar tracking technologies. We use the following types:

Strictly Necessary

Essential for the website to function. These cannot be disabled. They do not store personally identifiable information.

Performance / Analytics

Google Analytics cookies that help us understand how visitors use our site. Data is collected anonymously. These are only set with your consent.

Third-Party Media

Vimeo uses cookies when you interact with embedded video content on our site. Please see Vimeo's privacy policy at vimeo.com/privacy for further details.

You can manage your cookie preferences at any time using the Cookie Preferences link in the footer of our website. You can also control cookies through your browser settings or by using the Google Analytics Opt-out Browser Add-on (tools.google.com/dlpage/gaoptout).

Disabling certain cookies may affect your experience of our website.

6. Who We Share Your Data With

We do not sell your personal data to third parties. We may share your data in the following limited circumstances:

Google LLC

We use Google Analytics to analyse website traffic. Google may process data outside the UK. Google is certified under appropriate transfer mechanisms. See: policies.google.com/privacy

Vimeo, Inc.

Vimeo processes data when you view embedded videos on our site. See: vimeo.com/legal/privacy/policy

Hosting Provider

Our website hosting provider stores data on secure servers on our behalf, acting as a data processor under contract with us.

Legal / Regulatory

We may disclose data where required by law, court order, or to protect our legal rights.

All third-party processors are required to process your data only on our instructions and in accordance with applicable data protection law.

7. International Data Transfers

Some of our third-party service providers (including Google) are based outside the UK. Where we transfer personal data internationally, we ensure appropriate safeguards are in place in accordance with UK GDPR Chapter V, such as adequacy decisions, standard contractual clauses, or other approved transfer mechanisms.

8. How Long We Keep Your Data

We retain personal data only for as long as necessary for the purposes described in this policy. Our retention periods are as follows:

Enquiry / contact form data

Up to 2 years from the date of last contact if no contract is entered into.

Client data

Duration of the contract plus 7 years thereafter (for legal and financial record-keeping purposes).

Marketing opt-in data

Until you withdraw your consent or opt out, after which we retain a suppression record to honour your preference.

Website analytics data (Google Analytics)

26 months by default (configurable). IP addresses are anonymised.

At the end of the applicable retention period, we will securely delete or anonymise your personal data.

9. Your Rights Under UK GDPR

You have the following rights in relation to your personal data. These rights are not absolute and may be subject to exemptions or limitations in certain circumstances.

Right of Access (Art. 15)

You may request a copy of the personal data we hold about you (a Subject Access Request).

Right to Rectification (Art. 16)

You may ask us to correct inaccurate or incomplete personal data.

Right to Erasure (Art. 17)

You may ask us to delete your personal data in certain circumstances (the 'right to be forgotten').

Right to Restrict Processing (Art. 18)

You may ask us to restrict how we use your data in certain circumstances.

Right to Data Portability (Art. 20)

Where processing is based on consent or contract, you may request your data in a structured, machine-readable format.

Right to Object (Art. 21)

You have the right to object to processing based on legitimate interests, including direct marketing. We will stop processing unless we can demonstrate compelling legitimate grounds.

Rights re: Automated Decisions (Art. 22)

We do not carry out automated decision-making or profiling that produces significant legal effects.

To exercise any of your rights, please contact us at [email protected]. We will respond within one calendar month of receiving your request. We will not charge a fee for reasonable requests.

If you are not satisfied with our response, you have the right to lodge a complaint with the Information Commissioner's Office (ICO):

10. Security

We take appropriate technical and organisational measures to protect your personal data against unauthorised access, loss, destruction, or alteration. These measures include:

  • HTTPS encryption on all data transmitted between your browser and our web server
  • Secure servers protected by firewalls, managed by our hosting provider
  • Access controls limiting who within our organisation can access personal data
  • Cyber Essentials certification

No method of electronic transmission or storage is 100% secure. If you suspect a data security incident involving your personal data, please contact us immediately at [email protected].

11. Children's Data

Our website and services are not directed at children under the age of 13. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data without appropriate consent, please contact us so we can delete it.

12. Changes to This Policy

We may update this privacy policy from time to time to reflect changes in our practices or applicable law. We will update the 'last updated' date at the top of this document whenever we make material changes. We encourage you to review this policy periodically.

For significant changes that may affect you, we will notify you directly where we hold your contact details.

13. Contact Us

If you have any questions about this privacy policy, or wish to exercise your data protection rights, please contact us:

Email: [email protected]

Telephone: +44 (0) 1202 540 420

Post

Fathom Communications Limited, Minster Chambers, 35 High Street, Wimborne, Dorset, BH21 1HR

We will endeavour to respond to all legitimate requests within one calendar month.

Silver crane
Sky
Wilsons
Savills
Nomad white
Arena group logo white
Rolex
Telent
Julias house
Sunseeker
Ministry of defence
Tlt

20 years of amazing clients

Albert Goodman logo white
Orbex
Moneycorp
Bbc
Rnli
Southampton uni
Viasat white
Brittan norman
Seaferers charity
Highways england
Lv
Britvic

Interested in finding out more? Get in touch to discuss a project.

Get in touch