Legal

Privacy Policy

Last updated: January 2025

1. Introduction

BRM Agency ("we", "our", "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website brmagency.co and use our services.

Please read this privacy policy carefully. If you do not agree with the terms of this privacy policy, please do not access the site or use our services.

2. Data Controller

BRM Agency is the data controller responsible for your personal data. For any questions regarding this policy or your personal data, contact us at:

Email: hello@brmagency.co

3. Information We Collect

We may collect information about you in various ways:

Personal Data

When you book a call or contact us, we may collect:

  • Name and contact information (email, phone number)
  • Company/brand name
  • Business information relevant to our services
  • Communication preferences

Automatically Collected Data

When you access our website, we may automatically collect:

  • IP address and browser type
  • Device information
  • Pages visited and time spent
  • Referring website
  • Geographic location (country/city level)

4. Legal Basis for Processing

We process your personal data based on the following legal grounds:

  • Contract: Processing necessary to perform our services
  • Consent: When you have given explicit consent (e.g., marketing communications)
  • Legitimate Interest: For business development and improving our services
  • Legal Obligation: When required by law

5. How We Use Your Information

We use the information we collect to:

  • Provide, operate, and maintain our services
  • Respond to your inquiries and schedule consultations
  • Send you service-related communications
  • Send marketing communications (with your consent)
  • Improve and personalize our website and services
  • Analyze usage patterns and trends
  • Detect and prevent fraud or security issues
  • Comply with legal obligations

6. Information Sharing

We may share your information with:

  • Service Providers: Third-party vendors who assist in operating our business (hosting, analytics, communication tools)
  • Business Partners: When necessary to deliver services (e.g., Shopify, Klaviyo, Meta)
  • Legal Requirements: When required by law or to protect our rights
  • Business Transfers: In connection with any merger, acquisition, or sale of assets

We do not sell your personal data to third parties.

7. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected, including:

  • Active client relationships: Duration of the relationship plus 3 years
  • Prospect data: 2 years from last interaction
  • Financial records: 10 years (legal requirement)
  • Marketing data: Until consent is withdrawn

8. Your Rights (GDPR)

Under the General Data Protection Regulation (GDPR), you have the following rights:

  • Right to Access: Request a copy of your personal data
  • Right to Rectification: Request correction of inaccurate data
  • Right to Erasure: Request deletion of your data ("right to be forgotten")
  • Right to Restrict Processing: Request limitation of processing
  • Right to Data Portability: Receive your data in a structured format
  • Right to Object: Object to processing based on legitimate interests
  • Right to Withdraw Consent: Withdraw consent at any time

To exercise these rights, please visit our GDPR Request page or contact us at hello@brmagency.co.

9. Cookies and Tracking

We use cookies and similar tracking technologies to:

  • Remember your preferences
  • Analyze website traffic and usage
  • Improve user experience

You can control cookies through your browser settings. Disabling cookies may affect website functionality.

10. International Transfers

Your data may be transferred to and processed in countries outside the European Economic Area (EEA). When we transfer data outside the EEA, we ensure appropriate safeguards are in place, such as:

  • Standard Contractual Clauses approved by the European Commission
  • Transfers to countries with adequate data protection (adequacy decisions)
  • Binding corporate rules for intra-group transfers

11. Security

We implement appropriate technical and organizational measures to protect your personal data, including:

  • Encryption of data in transit and at rest
  • Access controls and authentication
  • Regular security assessments
  • Employee training on data protection

12. Children's Privacy

Our services are not intended for individuals under 16 years of age. We do not knowingly collect personal data from children. If you believe we have collected data from a child, please contact us immediately.

13. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last updated" date. Significant changes will be communicated via email or website notice.

14. Contact & Complaints

For any questions or concerns about this Privacy Policy or our data practices, contact us at:

Email: hello@brmagency.co

You also have the right to lodge a complaint with a supervisory authority, in particular in the EU Member State of your habitual residence, place of work, or place of the alleged infringement. In France, the supervisory authority is the CNIL (Commission Nationale de l'Informatique et des Libertés).