Privacy Policy

Click Me Marketing (CM Assets Ltd)

Last updated: 23 April 2026

Who we are

Click Me Marketing is the trading name of CM Assets Ltd, a limited company registered in Scotland, United Kingdom. We provide digital marketing services, lead generation websites, and CRM software to small businesses — primarily tree surgeons, heating engineers, and other UK trades.

In this policy, “we”, “us”, and “our” refer to CM Assets Ltd. “You” refers to anyone whose personal data we process — website visitors, prospects, clients, client end-users, and people whose business details appear on publicly available registers.

We are the data controller for personal data we collect directly. For personal data we process on behalf of our clients (e.g. leads captured through CRM systems we host for them), we act as a data processor under a separate data processing agreement with that client.

Contact:
Email: [email protected]
Phone: +44 (0) 1330 700 464
Post: CM Assets Ltd, 2 Corsee Hill, Banchory, AB31 5RH, Aberdeenshire, Scotland, UK

What data we collect and why

When you visit our website

We collect standard technical data — IP address, browser type, pages visited, referring URL, approximate location (country/region), and device information — via website analytics tools and server logs. This is used to understand how the site is used and to improve it. Lawful basis: legitimate interest (running and improving a business website). You can decline analytics cookies via our cookie banner.

If you submit a contact form, book a call, or request information, we collect the name, email, phone number, and any message you provide. Lawful basis: consent (you chose to contact us) and legitimate interest (responding to enquiries is a core business function).

When you become a client

We collect the data needed to deliver the services you’ve purchased — company details, contact information, billing information, and anything you share with us to enable the work. This is processed on the basis of contract performance. Billing data is retained for 7 years per HMRC requirements.

When we contact you for business development

We conduct B2B outreach to UK businesses whose details are publicly available (Companies House, Google Business Profile, company websites). Lawful basis: legitimate interest — specifically, marketing a relevant service (marketing software and services for trade businesses) to businesses whose published information indicates they may benefit from it.

We have conducted a legitimate interest assessment (LIA) covering this processing. You have the right to object at any time — every outreach email contains an unsubscribe link, and we maintain a do-not-contact list. If you tell us to stop, we stop.

We do not buy marketing lists, scrape personal social media, or target consumer data. Our outreach is restricted to corporate contact details of UK-registered businesses.

Information verification for B2B outreach

Before contacting a business, we verify basic public information about it — whether the company is registered and active at Companies House, its SIC code, and its current Google Business Profile status. This uses only data published on public registers and platforms. Lawful basis: legitimate interest (data accuracy, reducing unwanted contact with dissolved or irrelevant businesses).

When you use a service we host for our clients

If you interact with a website, form, booking system, or CRM that we host or built for one of our clients, the client is the data controller for your personal data — not us. We are the processor. For privacy questions about a specific client’s system, please contact that client directly. We can forward enquiries if you’re unsure who to contact.

Who we share data with

We share personal data only with third-party service providers who help us deliver our services. These fall into the following categories:

  • Hosting and infrastructure providers (website hosting, file storage, content delivery)
  • CRM and communications platforms (customer relationship management, SMS, email)
  • Marketing and outreach tools (email marketing, analytics)
  • Project management and collaboration tools
  • AI and automation services (AI-assisted content and operational workflows)
  • Payment processors
  • Professional advisors (accountants, solicitors, bookkeepers, auditors)

Each provider is contractually required to protect personal data to a standard equivalent to UK GDPR and to use the data only for the purposes we instruct.

We do not sell personal data to third parties for marketing purposes under any circumstances.

Some service providers are based outside the UK (primarily the United States and the European Union). International transfers are covered by UK GDPR-approved mechanisms — typically the UK International Data Transfer Agreement, Standard Contractual Clauses, or adequacy decisions.

If you want a current list of the specific providers we use, their locations, and the transfer mechanism for each, email us and we’ll send it.

How long we keep data

  • Website analytics: as configured by our analytics tools (typically 14 months).
  • Contact enquiries that don’t become clients: 24 months, then deleted unless you ask us to retain for longer.
  • Client records and billing data: 7 years from end of relationship (HMRC and Companies Act requirement).
  • Marketing and outreach records (suppression list, unsubscribes): indefinite, because deleting them would risk re-contacting you.
  • Verification data from public registers: refreshed regularly — old snapshots are not retained beyond what’s needed for the current record.

Security

We use industry-standard security measures — encrypted connections (TLS), access controls, password managers, multi-factor authentication on sensitive systems, and principle-of-least-privilege access. No system is perfectly secure; if we ever suffer a personal data breach, we will notify the ICO within 72 hours where required and affected individuals without undue delay where the breach poses a risk to their rights.

Your rights under UK GDPR

You have the right to:

  • Access your personal data (subject access request).
  • Rectify inaccurate personal data.
  • Erase your personal data where applicable (“right to be forgotten”).
  • Restrict processing in certain circumstances.
  • Object to processing based on legitimate interest — including all B2B marketing.
  • Portability — receive your data in a structured, commonly used format.
  • Withdraw consent at any time, where consent is the lawful basis.

To exercise any of these rights, email [email protected]. We respond within one month. There is no charge unless the request is manifestly unfounded or excessive.

Complaints

If you’re unhappy with how we’ve handled your personal data, please contact us first — most things can be resolved quickly. If we can’t resolve it, you have the right to complain to the UK Information Commissioner’s Office (ICO):

  • Website: https://ico.org.uk/
  • Helpline: 0303 123 1113

Cookies

We use essential cookies (to make the site work) and, with your consent, analytics cookies. We do not use advertising or tracking cookies from third-party ad networks. Our cookie banner lets you manage your preferences, and you can clear or block cookies via your browser at any time.

Changes to this policy

We’ll update this policy as our services and obligations evolve. The “Last updated” date at the top tells you when it last changed. Material changes will be communicated to active clients directly.