Privacy Statement

Chaos Design Limited

Privacy Notice

Last Updated: 18/07/2023


Chaos [BC1] [EG2] [BC3] Design Limited (“Chaos”, “we, “our”) are committed to protecting the privacy and security of the personal data we collect about end customers and users of our services (“you/your”). We are a limited company registered in England and Wales under company number 02094230 with our office at 32 High Street, Guildford, Surrey, GU1 3EL. We are registered on the Information Commissioner’s Office (ICO) Register under number ZA869573.

The purpose of this privacy notice is to explain what personal data we collect about you when you use our website or voluntarily disclose information as part of an online form or as part of our services. When we do this, we are the data controller.

We’re a well-established and successful independent UK Top 50 creative agency with an extensive, multi-skilled and talented team. We’re big enough for major projects and small enough for fast track, close-knit working. We create effective change that builds businesses for our clients and a growing reputation for ourselves.

Please read this privacy notice carefully as it provides important information about how we handle your personal information and your rights. If you have any questions about any aspect of this privacy notice you can contact us using the information provided below or by emailing us at

Who this privacy notice applies to

This privacy notice applies to you if:

  • You visit our website
  • You purchase goods or services from us
  • You enquire about our products and/or services
  • You sign up to receive newsletters and/or other promotional communications from us

What Personal Data is

‘Personal Data’ means any information from which someone can be identified either directly or indirectly. For example, you can be identified by your name or an online identifier.

Personal data we collect

We collect, use and are responsible for certain personal data about you. When we do so we are subject to the UK General Data Protection Regulation (UK GDPR). When you provide information to us as part of an online form or as part of our services, we may collect your:

  • Full name
  • job title
  • address
  • phone number
  • email address
  • any other information provided by you in our online form

We will only collect this personal data directly from you—in person, by telephone, and/or via our website.

For more information about the personal data we collect from your use of our website, please visit our Cookie Policy.

Purposes for which we use personal data and the legal basis

When providing services to you, we may use your personal data for the following purposes and on the following lawful bases:

Purposes for which we use personal data and the legal basis

Sharing your data

For some business activities we share your personal data with our vendors and third-party service providers, for instance, to provide our e-mail marketing services or for payments processing.

Your Personal Data may be processed outside of the UK. This is because the organisations we use to provide our service to you are based outside the UK.

We have taken appropriate steps to ensure that the Personal Data processed outside the UK has an essentially equivalent level of protection to that guaranteed in the UK. We do this by ensuring that:

● Your Personal Data is only processed in a country which the Secretary of State has confirmed has an adequate level of protection (an adequacy regulation), or

● We enter into an International Data Transfer Agreement (“IDTA”) with the receiving organisation and adopt supplementary measures, where necessary. (A copy of the IDTA can be found here international-data-transfer-agreement.pdf (

Personal data may also be shared with government authorities and/or law enforcement officials for the prevention or detection of crime, if required by law or if required for a legal or contractual claim.

How long we keep your data

We will retain your personal data for as long as is necessary to provide you with our services and for a reasonable period thereafter to enable us to meet our contractual and legal obligations and to deal with complaints and claims. Depending on the purpose, we hold data for different amounts of time.

At the end of the retention period, your personal data will be securely deleted or anonymised, for example by aggregation with other data, so that it can be used in a non-identifiable way for statistical analysis and business planning.

How we protect your data

Chaos are committed to doing everything we can to keep your personal data protected. We do this by enforcing a number of data security policies, as well as applying varying levels of encryption to all data that we hold.

We implement operational security processes & user access controls, throughout our company. Configure our systems to be protected with updated firewalls & anti-malware and carryout regular penetration testing on our network.

All of Chaos' data security policies are under regular review and we refer to industry security standards to keep up to date with current best practices.


Your rights and options

You have the following rights in respect of your personal data:

  • You have the right of access to your personal data and can request copies of it and information about our processing of it.
  • If the personal data we hold about you is incorrect or incomplete, you can ask us to rectify or add to it.
  • Where we are using your personal data with your consent, you can withdraw your consent at any time.
  • Where we are using your personal because it is in our legitimate interests to do so, you can object to us using it this way.
  • Where we are using your personal data for direct marketing, including profiling for direct marketing purposes, you can object to us doing so.
  • You can ask us to restrict the use of your personal data if:
    • It is not accurate.
    • It has been used unlawfully but you do not want us to delete it.
    • We do not need it any-more, but you want us to keep it for use in legal claims; or
    • If you have already asked us to stop using your data but you are waiting to receive confirmation from us as to whether we can comply with your request.
  • In some circumstances you can compel us to erase your personal data.
  • You can request a machine-readable copy of your personal data to transfer to another service provider.
  • You have the right not to be subject to a decision based solely on automated processing (including profiling) that produces legal effects concerning you or similarly significantly affects you.

You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request for access is clearly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances.

If you wish to exercise your rights, please contact us at

You can also lodge a complaint with the Information Commissioner’s Office. They can be contacted using the information provided at:

Contact us

If you have any questions, or wish to exercise any of your rights, then you can contact us by addressing your correspondence to: Chaos Design Ltd., 32 High Street, Guildford Surrey, GU1 3EL.

We have also appointed a Data protection Officer (“DPO”). Our DPO can be contacted as follows:

Evalian Ltd

West Lodge

Colden Common

Leylands Business Park


SO21 1TH

Please mark your communications FAO the ‘Data Protection Officer’.

Alternatively, you can email us at

Changes to this privacy notice

We may update this notice (and any supplemental privacy notice), from time to time as shown below. We will notify of the changes where required by applicable law to do so.

Last modified 18/07/2023. You can request previous versions by contacting us.