1. Who we are
AA2 Ltd (company number 10899773), also trading as Double Tap Marketing, is a B2B marketing automation agency registered in England and Wales. Our registered office is at Bowman Business Centre, Royal Wootton Bassett, Wiltshire, SN4 7DB.
When we refer to "AA2", "we", "us" or "our" in this policy, we mean AA2 Ltd and its trading names. Our main point of contact for data matters is martin@aa2.co.uk.
2. What data we collect
We collect personal data in the following circumstances:
- Enquiry and contact forms: your name, job title, company name, email address, phone number, and any message you include.
- Booking a call: your name, email address, and company name via our booking system.
- Client onboarding: contact details, company information, and service preferences needed to deliver your marketing services.
- Client dashboards and portals: name, email address, and login credentials for accessing reporting tools we build on your behalf.
- B2B outreach: where we contact business professionals who may be interested in our services, we may hold publicly available business contact information (name, job title, business email address, company name) sourced through lawful means.
- Website usage: your IP address, browser type, pages visited, and session duration, collected via analytics tools (see Section 6).
3. Why we collect it and our legal basis
We use personal data for the following purposes:
- To respond to enquiries and book calls (legal basis: legitimate interest in communicating with prospective clients).
- To deliver services under contract (legal basis: performance of a contract, where you or your company has engaged us).
- To send relevant B2B marketing communications to business professionals who are likely to have a professional interest in our services (legal basis: legitimate interest, in line with ICO guidance on B2B communications and Regulation 14 of PECR).
- To improve our website and communications (legal basis: legitimate interest in understanding how our services are received).
- To comply with legal and financial obligations, including accounting, tax, and contractual records (legal basis: legal obligation).
We do not use personal data for automated decision-making or profiling that produces legal or similarly significant effects.
4. Third-party tools and data processors
We use the following third-party services to deliver our business. Each acts as a data processor on our behalf and is bound by appropriate data processing agreements:
A note on international transfers: where any provider processes data outside the UK or EEA, we rely on Standard Contractual Clauses (SCCs) or the UK International Data Transfer Agreement (IDTA) as the lawful transfer mechanism.
- Google Analytics (GA4): website analytics. Collects anonymised usage data including page views, session duration, and general location. Data may be processed in the United States. You can opt out via Google's opt-out browser add-on.
- Microsoft Clarity: session recording and heatmaps used to improve website usability. Collects mouse movements, clicks, and scroll behaviour. Data is anonymised and not linked to identifiable individuals. Privacy information: Microsoft Privacy Statement.
- GoHighLevel: our CRM and marketing automation platform. Used to store client and prospect contact records, manage email campaigns, and track communications. Servers are based in the United States; data is protected under an agreed data processing addendum.
- SmartLead: cold email campaign management tool used for B2B outreach. Stores prospect email addresses and tracks send, open, and reply data for outreach campaigns conducted on behalf of clients or for AA2's own prospecting.
- Stripe: payment processing for invoices and subscription billing. Stripe processes payment card data as an independent data controller. Their privacy policy is at stripe.com/gb/privacy. AA2 does not store card numbers.
5. Cookies
Our website uses the following types of cookies:
- Analytics cookies (Google Analytics / GA4): cookies including
_gaand_ga_[property-id]that help us understand how visitors use our website. These cookies collect information anonymously and report trends without identifying individual visitors. They persist for up to 2 years. - Behavioural analytics cookies (Microsoft Clarity): cookies including
_clckand_clskused for session recording and heatmap analysis. The_clckcookie persists for 1 year;_clskpersists for the browser session. - Functional/session cookies: essential cookies that allow our website and booking tools to function correctly. These are not optional and contain no personal data beyond a session identifier.
We do not use advertising or targeting cookies. We do not share cookie data with advertising networks.
6. Data retention
We keep personal data for as long as it is necessary for the purpose it was collected:
- Prospect and enquiry data: up to 2 years from the date of last contact, or until you ask us to remove your data.
- Client contact and contract data: for the duration of the client relationship, plus 7 years thereafter (to comply with financial record-keeping requirements under UK law).
- Email campaign data: send, open, and reply records are retained for up to 2 years to allow campaign analysis and reporting.
- Website analytics data: aggregated analytics data is retained for up to 26 months by default in GA4. Raw session data via Microsoft Clarity is retained for up to 13 months.
7. Your rights under UK GDPR
Under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018, you have the following rights:
- Right of access: you can request a copy of the personal data we hold about you (a "Subject Access Request").
- Right to rectification: you can ask us to correct inaccurate or incomplete data.
- Right to erasure: you can ask us to delete your data where there is no compelling reason for us to continue holding it.
- Right to restriction: you can ask us to pause processing your data in certain circumstances.
- Right to data portability: you can ask us to provide your data in a machine-readable format for transfer to another organisation.
- Right to object: you can object to processing based on legitimate interest, including direct marketing. We will stop processing unless we can demonstrate compelling legitimate grounds.
- Rights related to automated decision-making: you have the right not to be subject to decisions made solely by automated means that have a significant effect on you. We do not currently use such processing.
To exercise any of these rights, email martin@aa2.co.uk. We will respond within 30 days. We will never charge a fee for a standard request.
If you are not satisfied with how we handle your data, you have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk or by calling 0303 123 1113.
8. ICO registration
AA2 Ltd is registered with the Information Commissioner's Office as a data controller. Our registration can be verified on the ICO's public register at ico.org.uk.
9. Data security
We take reasonable technical and organisational measures to protect your personal data against accidental loss, unauthorised access, disclosure, or destruction. These include access controls, encrypted connections (HTTPS), and restricted access to client data within our systems. We review our security practices regularly.
10. Links to other websites
Our website may contain links to third-party websites. We are not responsible for the privacy practices of those sites. We encourage you to read their privacy policies before submitting any personal data to them.
11. Changes to this policy
We may update this privacy policy from time to time to reflect changes in our practices or in data protection law. The latest version will always be available at aa2.co.uk/privacy-policy/. Where changes are material, we will notify active clients by email.
12. Contact us
For any questions about this privacy policy or how we handle your data:
- Email: martin@aa2.co.uk
- Post: AA2 Ltd, Bowman Business Centre, Royal Wootton Bassett, Wiltshire, SN4 7DB