Overview: Creative Flow Limited (“Creative Flow” or “we”) Company registration 13806461 Registered in England and Wales with registered office of Creative Flow Ltd, The Gallery, Unit 1, Concept Court, Manvers, Rotherham, S63 5BD.

Creative Flow is registered with the ICO Office (Information Commissioner’s Office) in the United Kingdom with registration ZB294644. We seek to fully comply with the General Data Protection Regulation (“GDPR”) 2018 and the Data Protection Act 2018.

Under the definitions of the GDPR Creative Flow is a data processor.

Creative Flow is a marketing agency; we process your data for the purpose of direct marketing campaigns and acting on behalf of marketing companies for purchasing data for their outbound telemarketing teams. We are committed to protecting your privacy and keeping any personal information received from you secure.

As an agency Creative Flow has existing sources of data. The list of sources will continuously increase to give choice, variation to ensure consistency to the data supplied.

All the below information will be available at any point to be viewed by clients regarding the sources we procure from for their campaigns. Before buying from a Data Source, Creative Flow will always:

  1. a) Make comprehensive quality checks on the data collection source to ensure the data is fairly and unambiguously collected.
  2. b) Ensure the supplier source has completed and passed the Due Diligence required by Creative Flow prior to orders being placed.
  3. c) Complete a GDPR Risk Assessment of the individual data collection points ensuring the data is – Freely given, Specific and Informed. The consumer must also have the ‘Right to be forgotten’ with the opt in being a ‘positive’ action.

Reason for processing

Creative Flow is marketing agency company and processes personal data to:

  • Enable the business to fulfil its function of supplying lists to its clients for use in their outbound direct marketing activities or maintain an existing relationship they may have with you.
  • Process your data between data controllers to perform a contract. Under the GDPR there are six identified reasons for processing. Creative Flow purchases data which falls under the following two categories:
  1. a) “Legitimate Interest” – The consumer has either: carried out a positive action to agree to marketing by a specific channel of communication (telephone, email, SMS, postal) and has a sector specific list of whom may carry out further communication with them within the privacy policy/Sectors/Sponsors list (or) The data collector has a legitimate interest in trading their data and confirms this within the privacy policy. Telemarketing as a channel is opt out, therefore we would ensure that the data is TPS checked when processing under legitimate interest.
  2. b) “Explicit Consent” – The consumer has opted into a specific channel of communication (telephone, email, SMS, postal) in a positive manner. At the point of opting in the consumer will have been given the specific company brand who will be calling them. If this is a daily lead Creative Flow will not need to TPS screen the data.

*** Creative Flow would recommend that its clients also TPS cleanse the data prior to dialling to safeguard in case there are any software issues with the Creative Flow system. This would be a very rare occurrence but would be beneficial for the centre itself to always TPS cleanse in addition to this.


When buying from a source Creative Flow will complete the following:

  1. Run monthly checks on each source of data.
  2. The GDPR Compliance /Auditing Executive assesses each source of data with Creative Flow inhouse auditing system.
  3. Each month’s consumer records for the previous month’s activity. Creative Flow will listen, and Audit 5 calls/Online opt ins per supplier ordered per month for each client.
  4. A report regarding the findings will be produced for the data sources, and for the clients.
  5. Each source is given a score for compliance – small deductions in scores will be given for ‘call recordings not being clear’ for example. Large deductions will be made for more detrimental errors.
  6. If the audit score for the source falls below an agreed acceptable level the source will get a first warning. After the first warning, if a marked improvement is not seen a final warning will be given – within a week a further audit will be conducted at which point if the issue is still apparent the source will be ‘Paused’. The source would need to demonstrate they have rectified the issue before being allowed to resupply.


About us

Creative Flow ensure that all our suppliers are compliant and respect the GDPR and ICO guidelines when collecting data whether online or through telephone surveys. Checks are carried out monthly to further safeguard the standards are being maintained.

The clients/marketing agencies who buy the data are all registered with the ICO and Creative Flow monitor how they use the data purchased.

On receiving complaints, we are respectful to the consumer, record their details and assure them that we will trace the supplier of the data and request its removal with immediate effect. We also advise the consumer to go on line to www.tpsonline.org.uk and register their telephone details with the Telephone Preference Service to place a stop to future unwanted marketing calls.

Please note that while we will always answer calls, we do have the right to terminate calls if the consumer become abusive.


What the law says and what it means for Creative Flow

The law requires us to be open with you about what personal data we collect, and what we do with it. We purchase data on behalf of clients for either explicit consent or a legitimate reason for processing. Under GDPR we have 28 days in which to respond to a Subject Access Request.

Your data and what we do with it

We are a Data Marketing Agency and have not collected your data, you are known as a data subject in the eyes of the law. Being open with you means being clear about how and why we use your personal data. Organisations must have a reason to collect and use personal data. Our primary reasons for using the collected consumer data is to perform a contract, under explicit consent or for the legitimate interest of the consumer.

What personal data do we collect?

By law, the data Creative Flow purchases on behalf of their clients must be limited to what is necessary and relevant to their purpose. The information collected is (including but not exclusively):

  1. a) Your name
  2. b) Your postal address(es)
  3. c) Your telephone number(s)
  4. d) Other contact details such as an email address
  5. e) Any specific information you have given about your age and gender.
  6. f) Selected information regarding any positive variables for a specific question answered. I.E Utility provider, telecoms provider, life insurance policy provider – these will vary depending on the marketing survey answered.
  7. g) The details of any complaint you make
  8. h) Records of correspondence if you contact us
  9. i) Where we’ve sent letters and they are returned to us, as the addressee no longer lives there j) IP addresses linked to cookies

Those clients who may wish to send you marketing communications may fall into the following categories:

  • Charities, Competitions, Energy, Financial products, Funeral plans, Lotteries, Health, Home improvement, Insurances (Life, Home, Pet, Travel, Other), Legal, Lifestyle, Pension review, Retail, Telecoms, Travel, Utility, Warranty.

You do have a choice about whether you take part in online surveys, details are given on how you should opt out during all survey calls, online collected data is also clear and transparent when collecting your data, giving details of where you can opt out and ensuring you are fully aware as to what you are entering on the website.

Special categories and sensitive personal data

Data protection law treats certain types of personal data as sensitive (called ‘special categories data’ within the law) and has further rules about how it is used. This includes information about racial or ethnic origins, political or other views, sexual orientation and health. The suppliers of data to Creative Flow are also covered by this law. Creative Flow do not collect or purchase any special category data.

What do we do with the information that has been collected?

The information collected by suppliers and purchased by Creative Flow Ltd is used for marketing purposes by our clients to offer the consumer a better product, it is entirely the consumers right to refuse the call and ask for their details to be removed from the caller’s data base and for any further information about the source of the data subject’s details.

How long do we keep your personal data?

By law, personal data must not be kept any longer than necessary for the purpose of marketing. We retain certain types of personal data in case we need to refer to it later for compliance purposes or are requested for legal reasons to share the data with authorised persons.

We keep complaints for three years.


What the law says, and what it means for Creative Flow Ltd and your data

Data protection law instructs us to take all appropriate measures to keep your personal data secure. This means we must take steps to protect your data against unauthorised or unlawful use, and against accidental loss, destruction or damage.

Will your personal data be kept secure?

Your personal data is personal to you, and should stay safe, and private. We know this is crucial in maintaining your trust in Creative Flow Ltd. We protect your details in many ways. These include staff training, investing in technology and following strict handling and storage procedures. The personal data collected is limited to information that is relevant and necessary. We take all appropriate steps to keep your data secure. We always follow data protection law and aim to apply best practice for information security. Our technology and information security systems are there to protect your personal data. We apply up to date data encryption tools and have specific policies in place, with dedicated staff training materials and contracts to ensure personal data is fully protected. This aims to prevent your data being lost, damaged or destroyed, or its unauthorised or unlawful use. All data is only kept for 3 months on our secure platform before being deleted. It is then stored indefinitely in our suppression files for compliance purposes. An email is not always secure. Unless your password protects or encrypt it, someone else could read it. If you wish to email us, in addition to your enquiry, you should only send enough personal information to 6 allow us to identify you, for example your name and telephone number. Please send to [email protected]  

Will your data be moved outside the European Economic Area?

Most of your personal data is handled and stored within the UK, Channel Islands and the Isle of Man. Some is processed outside the European Economic Area (EEA). We only allow data to be transferred when we are completely satisfied that our customers’ data is secure. Our suppliers are contractually obliged to incorporate technical, organisational and auditable measures into their own processes, to ensure any data is transferred safely.


Cookies are small data files used by websites to increase effectiveness. We use cookies to increase your security and help improve our site by recognising returning visitors to help us deliver a more personalised service to our users. Cookies can be necessary for the operation of some parts of the site. Most browsers accept cookies automatically, however, this can be disabled by activating the setting on your browser to reject cookies. Your IP address and information will also be collected if you make a submission on any of our contact forms.

Fairness and rights

What the law says and what it means for Creative Flow Ltd and your data

Data protection law gives you clear rights relating to your personal data and gives us clear rules about using it. The law says we must use your data lawfully, fairly and transparently. This means telling you how we use your data, who we share it with, and informing you about what data we hold about you, if requested you can also ask us to remove the data record.

How to find out what personal data we hold on you

You have the right to know what information we hold about you. You can ask to see specific personal data that we hold about you. This is known as a Subject Access Request, or SAR (under GDPR this is known as the right of access). We don’t charge for the first request, but we may charge a reasonable fee if the request is repetitive or unreasonable. A request for information under data protection law should be responded to within one month. Your rights as a data subject Data protection law gives you the right to object to Marketing Calls using your personal data.

Your Right to Opt Out

Please email [email protected] and confirm the phone number you wish to request to be opted out.

In all circumstances, you can ask us to remove your personal data to ensure you will get no further marketing from Creative Flow clients and for contacts details of the originating data controller.

If you ever feel your complaint has not been dealt by us to your satisfaction, you also have the right to complain to a relevant supervisory. More information about the Information Commissioner’s Office (ICO) can be found at www.ico.org.uk/concerns.

The right to object to processing

You can object to Creative Flow Ltd processing your personal data. As outlined in the GDPR your full rights in respect of your personal data are:

  • The right to be informed
  • The right to access
  • The right to rectification
  • The right to erasure
  • The right to restrict processing
  • The right to data portability
  • The right to object
  • Rights in relation to automated decision making and Accuracy

What the law says, and what it means for Creative Flow Ltd and your data

Your personal data must be kept accurate and up to date, with every reasonable step taken to ensure that inaccuracies are removed or rectified. This means that if a mistake or an error is discovered, by you or by us, we will put it right.

How accurate is the data held on our systems?

We will take all appropriate measures to make sure our records are correct. You can ask us to update any personal data if you think it’s wrong, out of date, or incomplete. Back to top How to opt out If you have received marketing calls and would like to stop these please email [email protected] – you will receive a response within 24 working hours to confirm your email has been received. A member of the compliance team will then investigate which data collection source has supplied your data for marketing. Creative Flow will then contact the source and get them to remove you from further marketing calls/being passed to any other organisations.

Creative Flow will also add you to our internal ‘Do Not Call’ list (DNC) to prevent processing your data from the data source whom collected it again. However, if you opt in at another date to a different source of data and you are not registered with the Telephone Preference Service this will override the Creative Flow Internal DNC list.

Right to be forgotten:

As a data subject you do have the right to be forgotten – again if you wish to exercise this right please email [email protected] with the number you have been contacted on This does mean that Creative Flow would not keep any trace of your record, therefore if the record was purchased again by Creative Flow there would be no way of screening this data not being passed to another client for marketing calls.

If you have completed your information on multiple sites, although Creative Flow will request you are opted out from the source where Creative Flow has acquired the data from there is no guarantee that other sources of data collection may be using your data.

 A majority of the data procured by Creative Flow for its clients comes from either ‘online competition sites’, ‘telephone surveys’, ‘face 2 face surveys’ or ‘paper surveys’. If you wish to take a survey of any type, please make sure you do not tick any of the boxes regarding getting calls from any ‘sponsors/partners/named companies’ as this means you have opted in for these companies to contact you.

We would recommend that you go to www.tpsonline.org.uk and register on the government run site – this is the Telephone Preference Service. Creative Flow always screen any data against the Telephone Preference Service (apart from where Explicit Consent has been given. Please note even though it may appear that you are on the TPS register as soon as you have added your number online, it may take up to 28 days to take effect. Back to top Changes to this policy We may amend this policy if the way we process your data, or the law relating to this, changes.

This Policy was last updated 11/03/2024