Privacy And Cookie Policy
Last updated: 7th July 2026
1. Introduction
This privacy notice tells you how we collect and process your personal data when you interact with us, including through our website, bloompm.co.uk.
Bloom Project Management Limited is the data controller and is responsible for your personal data (referred to as “we”, “us” or “our” in this privacy notice).
If you have any questions about this privacy notice or how we handle your data, please contact us using the details below.
Contact details
Yaeger Irwin, CEO and Founder
Bloom Project Management Limited
Registered address: Fawley House, 2 Regatta Place, Marlow Road, Bourne End, Buckinghamshire, SL8 5TD
Company number: 14880772
2. What data we collect, why, and our lawful basis
Personal data means any information capable of identifying an individual. It does not include anonymised data. We may process the following categories of personal data about you:
● Communication Data. This includes any communication you send us, whether through our website contact form, by email, or by phone, including your name, email address, and the content of your message. We process this data to respond to your enquiries, keep records of our correspondence, and establish, pursue, or defend legal claims if needed. Our lawful ground for this processing is our legitimate interests, namely responding to enquiries and maintaining appropriate business records.
● Client Data. When you engage us for project management services, this includes your name, job title, organisation, contact and billing details, and details of the services provided to you. We process this data to deliver our services, administer our contract with you, and keep records of the business relationship. Our lawful ground for this processing is the performance of a contract with you and/or taking steps at your request to enter into one.
● User Data. This includes data about how you use our website, such as pages visited. We process this data to operate our website, provide relevant content, and keep our website secure. Our lawful ground for this processing is our legitimate interests, namely properly administering our website and business.
● Technical Data. This includes your IP address, browser type, device information, and details of your visits to our website, collected via cookies set by our website platform, Squarespace. We process this data to understand how our website is used, keep it secure, and improve our content. Our lawful ground for this processing is our legitimate interests, namely properly administering and improving our website and business.
● Marketing Data. We do not currently operate an email marketing list or newsletter sign-up on our website. If this changes, our lawful ground for any such processing will be either your consent or our legitimate interests, namely growing our business, in each case in line with Section 4 below.
Required Processing: Where we ask you for personal data to respond to an enquiry or to provide our services, and you choose not to provide it, we may not be able to assist you or perform our contract with you.
We may process your personal data without your knowledge or consent where this is required or permitted by law.
Purposes of Processing
We will only use your personal data for the purpose it was collected for, or for a reasonably compatible purpose. If we need to use your data for a new, unrelated purpose, we will let you know and explain the legal grounds for that processing.
Sensitive Data and Criminal Conviction Data
We do not intentionally collect any Sensitive Data about you (this means data about race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, or health, genetic or biometric data), and we do not collect information about criminal convictions or offences. Please do not include this type of information in correspondence with us unless it is strictly necessary and relevant to your enquiry.
Automated Decision-Making
We do not carry out automated decision-making or any type of automated profiling that has a legal or similarly significant effect on you.
3. How we collect your personal data
We collect data about you when you provide it to us directly, for example by submitting our website contact form, emailing or calling us, or when you engage us for project management services. Our contact form asks for your first name, last name, email address, and message. We also automatically collect certain data through cookies and similar technologies when you use our website; see Section 12 (Cookies) below for details.
We may also receive data from third parties who provide website hosting and platform services (Squarespace, based in the United States).
4. Marketing communications
We do not currently send marketing communications via our website. If this changes, our lawful ground for doing so will be either your consent or our legitimate interests (namely growing our business), and in each case we will comply with the Privacy and Electronic Communications Regulations (PECR).
We will never share your personal details with any third party for their own marketing purposes.
5. Who we share your data with
We work with a small number of trusted third-party service providers who process personal data on our behalf, including:
● Squarespace — our website hosting and platform provider
● Spotify — hosting embedded audio content for our podcast, which appears on our website
We may also share your data with:
● Professional advisers, including our accountants, bankers, and insurers
● Government or regulatory bodies, where we are required to report processing activities
● Any third party to whom we sell, transfer, or merge parts of our business
We require all third parties who process your data on our behalf to respect its security and treat it in accordance with the law. We only allow them to process your data for specified purposes, in line with our instructions. We do not sell your personal data.
6. International transfers
Some of our service providers (such as Squarespace and Spotify) may process your data on servers located outside the UK and the European Economic Area (EEA), including in the United States. Where this happens, we ensure appropriate safeguards are in place, as set out below.
Where You Are Within the United Kingdom
We are subject to the UK General Data Protection Regulation (UK GDPR), which protects your personal data. Where we transfer your data to third parties outside the UK, we ensure a similar degree of security is in place. As such:
● We may transfer your personal data to countries that UK regulatory authorities have approved as providing an adequate level of protection; or
● If we use US-based providers that are part of the UK-US Data Bridge (the UK Extension to the EU-US Data Privacy Framework), we may transfer data to them, as they have equivalent safeguards in place; or
● Where we use service providers established outside the UK, we may rely on specific contracts approved by the ICO (such as the International Data Transfer Agreement or the UK Addendum to the EU Standard Contractual Clauses), or approved codes of conduct or certification mechanisms.
If none of the above safeguards is available, we may request your explicit consent to the specific transfer. You may withdraw this consent at any time.
Where You Are Within the EEA
We are subject to the EU General Data Protection Regulation (EU GDPR), which protects your personal data. Where we transfer your data to third parties outside the EEA, we ensure a similar degree of security is in place. As such:
● We may transfer your personal data to countries that the European Commission has approved as providing an adequate level of protection (this includes the UK); or
● If we use US-based providers that are part of the EU-US Data Privacy Framework, we may transfer data to them, as they have equivalent safeguards in place; or
● Where we use service providers established outside the EEA, we may rely on the EU Standard Contractual Clauses adopted by the European Commission, or approved codes of conduct or certification mechanisms.
If none of the above safeguards is available, we may request your explicit consent to the specific transfer. You may withdraw this consent at any time.
7. Data security
We have implemented robust security measures to protect your personal data from accidental loss, misuse, alteration, disclosure, or unauthorised access. Access to your personal data is restricted to individuals who have a genuine business need to know it. All personnel processing your data on our behalf are required to maintain confidentiality and adhere to our instructions.
We employ various security measures, including encryption, firewalls, and access controls, to safeguard your data. In the event of a suspected personal data breach, we have procedures in place to manage the situation and will notify you and any applicable regulator as required by law.
8. Data retention
We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected, including meeting any legal, accounting, or reporting obligations.
● Enquiries: We keep records of your enquiries for as long as reasonably necessary to address your request and any resulting business relationship, in line with our standard record-keeping practices.
● Client Data: We retain basic contact, identity, and transaction data for six years following the end of our business relationship to comply with tax and accounting regulations.
● Technical/Cookie Data: This data is retained only for the durations set out in the cookie table in Section 12 below, and is not used to identify individual visitors.
In determining retention periods, we consider the nature and sensitivity of the data, the potential risk of harm from unauthorised use or disclosure, the purposes of processing, and any legal requirements. We may anonymise your data for research or statistical purposes, allowing us to use it indefinitely without further notice.
You can request the deletion of your personal data by contacting us at admin@bloompm.co.uk.
9. Your legal rights
Under data protection law, you have several rights regarding your personal data, including the right to:
● Be informed about how your personal data is used
● Access a copy of the personal data we hold about you
● Have inaccurate personal data corrected
● Have your personal data erased in certain circumstances
● Restrict or object to how we use your personal data
● Receive your personal data in a portable format in certain circumstances
● Withdraw consent at any time, where we rely on consent as our lawful basis
You will not be charged a fee to access your personal data or exercise your other rights. However, we may charge a reasonable fee or refuse to comply if your request is clearly unfounded, repetitive, or excessive. We may need to request specific information to confirm your identity and your right to access the data, as a security measure to ensure that data is not disclosed to unauthorised individuals.
We aim to respond to all legitimate requests within one month of receipt. If your request is complex or if you have made multiple requests, we may extend the response period by up to two additional months, notifying you within one month if an extension is necessary and the reasons for it.
10. How to complain
We will acknowledge your complaint within 30 days of receiving it and will investigate without undue delay. We will keep you informed of our progress and communicate the outcome clearly, providing sufficient detail for you to understand how we reached our conclusion. Complaints can be submitted via the contact details outlined in this policy.
11. Third-party links
Our website may contain links to third-party websites, plug-ins, and applications, including embedded content such as our podcast episodes. Clicking on these links or enabling these connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy practices. We encourage you to review the privacy notices of any websites you visit after leaving our site.
12. Cookies
Our website uses cookies, provided via our website platform, Squarespace, to enhance functionality and understand how visitors use the site.
● Essential Cookies: These are necessary for the website to function correctly (e.g., preventing cross-site request forgery) and are set by our website platform, Squarespace. Essential cookies do not require your consent and cannot be rejected via the cookie banner.
● Analytics Cookies: These help us understand website traffic and visitor behaviour, such as visit duration and session activity. This data is aggregated and does not directly identify you. You can accept or reject these cookies via the cookie banner shown when you first visit our website, and change your choice at any time using the 'Manage cookies' link.
When you first visit our website, you will see a cookie banner giving you the choice to accept or reject non-essential cookies. Essential cookies do not require consent and will always be active, as they are necessary for the website to function.
Details of the cookies we use:
crumb - www.bloompm.co.uk - Squarespace sets this cookie to prevent cross-site request forgery (CSRF) - Session - Necessary
ss_cvr - www.bloompm.co.uk - Squarespace sets this cookie to identify unique visitors and track a visitor's sessions on the site - 1 year 1 month 4 days - Analytics
ss_cvt - www.bloompm.co.uk - Squarespace sets this cookie to identify unique visitors and track a visitor's sessions on the site - 1 hour - Analytics
test - bloompm.co.uk - Used by Squarespace for diagnostic/testing purposes - Never - Other
You can change your cookie preferences at any time using the 'Manage cookies' link on our website. You can also block or delete cookies through your browser settings; please note that doing so may affect how parts of the website function.
Our podcast page embeds content from Spotify, which may set its own cookies when you interact with the embedded player. This is subject to Spotify's own privacy policy and terms of service, as well as this policy.
13. Changes to this policy
We may update this policy periodically to reflect changes in the law or how our website operates. Any updated version will be posted on this page with a revised “Last updated” date. We encourage you to review this policy regularly. Significant changes will be communicated to you via email or a prominent notice on our website.