Privacy Policy & Data Protection Last Updated: January 14, 2026

WHO WE ARE & HOW TO CONTACT US DealFlow Media ("we," "our," or "us") operates dealflow.media and provides podcast production, video content creation, and media consulting services for businesses and organizations across the United Kingdom. Data Controller: DealFlow Media Locations: Manchester and London, United Kingdom Email: team@dealflow.media Phone: +44 808 502 0500 We are committed to protecting your personal data and respecting your privacy rights. This Privacy Policy explains how we collect, use, store, and protect your information in full compliance with the General Data Protection Regulation (GDPR) and the UK Data Protection Act 2018. YOUR DATA PROTECTION RIGHTS UNDER GDPR Under UK and EU data protection law, you have the following rights: Right to access - Request copies of your personal data Right to rectification - Request correction of inaccurate or incomplete data Right to erasure - Request deletion of your personal data (subject to legal obligations) Right to restrict processing - Request limitation of how we use your data Right to data portability - Receive your data in a structured, commonly used format Right to object - Object to processing based on legitimate interests or direct marketing Right to withdraw consent - Withdraw consent at any time where we rely on consent To exercise any of these rights, contact us at team@dealflow.media. We will respond to your request within one month. If you are not satisfied with our response, you have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk. LEGAL BASIS FOR DATA PROCESSING We process your personal data lawfully under the following bases: Contract performance - To deliver podcast production and content services you've commissioned Consent - For marketing communications and non-essential cookies (you can withdraw anytime) Legitimate interests - For business operations, fraud prevention, and improving our services Legal obligation - To comply with UK accounting, tax, and regulatory requirements We collect only the minimum data necessary for specified purposes and retain it no longer than required.

WHAT PERSONAL DATA WE COLLECT We collect and process the following categories of personal data: Contact Information: Full name, email address, phone number Company name, job title, business address Social media handles (if provided for production purposes) Communication Records: Email correspondence and inquiry forms Phone call notes and meeting records Podcast interview recordings (with explicit consent) Video call recordings for production purposes (with consent) Production Data: Content you provide (scripts, talking points, brand guidelines) Media files (audio recordings, video footage, images) Feedback and revision requests Project briefs and creative direction Technical Data: IP address, browser type, and version Device information and operating system Cookie data and website usage patterns Time zone settings and location data Financial Information: Payment details (processed securely through third-party payment processors) Billing address and invoice history Purchase records and transaction data HOW WE USE YOUR INFORMATION We use your personal data for the following purposes: Service Delivery (Legal basis: Contract performance) - Producing podcasts, videos, and content as commissioned - Managing projects and delivering final media files - Providing technical support and revisions - Recording and editing interviews and presentations Communication (Legal basis: Legitimate interest) - Responding to inquiries and quote requests - Providing customer support and project updates - Sending transactional emails about your projects - Notifying you of service changes or issues Marketing (Legal basis: Consent) - Sending newsletters with industry insights and tips - Sharing case studies and portfolio updates - Promoting new services and special offers - Inviting you to events or webinars - You can opt out of marketing at any time via unsubscribe links Business Operations (Legal basis: Legitimate interest) - Improving our services and user experience - Analyzing website traffic and engagement - Preventing fraud and ensuring security - Managing accounts and billing Legal Compliance (Legal basis: Legal obligation) - Meeting UK tax and accounting requirements (7-year retention) - Complying with regulatory obligations - Responding to legal requests and court orders DATA RETENTION PERIODS We retain your personal data only as long as necessary: Active client data - Duration of business relationship plus 7 years (UK accounting law) Marketing data - Until you withdraw consent or 3 years of inactivity Production files - As specified in your service contract (typically 2-5 years) Website analytics - 26 months (Google Analytics default) Email correspondence - 7 years for business records Inquiry forms (non-clients) - 2 years, then deleted After retention periods expire, we securely delete or anonymize your data. SECURITY MEASURES WE IMPLEMENT We protect your data with robust technical and organizational measures: Technical Safeguards: - End-to-end encryption for data in transit (TLS/SSL) - Encryption at rest for stored files and databases - Secure cloud storage with ISO 27001-certified providers - Regular security audits and vulnerability assessments - Firewall protection and intrusion detection systems - Secure backup systems with encrypted storage Organizational Safeguards: - Role-based access controls (staff access only necessary data) - Confidentiality agreements for all team members - Regular data protection training for staff - Documented data handling procedures - Incident response plan for data breaches - Annual security policy reviews

SERVICE PROVIDERS & DATA PROCESSORS We share personal data only when necessary with trusted third-party processors who meet GDPR standards. All service providers are bound by data processing agreements ensuring compliance, security, and limited data use. Cloud Storage & Hosting: - Media file storage and backup services - Website hosting providers - Content delivery networks (CDNs) Production Tools: - Audio editing and mastering platforms - Video editing and rendering services - Podcast hosting and distribution platforms - Transcription services (for interview content) Communication Services: - Email service providers - Video conferencing platforms (Zoom, Microsoft Teams) - Project management tools Payment Processing: - Secure payment gateways (we do not store full card details) - Invoicing and accounting software Marketing & Analytics: - Email marketing platforms (for newsletter subscribers only) -Google Analytics (with IP anonymization enabled) - Social media platforms (for content distribution) We never sell, rent, or trade your personal data to third parties for their marketing purposes. INTERNATIONAL DATA TRANSFERS Some of our service providers may process data outside the United Kingdom or European Economic Area (EEA). When this occurs, we ensure adequate protection through: - Standard Contractual Clauses (SCCs) - EU-approved contract terms - Adequacy decisions - Countries recognized by the UK/EU as providing adequate protection - Data Processing Agreements - Binding commitments to GDPR-equivalent standards - Technical safeguards - Encryption and access controls You have the right to request information about international transfers and obtain copies of safeguards by contacting team@dealflow.media. COOKIE POLICY & ANALYTICS We use cookies and similar technologies to improve your website experience: Essential Cookies (always active): - Session management and site functionality - Security and fraud prevention - Load balancing and performance Analytics Cookies (with your consent): - Google Analytics (IP anonymization enabled) - Website traffic and user behavior analysis - Performance monitoring and optimization Marketing Cookies (with your consent): - Social media integration - Conversion tracking for advertising - Personalized content recommendations Managing Cookies: You can control cookie preferences through: - Our cookie consent banner (first visit) - Your browser settings (block or delete cookies) - Opt-out tools provided by third parties (e.g., Google Analytics opt-out) Note that disabling essential cookies may affect website functionality.

AGE RESTRICTIONS & PARENTAL CONSENT Our services are intended for business professionals and organizations. We do not knowingly collect personal data from individuals under 16 years of age without verifiable parental or guardian consent. If you are under 16, please do not submit any personal information through our website or services without your parent or guardian's permission. Parental Rights: If you believe we have inadvertently collected data from a child under 16 without proper consent, please contact us immediately at team@dealflow.media. We will investigate and delete such information within 72 hours. Parents and guardians have the right to: - Review personal data collected from their child - Request deletion of their child's data - Refuse further collection or use of their child's information SPECIAL SAFFEGUARDS FOR MINORS When producing content that features individuals under 18 (such as educational podcasts, youth programs, or family-oriented content), we implement additional protections: Enhanced Consent Process: - Obtain explicit written consent from parents/guardians before recording - Clearly explain how content will be used and distributed - Provide detailed information about data retention and rights - Offer opt-out mechanisms at any stage of production Content Protection: - Minimize personal data collection from minors - Avoid collecting sensitive information (location, school details) - Implement stricter access controls for content featuring minors - Provide options to blur faces or use pseudonyms when appropriate Ongoing Rights: - Parents can request removal of their child from published content - We honor requests to stop distribution of content featuring minors - Regular reviews of content involving children to ensure continued appropriateness DATA BREACH NOTIFICATION PROCESS While we implement robust security measures, no system is completely immune to breaches. In the unlikely event of a data breach affecting your personal information: Our Commitment: - We will notify affected individuals within 72 hours of becoming aware of the breach - We will report the breach to the Information Commissioner's Office (ICO) as required by GDPR - We will provide clear information about the nature of the breach, potential impact, and remedial actions What We'll Tell You: - What data was compromised - When the breach occurred and was discovered - Potential consequences and risks - Steps we've taken to contain and remedy the breach - Recommendations for protecting yourself (if applicable) - Contact information for questions and support Your Actions: If you suspect unauthorized access to your data or notice suspicious activity, contact us immediately at team@dealflow.media. CHANGES TO THIS PRIVACY POLICY We may update this Privacy Policy periodically to reflect changes in our practices, services, legal requirements, or industry standards. How We Notify You: - Significant changes will be communicated via email to registered users - Updates will be posted prominently on our website with a revised "Last Updated" date - For material changes affecting your rights, we may request renewed consent Your Acceptance: Continued use of our services after changes are posted constitutes acceptance of the updated Privacy Policy. We encourage you to review this page regularly to stay informed about how we protect your data.