Data Processing Agreement
Last updated: 1 July 2026
On this page
1. Purpose of this agreement
This Data Processing Agreement explains how Que Media processes personal data on behalf of clients when delivering websites, CRM systems, forms, automation, email follow-up, SMS follow-up, ads tracking, reporting and related digital services.
This agreement sets out the data protection responsibilities that apply where a client acts as the controller and Que Media acts as the processor of personal data.
Business name: Que Media Ltd
Company number: 12705152
Registered in: England and Wales
Registered office: 53a Warwick Rd, Solihull, B92 7HS
Email: hello@quemedia.co.uk
Website: quemedia.co.uk
2. Roles of the parties
| Item | Details |
|---|---|
| Controller | The client, where the client decides why and how personal data is processed. |
| Processor | Que Media, where Que Media processes personal data on the client’s behalf. |
| Processing purpose | Website forms, CRM setup, automation, lead follow-up, email/SMS, reporting, integrations and related services. |
| Data subjects | Client leads, customers, prospects, website users, contacts and staff where relevant. |
| Personal data | Names, emails, phone numbers, enquiry details, booking details, CRM notes, communication history and related records. |
| Duration | For the term of the client service unless otherwise agreed or required by law. |
3. Client as controller
The client is responsible for deciding the purposes and lawful basis for processing personal data collected through their website, forms, CRM, campaigns, email lists and related systems.
The client is responsible for providing appropriate privacy information to its own customers, leads and contacts, and for ensuring it has permission or another lawful basis for marketing and follow-up activity.
4. Que Media as processor
Where Que Media processes personal data on behalf of a client, Que Media will act only on the client’s documented instructions unless required by law to do otherwise.
Que Media will process personal data only as needed to provide agreed services, support, maintenance, integrations, automation or related work.
5. Scope of processing
Processing may include collecting, recording, organising, storing, accessing, configuring, transferring, updating, deleting, analysing or otherwise handling personal data in connection with agreed services.
Examples include form submissions, lead capture, CRM records, pipeline stages, booking data, email/SMS follow-up, automation workflows, reporting dashboards and campaign tracking.
6. Types of personal data
The personal data processed may include:
- names;
- email addresses;
- phone numbers;
- business names;
- website URLs;
- enquiry messages;
- booking and appointment details;
- CRM notes and status information;
- email/SMS communication history;
- technical identifiers such as IP addresses where relevant;
- marketing preferences and consent records where configured.
7. Categories of data subjects
The personal data may relate to:
- client leads and prospects;
- client customers;
- website visitors;
- people submitting forms or booking appointments;
- email or SMS subscribers;
- client staff or team members where relevant.
8. Processing instructions
Que Media will process personal data only on documented client instructions, including instructions set out in proposals, emails, project briefs, service agreements, support requests or platform configurations.
If Que Media believes an instruction may breach data protection law, we may raise this with the client before continuing where appropriate.
9. Confidentiality
Que Media will take reasonable steps to ensure that anyone authorised to process client personal data is subject to appropriate confidentiality obligations.
Access to client personal data will be limited to people who need access to deliver agreed services.
10. Security measures
Que Media will use appropriate technical and organisational measures designed to protect personal data against unauthorised access, loss, misuse, alteration or disclosure.
Measures may include password protection, access controls, secure platforms, updates, backups, limited account permissions and use of reputable third-party service providers.
No online platform or system can be guaranteed completely secure, but Que Media aims to use measures appropriate to the nature of the personal data being processed.
11. Sub-processors
Que Media may use third-party sub-processors to provide services. These may include hosting providers, CRM platforms, automation tools, form tools, email/SMS providers, analytics tools, advertising platforms, booking systems, AI chat tools and file storage providers.
Where required, Que Media will take reasonable steps to ensure sub-processors provide appropriate safeguards for personal data.
Examples of possible sub-processors
Examples may include website hosting providers, WordPress tools, CRM platforms, automation platforms, Google, Meta, email and SMS providers, booking systems, AI chat providers and file storage providers. The exact list may vary depending on the client setup.
12. International transfers
Some third-party platforms or service providers may process or store data outside the UK. Where this happens, Que Media will seek to use providers that offer appropriate safeguards for international data transfers where required under applicable data protection law.
The client should also review the terms and transfer mechanisms of any third-party platforms it chooses to use.
13. Data subject rights
Where a data subject contacts Que Media about personal data processed on behalf of a client, Que Media may refer the request to the client unless otherwise required by law.
Que Media will provide reasonable assistance to the client, where possible and appropriate, to help the client respond to data subject rights requests.
14. Personal data breaches
If Que Media becomes aware of a personal data breach affecting client personal data, we will notify the client without undue delay after becoming aware of it.
We will provide reasonable information available to us to help the client assess and respond to the breach.
15. Return or deletion of data
At the end of the services, Que Media will, where reasonably possible, return, delete or assist with exporting client personal data, depending on the agreed service, platform access and client instructions.
Some records may be retained where required for legal, accounting, dispute resolution or legitimate business purposes.
The client should ensure that any information it wishes to retain has been exported or backed up before access to third-party systems or services ends.
16. Audits and information requests
Que Media will provide reasonable information to help demonstrate compliance with this agreement, subject to confidentiality, security and reasonable notice.
Any audit or information request must be proportionate, reasonable and not disrupt Que Media’s business or compromise the security or confidentiality of other clients.
17. Client Responsibilities
The client is responsible for ensuring that the information it collects and processes complies with applicable data protection law. This includes obtaining any necessary consents, providing privacy information and configuring its systems and marketing activities in a lawful manner.18. End of services
When services end, the client is responsible for arranging continued access to any systems, platforms, domains, hosting, CRM tools, email services, advertising accounts or third-party subscriptions required for its business.
Que Media may remove access, discontinue services or archive project records in line with the agreed service terms.
19. Contact details
If you have questions about this Data Processing Agreement, please contact Que Media.
Email: hello@quemedia.co.uk
Website: quemedia.co.uk
Contact page: quemedia.co.uk/contact/