Skip to main content

Privacy Policy

Last updated: 11/11/25

1. Who we are

BRNB Limited (“we”, “us”, “our”)
Registered in England and Wales
Company number: 15041952
Registered office: Mansion House, Manchester Road, Altrincham, Cheshire, England, WA14 4RW

We act as a data controller for the purposes of the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018 in relation to the personal data described in this policy.

2. How to contact us

If you have any questions about this policy or our handling of personal data, please contact:

  • Email: [email protected]
  • Postal: BRNB Limited, Mansion House, Manchester Road, Altrincham, Cheshire, England, WA14 4RW

3. Scope

This policy applies to:

  • Representatives, employees, contractors, and other contacts of our corporate and business clients, suppliers, and partners.
  • Visitors to our website and users of our services in a business context.

We operate on a business to business (B2B) basis. Personal data we process relates primarily to individuals acting in a professional capacity.

We do not offer services directly to consumers or children.

4. Personal data we collect

We may collect and process the following categories of personal data:

  • Identity and professional data:
    • Name, job title, role, employer, professional profile information.
  • Contact data:
    • Business email address, business telephone number, business postal address.
  • Business relationship data:
    • Account details, engagement history, meeting notes, records of communications, contractual documentation.
  • Transaction and billing data:
    • Services provided, invoices, payment records, purchase orders.
    • Any payment card details are handled by our chosen payment provider (if used) and are not stored by us.
  • Technical and usage data:
    • IP address, device and browser type, operating system, access times, pages or resources accessed, interaction logs.
  • Marketing and communication data:
    • Preferences regarding marketing, records of communications and event participation.

We do not intentionally collect:

  • Special category data (such as health data, trade union membership, political opinions, or religious beliefs).
  • Personal data relating to children.

If such information is provided inadvertently, we will handle it securely and, where appropriate, delete it.

5. How we collect your data

We collect personal data in the following ways:

  • Directly from you:
    • When you or your organisation contact us, request information, enter into an agreement, or use our services.
  • From your organisation:
    • Where your employer or organisation provides your details as a contact, user, or authorised representative.
  • Automatically:
    • When you access our website or services, through logs, cookies, and similar technologies (in accordance with your settings and applicable law).
  • From third parties and public sources:
    • Professional and business directories, referrals, professional networking sites, Companies House, and our service providers.

6. How we use your personal data

We use personal data for the following purposes:

  • Service delivery and relationship management:
    • To provide, manage, and support our services.
    • To manage contracts, projects, and client or supplier relationships.
  • Communication:
    • To respond to enquiries and support requests.
    • To provide operational and service related updates.
  • Business operations:
    • To manage billing, payments, accounting, auditing, and internal administration.
  • Service improvement and security:
    • To monitor performance, troubleshoot issues, enhance functionality, and maintain the security and integrity of our systems.
  • B2B marketing:
    • To send relevant information about our services to business contacts where permitted by law.
    • You can object or opt out at any time.
  • Legal and compliance:
    • To comply with legal obligations.
    • To establish, exercise, or defend legal claims.
    • To enforce our agreements and protect our rights.

We do not sell personal data and do not use it for unrelated consumer style advertising.

7. Legal bases for processing

We rely on one or more of the following legal bases under UK data protection law:

  • Contract:
    • Where processing is necessary to enter into or perform a contract with your organisation or to take steps at your request.
  • Legitimate interests:
    • To manage and develop our B2B relationships.
    • To communicate with clients, prospects, and suppliers about relevant services.
    • To maintain and improve our services and IT security.
    • To keep appropriate business, financial, and audit records.
    • We assess and balance our interests against the rights and expectations of individuals.
  • Consent:
    • Where we rely on consent, for example for certain optional communications or cookies.
    • You may withdraw consent at any time.
  • Legal obligation:
    • Where processing is necessary to comply with legal obligations under UK law (such as tax, accounting, and regulatory requirements).

8. Sharing your personal data

We may share personal data with:

  • Service providers:
    • UK and UK compatible (for example EEA or other adequate) providers of hosting, cloud and IT services, communications, CRM, analytics, and related tools acting on our instructions.
  • Professional advisers:
    • Lawyers, accountants, auditors, and insurers where reasonably necessary.
  • Subcontractors and partners:
    • Where they assist us in delivering services to your organisation, subject to appropriate contractual and confidentiality safeguards.
  • Public authorities:
    • Regulators, law enforcement, or courts where required by law or where necessary to protect our legal rights.

We do not sell your personal data.

Where third parties act as our processors, we require them to handle personal data securely and only in accordance with our instructions.

9. International transfers

We do not use US based providers.

Where personal data is transferred outside the UK (for example to service providers or infrastructure in countries recognised as adequate, or in the EEA), we ensure appropriate safeguards are in place in accordance with UK data protection law, such as:

  • UK adequacy regulations; or
  • UK approved standard contractual clauses or equivalent mechanisms.

You may contact us for further information about relevant safeguards.

10. Data retention

We retain personal data only for as long as necessary for the purposes set out in this policy, including to:

  • Provide our services and manage business relationships.
  • Comply with legal and regulatory obligations.
  • Resolve disputes and enforce agreements.

Indicative retention periods:

  • Client, supplier, and contract records:
    • Typically up to 6 years after the end of the relevant relationship or contract.
  • Financial and transactional records:
    • At least 6 years to comply with tax and accounting requirements.
  • Routine B2B contact data and correspondence:
    • While actively engaged in a relationship or potential relationship, then deleted or anonymised when no longer required.
  • Marketing contact data:
    • Until you opt out or we determine it is no longer appropriate to contact you.

We apply data minimisation and implement deletion or anonymisation when data is no longer needed.

11. Security

We take appropriate technical and organisational measures to protect personal data, which may include:

  • Access controls and role based permissions.
  • Secure hosting and encrypted connections where appropriate.
  • System monitoring, logging, and configuration management.
  • Staff and contractor confidentiality obligations.

While no system can be completely secure, we work to ensure a level of security appropriate to the nature of the data and the risks involved.

12. Your rights

Individuals whose personal data we process have the following rights under UK data protection law (subject to conditions and exemptions):

  • Right to be informed about how their data is used.
  • Right of access to their personal data.
  • Right to rectification of inaccurate or incomplete data.
  • Right to erasure in certain circumstances.
  • Right to restrict processing in certain circumstances.
  • Right to data portability for certain data provided to us.
  • Right to object:
    • To processing based on our legitimate interests.
    • To direct marketing at any time.
  • Rights in relation to automated decision making and profiling:
    • We do not carry out solely automated decisions with legal or similarly significant effects.

To exercise any of these rights, please contact us at [email protected] or via the postal address above. We may need to verify your identity. There is usually no fee for such requests.

13. Cookies and similar technologies

If we use cookies or similar technologies:

  • Essential cookies:
    • Used to operate our website and services.
  • Non essential cookies (such as analytics or performance cookies):
    • Used in accordance with applicable law and, where required, based on your consent.

Further details, if applicable, are provided in our Cookie Policy.

14. Marketing communications

In a B2B context, we may contact you at your business contact details regarding services that are relevant to your role or organisation, in line with UK privacy and electronic communications rules.

You can opt out at any time by:

  • Using the unsubscribe link or instructions in our communications; or
  • Contacting us at [email protected].

We will continue to send service or transaction related communications where necessary.

15. Third party links

Our website or materials may contain links to third party websites or services. We are not responsible for the content or privacy practices of those third parties. You should review their privacy policies separately.

16. Changes to this policy

We may update this privacy policy from time to time to reflect changes in our services, our use of personal data, or applicable law. The updated version will be made available on our website and marked with a revised “Last updated” date.

17. How to complain

If you have concerns about how we handle personal data, please contact us first at [email protected] so we can try to resolve the issue.

You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO):

  • Website: https://ico.org.uk
  • Telephone: 0303 123 1113
  • Address: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF