GDPR Policy

General Data Protection Regulation (GDPR) Policy

1. Introduction

besley & copp Ltd (“we”, “our”, “the Company”) is committed to protecting the rights, privacy, and security of all individuals whose personal data we process. This GDPR Policy outlines how we collect, use, store, share, and protect personal data in compliance with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and all applicable data protection legislation.

2. Purpose of This Policy

This document ensures that besley & copp: - Processes personal data lawfully, fairly, and transparently. - Collects data only for clear and legitimate purposes. - Minimises the data held to what is necessary. - Maintains accuracy and security of personal information. - Upholds the rights of data subjects.

3. Scope

This policy applies to: - All employees, contractors, and temporary staff. - All personal data processed by besley & copp. - All systems, processes, and communications where personal data is involved.

4. Definitions

  • Personal Data: Information relating to an identifiable individual.
  • Special Category Data: Sensitive personal data requiring additional protection.
  • Data Subject: Any individual whose personal data is processed.
  • Data Controller: besley & copp, determining the purpose and means of processing.
  • Data Processor: Any third party processing data on behalf of besley & copp.

5. Lawful Bases for Processing

besley & copp processes personal data under one or more of the following lawful bases: - Contract: To fulfil obligations related to customer or supplier contracts. - Legal Obligation: To meet statutory or regulatory requirements. - Legitimate Interests: For business operations where interests do not override individuals’ rights. - Consent: For marketing or activities requiring explicit permission.

6. Data Collection and Use

We collect personal data for purposes including: - Managing customer accounts and services. - Delivering BrandHub platform services. - Communication regarding orders, support, and marketing. - Employee administration.

Data collected may include names, contact details, payment information, usage activity, and business preferences.

7. Data Minimisation

besley & copp ensures that personal data collected is: - Adequate - Relevant - Limited to what is necessary

We avoid collecting excessive or irrelevant information.

8. Data Accuracy

We take reasonable steps to ensure data remains accurate and up to date. Individuals can request corrections at any time.

9. Data Storage and Security

We implement technical and organisational measures to safeguard data, including: - Secure servers and encrypted data storage - Access controls and authentication - Regular backups and cybersecurity practices - Staff training in data protection

10. Data Sharing and Third Parties

We may share personal data with: - Trusted suppliers involved in delivering our services - Technology partners supporting the BrandHub platform - Legal or regulatory authorities, when required

All third parties must comply with GDPR and sign appropriate data processing agreements.

11. International Data Transfers

If data is transferred outside the UK, besley & copp ensures adequate protections such as: - Standard contractual clauses - Verified adequacy decisions - Secure transfer mechanisms

12. Data Retention

We retain personal data only as long as necessary for: - Contractual obligations - Legal or regulatory compliance - Legitimate business needs

After this, data is securely deleted or anonymised.

13. Rights of Data Subjects

Individuals have the following rights: - Access to their personal data - Rectification of inaccurate or incomplete data - Erasure (“right to be forgotten”) where applicable - Restriction of processing - Data portability - Objection to processing based on legitimate interests or direct marketing - Withdrawal of consent at any time

Requests must be responded to within one month.

14. Data Breach Management

A data breach is any event leading to loss, unauthorised access, or misuse of personal data.

Besley & copp will: - Assess and document all data breaches - Notify the ICO within 72 hours if individuals’ rights are at risk - Inform affected individuals where there is a high risk of harm

15. Responsibilities

  • Directors: Ensure overall compliance and resources.
  • Data Protection Lead: Oversees day-to-day compliance and breach reporting.
  • Employees: Must follow this policy and attend required training.

16. Training and Awareness

All employees receive GDPR training appropriate to their roles. Refresher training is provided regularly.

17. Reviewing This Policy

This policy is reviewed annually or when legislation or business operations change.

18. Contact Information

For any queries or requests regarding personal data, contact: The Directors, besley & copp Ltd Email: support@besleyandcopp.co.uk

Shape

besley & copp is committed to protecting the privacy and security of all individuals whose data we handle. This GDPR Policy underpins our responsibility to uphold the highest standards of data protection and trust.

What we do
About usBrandHubOur ServicesContent HubReferral Program
Social
InstagramLinkedInFacebook
Sectors
Franchise & MultisiteEstate Agents
Legal
Terms & ConditionsPrivacy PolicyGDPR PolicyModern Slavery Policy
01392 477137
hello@besleyandcopp.co.uk
Book a demoContact us
besley&copp
© 2025 besley & copp Limited. All Rights Reserved. England & Wales Company Reg No. 00059148
VAT Registration Number GB 140715692
Cookie Consent

By clicking “Accept”, you agree to the storing of cookies on your device to enhance site navigation, analyze site usage, and assist in our marketing efforts. View our Privacy Policy for more information.

deny icon
Deny
allow icon
Accept