Beeson and Beeson Ltd customer privacy notice
This privacy notice tells you what to expect us to do with your personal information.
Contact details
Post: Beeson And Beeson Limited, 5 The Street, GILLINGHAM, Dorset, SP8 5RZ, GB
Telephone: 01747838212
Email: gareth@beesonandbeeson.com
What information we collect, use, and why
We collect or use the following information to provide and improve products and services for clients:
Names and contact details
Addresses
Financial data (including income and expenditure)
Usage data (including information about how you interact with and use our website, products and services)
Video recordings
Audio recordings (eg calls)
Records of meetings and decisions
Website user information
We collect or use the following personal information for the operation of client or customer accounts:
Names and contact details
Addresses
Purchase or service history
Information used for security purposes
Marketing preferences
We collect or use the following personal information for information updates or marketing purposes:
Names and contact details
Addresses
Marketing preferences
Website and app user journey information
IP addresses
We collect or use the following personal information to comply with legal requirements:
Name
Contact information
Client account information
Lawful bases and data protection rights
Under UK data protection law, we must have a “lawful basis” for collecting and using your personal information. There is a list of possible lawful bases in the UK GDPR. You can find out more about lawful bases on the ICO’s website.
Which lawful basis we rely on may affect your data protection rights which are set out in brief below. You can find out more about your data protection rights and the exemptions which may apply on the ICO’s website:
Your right of access - You have the right to ask us for copies of your personal information. You can request other information such as details about where we get personal information from and who we share personal information with. There are some exemptions which means you may not receive all the information you ask for. Read more about the right of access.
Your right to rectification - You have the right to ask us to correct or delete personal information you think is inaccurate or incomplete. Read more about the right to rectification.
Your right to erasure - You have the right to ask us to delete your personal information. Read more about the right to erasure.
Your right to restriction of processing - You have the right to ask us to limit how we can use your personal information. Read more about the right to restriction of processing.
Your right to object to processing - You have the right to object to the processing of your personal data. Read more about the right to object to processing.
Your right to data portability - You have the right to ask that we transfer the personal information you gave us to another organisation, or to you. Read more about the right to data portability.
Your right to withdraw consent – When we use consent as our lawful basis you have the right to withdraw your consent at any time. Read more about the right to withdraw consent.
If you make a request, we must respond to you without undue delay and in any event within one month.
To make a data protection rights request, please contact us using the contact details at the top of this privacy notice.
Our lawful bases for collecting and using your personal information
We collect and use personal information for a range of purposes, including providing and improving our products and services, operating client accounts, delivering information updates or marketing communications, and complying with legal requirements. Depending on the context, we rely on the following lawful bases under UK GDPR:
Consent
We may process your information when you have given us permission after receiving all relevant information. All of your data protection rights may apply, except the right to object. You may withdraw your consent at any time.
Contract
We process personal information where it is necessary to enter into, or carry out, a contract with you. All of your data protection rights may apply, except the right to object.
Legal obligation
We process personal information when required to comply with the law. All of your data protection rights may apply, except the right to erasure, the right to object, and the right to data portability.
Legitimate interests
We process personal information where it benefits you, our organisation, or a third party, without causing undue risk to your rights or freedoms. All of your data protection rights may apply, except the right to portability.
Our legitimate interests include providing and continually improving our products and services for clients. This may involve activities such as delivering design work effectively, communicating throughout projects, maintaining secure and reliable systems, and refining services based on client needs. These activities are recognised under GDPR as valid commercial interests when balanced appropriately.
We only collect information that is relevant and essential for these purposes, ensuring that processing is necessary and proportionate. The benefits—such as accurate project delivery, enhanced client experience, and secure operations—are balanced against potential risks, which we minimise through data reduction, secure handling, and transparent communication.
We also carry out a balancing assessment to ensure our legitimate interests do not override individuals’ rights or reasonable expectations. You may object to processing based on legitimate interests at any time. Where the objection relates to direct marketing, we will stop immediately, as required by GDPR.
For more information about how we apply legitimate interests as a lawful basis, please contact us using the details provided above.
Where we get personal information from
Directly from you
CCTV footage or other recordings
Providers of marketing lists and other personal information
Suppliers and service providers
How long we keep information
Data Retention Policy
We will normally keep your information throughout the period of time that we do work for you and afterwards for a minimum period of six years pursuant to our terms and conditions of business as we are required to do by law.
Who we share information with
Data processors
Accountancy
This data processor does the following activities for us: Our accountant and accounting software process our financial records, including payroll, VAT submissions, invoicing, payments, and business expenses, to ensure accurate bookkeeping and compliance with legal and tax requirements.
Marketing
This data processor does the following activities for us: Our marketing platforms (i.e. Mailchimp and LinkedIn) are used to manage and deliver our marketing communications, including email campaigns, newsletters, and audience insights, helping us share relevant updates and information with individuals who have shown interest in our services.
Administration and communication
Our administrative and communication tools (such as Microsoft, Zoom, Fathom, and Calendly) are used to manage daily business operations, including scheduling meetings, conducting video calls, securely storing and sharing documents, and supporting efficient internal and external communication.
International Data Transfers
Where necessary, we may transfer personal information outside the UK. When doing so, we comply with the UK GDPR and ensure appropriate safeguards are in place.
These safeguards may include:
UK adequacy regulations
The UK Extension to the EU‑US Data Privacy Framework (DPF)
UK Addendum to the EU Standard Contractual Clauses (SCCs)
The UK International Data Transfer Agreement (IDTA)
For further information, or to request a copy of the safeguards used, please contact us using the contact details provided above.
International Transfers – Service Providers
Below are the transfer mechanisms confirmed by each provider’s official GDPR/DPF documentation.
| Organisation | Category of Recipient | Destination Country | Transfer Mechanism (UK GDPR) |
|---|---|---|---|
| MailChimp (Intuit) | Email marketing & automations | USA | UK–US Data Privacy Framework (DPF) (MailChimp/Intuit certified) |
| Squarespace | Website hosting & CMS | USA | UK Addendum to EU SCCs |
| Fathom Analytics | Privacy‑focused analytics | Canada / USA | Canada adequacy; SCCs/IDTA if US processing |
| Calendly | Scheduling & bookings | USA | EU SCCs with UK Addendum |
| Tally | Forms, surveys, lead capture | Belgium (EU) / USA | EU SCCs + UK Addendum |
| Zapier | Workflow automation | USA | UK–US DPF + EU SCCs + UK Addendum |
| Microsoft 365 | Cloud services & productivity | EU / USA | EU SCCs / UK Addendum |
| ClickUp | Project & task management | USA | EU SCCs / UK Addendum / IDTA |
| Zoom | Video conferencing | USA | EU SCCs + UK Addendum |
Others we share personal information with
Publicly on our website, social media or other marketing and information media
Suppliers and service providers
Professional consultants
How to complain
If you have any concerns about our use of your personal data, you can make a complaint to us using the contact details at the top of this privacy notice.
If you remain unhappy with how we’ve used your data after raising a complaint with us, you can also complain to the ICO.
The ICO’s address:
Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
Helpline number: 0303 123 1113
Website: https://www.ico.org.uk/make-a-complaint
Last updated: Feb.2026