Our Data Promise

Our Data Promise 

We are committed to protecting and respecting the privacy of our members and stakeholders. This policy sets out the basis on which, in your capacity as a business, any personal data we collect from you (relating to your business) or you provide to us will be processed, shared or transmitted by us. Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it. 

Heart of London Business Alliance Limited is the Data Controller for the purposes of the UK General Data Protection Regulation (“UK GDPR”), the Data Protection Act 2018, and the Privacy and Electronic Communications Regulations 2003 (as amended). The Heart of London Business Alliance Limited can be contacted at 80–81 St Martin’s Lane, London WC2N 4AA. 

Our Data Promise was last updated on 29th September 2025. 

1. What type of information and data do we collect about you? 

We may collect and process the following data about your business: 

1.1 Information you give us. You may provide us with personal information (for example, contact details of staff members) relating to individuals employed by, representing or engaged by your business (“relevant individuals”), via completing forms on our website or by corresponding with us by phone, e-mail or otherwise. You may also provide us with information relating to relevant individuals when you search for a service, order a service or product on our website, contact us via the website, or report a problem. 
The information you give us may include names, job titles, email addresses, and phone numbers. You confirm that, by providing us with personal information relating to relevant individuals, you have complied with all applicable data protection obligations. Please notify us if you become aware of a data breach affecting such information. 

1.2 Information we collect about you. Each time you visit our website, we may automatically collect the following information: 

technical information, including the IP address used to connect your computer to the internet, browser type and version, time zone setting, operating system and platform; 

information about your visit, including the full URL clickstream, products you viewed or searched for, page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), and methods used to browse away from the page. 

2. How do we use your information? 

We use the information held about you in the following ways, relying on lawful bases such as contract, legitimate interest, and, where required, consent

  • to fulfil our obligations arising from contracts entered into with your business; 
  • to provide you with information, products and services you request from us; 
  • to provide you with information about other services we offer that may be of interest to you; 
  • to notify you about changes to our services; 
  • to administer and improve our website and applications; 
  • to keep our website safe and secure; 
  • to measure or understand the effectiveness of communications and marketing, and to deliver relevant information to you. 

We may combine information you provide with information we collect about you for these purposes.  

3. When we may disclose information to others 

We may share your personal information with: 

  • members of our group (subsidiaries, our ultimate holding company and its subsidiaries); 
  • trusted third-party service providers who support our operations; 
  • prospective buyers or sellers in the event of a business transfer; 
  • regulatory authorities or law enforcement, where required by law. 

4. International data transfers 

Some information may be stored or processed outside the UK. We make sure it is protected in line with UK data protection law. 

5. Security of your information 

We take appropriate technical and organisational measures to protect personal data. However, please note that the transmission of information via the internet is not completely secure. Once we receive your information, we apply strict procedures to prevent unauthorised access. 

6. Retention of information 

We will not keep personal data for longer than necessary for the purposes described in this policy. Retention periods vary depending on the type of data and the reason it is held, but we apply clear internal criteria to determine this. 

7. Rights of individuals 

Under the UK GDPR, relevant individuals have the following rights: 

  • to request access to their personal data; 
  • to request correction or deletion of their data; 
  • to object to or restrict processing; 
  • to request data portability; 
  • to withdraw consent where consent is the lawful basis; 
  • to lodge a complaint with the Information Commissioner’s Office (ICO) if they believe their rights are not being upheld. 

Individuals can exercise their rights by contacting us via the details available on our website. 

8. Links to other websites 

Our website may contain links to and from partners, members and affiliates. Please note that these websites have their own privacy policies, and we do not accept responsibility or liability for them. 

9. Access to information 

You have the right to request access to the personal information we hold about you. Requests can be made using the contact details provided on our website. 

10. Changes to our Data Promise 

We may update this policy from time to time. Any changes will be posted on this page and, where appropriate, communicated to you directly. 

11. Contact 

Questions, comments and requests regarding this policy are welcome and should be directed to us via the contact details available on our website.