Privacy Policy

B2B Growth Consulting ("we", "us", or "our") is a management consulting firm specialising in AI-driven commercial transformation for B2B companies and private equity firms. We are committed to protecting the privacy and security of your personal data.

For the purposes of UK data protection law, B2B Growth Consulting is the data controller responsible for your personal data.

We may collect and process the following categories of personal data about you:

Category	Examples	Source
Identity Data	First name, last name, job title, company name	Directly from you
Contact Data	Email address, telephone number, business address	Directly from you
Communication Data	Emails, messages, enquiry content, meeting notes	Directly from you
Usage Data	Website pages visited, time on site, referral source	Automated (cookies)
Technical Data	IP address, browser type, device type	Automated (cookies)
Marketing Data	Communication preferences, engagement with content	Directly from you or inferred
Professional Data	LinkedIn profile information, published professional content	Publicly available sources

We do not knowingly collect any special category personal data (such as data about health, religion, or ethnicity) or data relating to criminal convictions through our website or standard business interactions.

We use your personal data for the following purposes:

• To respond to enquiries and communicate with you about our services
• To deliver consulting engagements and fulfil our contractual obligations
• To send relevant thought leadership, insights, and updates where you have consented or where we have a legitimate interest
• To manage and improve our website and digital presence
• To comply with our legal and regulatory obligations
• To protect the security and integrity of our business and systems
• To maintain records and administer our business relationships

We will only use your personal data for the purposes for which it was collected, unless we reasonably consider that we need to use it for another reason compatible with the original purpose.

Under UK GDPR, we rely on the following legal bases to process your personal data:

• Contract: Processing is necessary to perform a contract with you, or to take steps at your request before entering into a contract.
• Legitimate Interests: Processing is necessary for our legitimate business interests — such as managing client relationships, developing our services, and marketing our expertise — where these are not overridden by your rights and interests.
• Consent: Where you have given clear consent for us to process your data for a specific purpose, such as receiving marketing communications.
• Legal Obligation: Processing is necessary to comply with a legal obligation to which we are subject.

We do not sell, rent, or trade your personal data. We may share your data in the following limited circumstances:

• Service providers: Trusted third-party providers who support our operations (e.g. email platforms, website hosting, analytics tools). These parties process data only on our instructions and are bound by confidentiality obligations.
• Professional advisers: Lawyers, accountants, auditors, and insurers where reasonably necessary for our business operations.
• Legal requirements: Where we are required to disclose information by law, court order, or regulatory authority.
• Business transfers: In the event of a merger, acquisition, or sale of business assets, personal data may be transferred as part of that transaction.

We require all third parties to respect the security of your data and to treat it in accordance with applicable law.

We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, including any legal, accounting, or reporting requirements.

• Client and engagement records: retained for 7 years following the end of the engagement in line with standard accounting and legal obligations.
• Marketing and contact data: retained until you withdraw consent or request deletion, subject to a maximum of 3 years from last meaningful contact.
• Website usage and analytics data: retained for up to 26 months in line with standard analytics practices.

At the end of the applicable retention period, data is securely deleted or anonymised.

Under UK GDPR, you have the following rights in relation to your personal data:

• Right of access: You may request a copy of the personal data we hold about you.
• Right to rectification: You may ask us to correct inaccurate or incomplete data.
• Right to erasure: You may ask us to delete your personal data in certain circumstances.
• Right to restrict processing: You may ask us to suspend processing of your data in certain scenarios.
• Right to data portability: You may request that we transfer your data to you or a third party in a structured, machine-readable format.
• Right to object: You may object to processing based on legitimate interests or for direct marketing purposes.
• Rights related to automated decision-making: You have rights in relation to automated decisions that significantly affect you.

Our website uses cookies and similar tracking technologies to improve your browsing experience and analyse how visitors use our site. Cookies are small text files placed on your device.

We use the following types of cookies:

• Essential cookies: Necessary for the website to function. These cannot be disabled.
• Analytics cookies: Help us understand how visitors interact with our site (e.g. Google Analytics). These are only set with your consent.
• Preference cookies: Remember your settings and choices to improve your experience.

You can manage or disable non-essential cookies via your browser settings or our cookie consent tool. Note that disabling certain cookies may affect website functionality.

We have implemented appropriate technical and organisational security measures to protect your personal data against accidental loss, unauthorised access, use, alteration, or disclosure. These include encrypted communications, access controls, and regular security reviews.

While we take all reasonable steps to protect your data, no transmission of information over the internet is completely secure. We cannot guarantee the absolute security of data transmitted to or from our website.

In the event of a data breach that is likely to result in a risk to your rights and freedoms, we will notify you and the ICO in accordance with our legal obligations.

Your personal data is primarily processed within the United Kingdom and European Economic Area (EEA). Where we use service providers located outside these areas, we ensure appropriate safeguards are in place, such as:

• UK adequacy regulations or decisions
• Standard contractual clauses approved by the ICO or European Commission
• Other legally recognised transfer mechanisms

If you would like further information about how we safeguard international transfers of your data, please contact us.

We review this Privacy Policy periodically and may update it from time to time to reflect changes in our practices, technology, legal requirements, or other factors. The "Last Updated" date at the top of this page will always reflect the most recent revision.

Where changes are material, we will take reasonable steps to notify you — for example by email or by posting a prominent notice on our website. We encourage you to review this policy periodically to stay informed about how we protect your information.

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please don't hesitate to get in touch.