B2B Growth Consulting ("we", "us", or "our") is a management consulting firm specialising in AI-driven commercial transformation for B2B companies and private equity firms. We are committed to protecting the privacy and security of your personal data.
For the purposes of UK data protection law, B2B Growth Consulting is the data controller responsible for your personal data.
Registered address: B2B Growth Consulting, United Kingdom.
ICO Registration Number: [Your ICO Registration Number — ZC112808
For all data protection enquiries, please contact: info@b2bgrowthconsulting.com
We may collect and process the following categories of personal data about you:
| Category | Examples | Source |
|---|---|---|
| Identity Data | First name, last name, job title, company name | Directly from you |
| Contact Data | Email address, telephone number, business address | Directly from you |
| Communication Data | Emails, messages, enquiry content, meeting notes | Directly from you |
| Usage Data | Website pages visited, time on site, referral source | Automated (cookies) |
| Technical Data | IP address, browser type, device type | Automated (cookies) |
| Marketing Data | Communication preferences, engagement with content | Directly from you or inferred |
| Professional Data | LinkedIn profile information, published professional content | Publicly available sources |
We do not knowingly collect any special category personal data (such as data about health, religion, or ethnicity) or data relating to criminal convictions through our website or standard business interactions.
We use your personal data for the following purposes:
- To respond to enquiries and communicate with you about our services
- To deliver consulting engagements and fulfil our contractual obligations
- To send relevant thought leadership, insights, and updates where you have consented or where we have a legitimate interest
- To manage and improve our website and digital presence
- To comply with our legal and regulatory obligations
- To protect the security and integrity of our business and systems
- To maintain records and administer our business relationships
We will only use your personal data for the purposes for which it was collected, unless we reasonably consider that we need to use it for another reason compatible with the original purpose.
Under UK GDPR, we rely on the following legal bases to process your personal data:
| Contract | Processing is necessary to perform a contract with you, or to take steps at your request before entering into a contract. |
| Legitimate Interests | Processing is necessary for our legitimate business interests — such as managing client relationships, developing our services, and marketing our expertise — where these are not overridden by your rights and interests. |
| Consent | Where you have given clear consent for us to process your data for a specific purpose, such as receiving marketing communications. |
| Legal Obligation | Processing is necessary to comply with a legal obligation to which we are subject. |
We do not sell, rent, or trade your personal data. We may share your data in the following limited circumstances:
| Service Providers | Trusted third-party providers who support our operations (e.g. email platforms, website hosting, analytics tools). These parties process data only on our instructions and are bound by confidentiality obligations. |
| Professional Advisers | Lawyers, accountants, auditors, and insurers where reasonably necessary for our business operations. |
| Legal Requirements | Where we are required to disclose information by law, court order, or regulatory authority. |
| Business Transfers | In the event of a merger, acquisition, or sale of business assets, personal data may be transferred as part of that transaction. |
We require all third parties to respect the security of your data and to treat it in accordance with applicable law.
We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, including any legal, accounting, or reporting requirements.
| Data Type | Retention Period | Basis |
|---|---|---|
| Client and engagement records | 7 years | Standard accounting and legal obligations |
| Marketing and contact data | Up to 3 years from last meaningful contact | Until consent is withdrawn or deletion is requested |
| Website usage and analytics data | Up to 26 months | Standard analytics practices |
At the end of the applicable retention period, data is securely deleted or anonymised.
Under UK GDPR, you have the following rights in relation to your personal data:
| Right of Access | You may request a copy of the personal data we hold about you. |
| Right to Rectification | You may ask us to correct inaccurate or incomplete data. |
| Right to Erasure | You may ask us to delete your personal data in certain circumstances. |
| Right to Restrict | You may ask us to suspend processing of your data in certain scenarios. |
| Right to Portability | You may request that we transfer your data to you or a third party in a structured, machine-readable format. |
| Right to Object | You may object to processing based on legitimate interests or for direct marketing purposes. |
| Automated Decisions | You have rights in relation to automated decisions that significantly affect you. |
To exercise any of these rights, please contact us at info@b2bgrowthconsulting.com. We will respond to all legitimate requests within one month. You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.
Our website uses cookies and similar tracking technologies to improve your browsing experience and analyse how visitors use our site. Cookies are small text files placed on your device.
We use the following types of cookies:
| Essential | Necessary for the website to function. These cannot be disabled. |
| Analytics | Help us understand how visitors interact with our site (e.g. Google Analytics). These are only set with your consent. |
| Preference | Remember your settings and choices to improve your experience. |
You can manage or disable non-essential cookies via your browser settings or our cookie consent tool. Note that disabling certain cookies may affect website functionality.
We have implemented appropriate technical and organisational security measures to protect your personal data against accidental loss, unauthorised access, use, alteration, or disclosure. These measures include, but are not limited to:
| Full Disk Encryption | All primary hardware used to process client data is protected by AES-256 full disk encryption (BitLocker on Windows / FileVault on macOS). This ensures that in the event of physical theft, data remains inaccessible without the recovery key. |
| Identity & Access (MFA) | Multi-Factor Authentication (MFA) is strictly enforced for all administrative and user access to email (Google Workspace/M365) and cloud storage, providing a robust secondary layer of defence against credential theft. |
| OS Hardening & Patching | All devices use automated patch management configured for Automatic Updates, ensuring critical security patches are applied within 48 hours of a vendor's release. |
| Endpoint Protection | Active threat protection and firewall management are enabled on all devices to monitor for, alert on, and block malware or unauthorised network intrusions. |
| Data Minimisation & Segregation | Client data is stored in logically segregated cloud environments using a "Least Privilege" access model, ensuring data is only accessed when strictly required for project delivery. |
| Encrypted Communications | All data in transit is protected using industry-standard encryption protocols (TLS/HTTPS). |
| Secure Disposal | Personal data is securely deleted using industry-standard wiping software when no longer required. Any physical hardware reaching end-of-life is professionally destroyed to prevent forensic data recovery. |
While we take all reasonable steps to protect your data, no transmission of information over the internet is completely secure. We cannot guarantee the absolute security of data transmitted to or from our website.
In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the ICO within 72 hours of becoming aware, in accordance with our legal obligations under UK GDPR. Where a breach involves the personal data of a specific client or their contacts, we will also notify the affected client within 24–72 hours of becoming aware, providing full details of the nature of the breach, the data affected, and the remedial steps taken. We maintain a documented Internal Incident Response Plan to ensure these timelines are met.
Your personal data is primarily processed within the United Kingdom and European Economic Area (EEA). Where we use service providers located outside these areas, we ensure appropriate safeguards are in place, such as:
| Adequacy Decisions | UK adequacy regulations or decisions recognising that a third country provides an equivalent level of data protection. |
| Standard Clauses | Standard contractual clauses approved by the ICO or European Commission. |
| Other Mechanisms | Other legally recognised transfer mechanisms as permitted under UK GDPR. |
If you would like further information about how we safeguard international transfers of your data, please contact us.
We review this Privacy Policy periodically and may update it from time to time to reflect changes in our practices, technology, legal requirements, or other factors. The "Last Updated" date at the top of this page will always reflect the most recent revision.
Where changes are material, we will take reasonable steps to notify you — for example by email or by posting a prominent notice on our website. We encourage you to review this policy periodically to stay informed about how we protect your information.
If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please don't hesitate to get in touch.
Data Protection Enquiries
B2B Growth Consulting
United Kingdom
Data Protection Lead
Email: info@b2bgrowthconsulting.com
You also have the right to make a complaint to the Information Commissioner's Office (ICO):
ico.org.uk · Helpline: 0303 123 1113