In this privacy notice, we use the following standard terms:
“personal data” any information collected about an identifiable living individual
“process” personal data is processed when we do anything with it, which includes: collecting, recording, organising, storing, adapting, altering, retrieving, using, viewing, combining, disclosing, or deleting it.
“we”, “us”, and “our” refers to Based Upon Ltd
“you” and “your” refers to clients, individuals related to our clients, prospects, suppliers or other contacts
What information we collect, use and why
We collect the minimum data required to run the business. We collect data directly from individuals and do not purchase, rent or buy from data brokers.
Data collected by us is used for the following purposes:
to provide goods and services
to manage customer accounts and guarantees
for service updates and marketing
for recruitment
to manage enquiries and our customer relationships
to meet our legal obligations
We collect the following data types:
names, addresses and contact data
financial information to make and receive payments
records of meetings and communications
customer or client account and transaction records
analytics to track website usage and optimise user experience
Lawful bases and data protection rights
Lawful basis
UK data protection law requires us to have a lawful basis for processing all personal data collected. At Based Upon we process data with the following legal basis:
contract – to comply with agreed contractual terms
legal obligation – to comply statutory requirements
consent – to undertake marketing activities
legitimate interests – to keep in touch with current customers
Individual rights
UK data protection law provides individuals with rights regarding their personal data which are outlined below:
right of access – individuals have the right to request copies of their data with an explanation of what data is collected, where and how it was collected, who it is shared with and how long the data is retained
right of rectification – individuals have the right to ask for errors or incomplete records to be put right
right to data deletion – individuals may request to have their data deleted from our systems
right to restrict processing – individuals may ask us to stop processing data where accuracy is in doubt, processing is unlawful or in the event of legal action
right to object to processing – individuals may object to us processing their data for legitimate interests and ask us to cease processing
right to data portability – individuals can ask us to transfer their personal data to another organisation
right to withdraw consent – individuals have the right to remove consent to our data processing at any point
To exercise any of these rights please contact us at the contact details above. Based Upon have 1 calendar month to respond to your request except in complex situations where we may extend this.
In some circumstances we may not be able to comply fully with your request where an exemption is in place or where processing takes place to meet a legal obligation.
Who do we share your data with
Based Upon share personal data with the following data processors. Details of their security and privacy management is detailed in their privacy policies.
Google - https://policies.google.com/privacy?hl=en-GB
We also share, when appropriate, personal data with:
professional and legal advisors
relevant legal authorities
professional consultants
organisations where we have a legal obligation to provide data
suppliers and service providers
We have a stringent selection process for software and systems to ensure that we use products with high security standards and meet UK data protection legislation.
Our suppliers and service providers are contracted with confidentiality and NDA clauses in place. We carefully select our suppliers and service providers following a defined process to assess their security and privacy standards.
We do not share, sell or exchange data with organisations external to Based Upon.
Sharing information outside the UK
Where necessary, we may transfer personal information outside of the UK because of selecting mainstream software with global hosting. When doing so, we comply with the UK data protection regulations, making sure appropriate safeguards are in place.
Digital Advertising, Tracking Technologies and Your Rights
Based Upon uses targeted advertising technologies to show you relevant adverts based on your browsing behaviour and interests. This helps us reach you with information about our products that may interest you.
How we use your data for advertising:
We share certain data with advertising platforms like Google Ads, Facebook/Meta Ads, and LinkedIn Advertising
This data may include your IP address, device information, pages visited, and actions taken on our website
We use this information to create "audiences" for our advertising campaigns
We may show you Based Upon adverts when you visit other websites or use social media platforms
Advertising platforms we work with:
Google Ads and Google Display Network
Facebook/Meta Ads
Instagram Ads
LinkedIn Advertising
Pinterest Advertising
Tracking Technologies We Use:
We employ various tracking technologies to deliver personalised advertising:
Cookies: Small text files stored on your device that remember your preferences and track interactions
First-party cookies: Set by our website
Third-party cookies: Set by our advertising partners
Pixels and Tags: Invisible tracking elements on our website and in marketing emails that monitor page visits, email opens, and actions taken
Device Fingerprinting: Information about your device that creates a "fingerprint" to identify your device across websites
Cross-Device Tracking: Technology that recognises you across different devices for a seamless advertising experience
Full details of cookies we use can be found in our cookie policy <add link here>
Retargeting/Remarketing: Shows you Based Upon adverts on other websites after you've visited our site
These tracking technologies typically remain active for up to 24 months unless you clear them or opt out.
Legal Basis for Marketing Activities
Under UK data protection law, we rely on the following legal grounds for our marketing activities:
Consent: For most electronic communications where you've explicitly agreed to receive marketing
Legitimate Interest: For existing customer communications, postal marketing, and some digital advertising where we've balanced our interests against your privacy rights
Contractual Necessity: To communicate about products you've purchased, warranties, or care instructions
Soft Opt-in: For existing customers, we may send marketing about similar products, always with an opt-out option
Controlling Your Marketing Preferences
You have several options to control how your data is used:
Browser settings: Adjust your browser to block cookies (see your browser's help section)
Advertising platform opt-outs:
Google: https://adssettings.google.com
Facebook/Meta: Ad Preferences in your account settings
LinkedIn: Privacy Controls in your account settings
Industry-wide tools:
Your Online Choices: https://www.youronlinechoices.com/uk/your-ad-choices
Digital Advertising Alliance: https://optout.aboutads.info
Alternatively, please email tom@basedupon.com with "Advertising Opt-Out" in the subject line
If you opt out, you may still see Based Upon advertisements, but they will not be personalised. Please note it may take up to 30 days for all platforms to process your request.
We respect your privacy choices and regularly review our practices to ensure we're respecting your rights while delivering relevant communications.
Data management and retention
UK data protection regulations require us to actively manage data ensure it is retained for the minimum period possible.
Our legal obligations require us to retain financial data for 7 years for audit purposes.
Our contracts include a statute of limitation which requires us to retain data relating to product sales for 12 years
Customer data is retained for the life of the business relationship and subject to the retention periods above.
We often have relationships with prospective clients for some years via our marketing channels and email marketing systems. Options to unsubscribe from communications are always provided.
How to complain
If you have any concerns about our use of your personal data, you can make a complaint to us using the contact details at the top of this privacy notice.
If you remain unhappy with how we’ve used your data after raising a complaint with us, you can also complain to the ICO.
The ICO’s address:
Information Commissioner’s Office Wycliffe House Water Lane Wilmslow Cheshire SK9 5AF