BASED UPON
Privacy Policy

This privacy notice tells you what to expect us to do with your personal information. 

Who is managing your data? 

Based Upon Limited a company registered in England (Company Number 5425139). 

Based Upon's registered office is at 218b Swan Road, London, SE18 5TT. 

For all communication regarding this privacy notice please contact us in writing at the following address: 

4-8 Swan Road, London, SE18 5TT 

Alternatively, please email us: 

tom@basedupon.com 

Standard terms used in this privacy notice 

In this privacy notice, we use the following standard terms: 

“personal data” any information collected about an identifiable living individual 

“process” personal data is processed when we do anything with it, which includes: collecting, recording, organising, storing, adapting, altering, retrieving, using, viewing, combining, disclosing, or deleting it. 

“we”, “us”, and “our” refers to Based Upon Ltd 

“you” and “your” refers to clients, individuals related to our clients, prospects, suppliers or other contacts 

What information we collect, use and why 

We collect the minimum data required to run the business.  We collect data directly from individuals and do not purchase, rent or buy from data brokers. 

Data collected by us is used for the following purposes: 

  • to provide goods and services 

  • to manage customer accounts and guarantees 

  • for service updates and marketing 

  • for recruitment 

  • to manage enquiries and our customer relationships 

  • to meet our legal obligations 

We collect the following data types: 

  • names, addresses and contact data 

  • financial information to make and receive payments 

  • records of meetings and communications 

  • customer or client account and transaction records 

  • analytics to track website usage and optimise user experience 

Lawful bases and data protection rights 

Lawful basis 

UK data protection law requires us to have a lawful basis for processing all personal data collected.  At Based Upon we process data with the following legal basis: 

  • contract – to comply with agreed contractual terms 

  • legal obligation – to comply statutory requirements 

  • consent – to undertake marketing activities 

  • legitimate interests – to keep in touch with current customers 

Individual rights 

UK data protection law provides individuals with rights regarding their personal data which are outlined below: 

  • right of access – individuals have the right to request copies of their data with an explanation of what data is collected, where and how it was collected, who it is shared with and how long the data is retained 

  • right of rectification – individuals have the right to ask for errors or incomplete records to be put right 

  • right to data deletion – individuals may request to have their data deleted from our systems 

  •  right to restrict processing – individuals may ask us to stop processing data where accuracy is in doubt, processing is unlawful or in the event of legal action 

  • right to object to processing – individuals may object to us processing their data for legitimate interests and ask us to cease processing 

  • right to data portability – individuals can ask us to transfer their personal data to another organisation 

  • right to withdraw consent – individuals have the right to remove consent to our data processing at any point 

To exercise any of these rights please contact us at the contact details above.  Based Upon have 1 calendar month to respond to your request except in complex situations where we may extend this. 

In some circumstances we may not be able to comply fully with your request where an exemption is in place or where processing takes place to meet a legal obligation. 

Who do we share your data with 

Based Upon share personal data with the following data processors.  Details of their security and privacy management is detailed in their privacy policies. 

  • Shop Pay – processing online payments https://www.shopify.com/uk/legal/privacy  

  • Google - https://policies.google.com/privacy?hl=en-GB 

 

We also share, when appropriate, personal data with: 

  • professional and legal advisors 

  • relevant legal authorities 

  • professional consultants 

  • organisations where we have a legal obligation to provide data 

  • suppliers and service providers 

We have a stringent selection process for software and systems to ensure that we use products with high security standards and meet UK data protection legislation. 

Our suppliers and service providers are contracted with confidentiality and NDA clauses in place.  We carefully select our suppliers and service providers following a defined process to assess their security and privacy standards. 

We do not share, sell or exchange data with organisations external to Based Upon. 

Sharing information outside the UK 

Where necessary, we may transfer personal information outside of the UK because of selecting mainstream software with global hosting. When doing so, we comply with the UK data protection regulations, making sure appropriate safeguards are in place. 

Digital Advertising, Tracking Technologies and Your Rights 

Based Upon uses targeted advertising technologies to show you relevant adverts based on your browsing behaviour and interests. This helps us reach you with information about our products that may interest you. 

How we use your data for advertising: 

We share certain data with advertising platforms like Google Ads, Facebook/Meta Ads, and LinkedIn Advertising 

This data may include your IP address, device information, pages visited, and actions taken on our website 

We use this information to create "audiences" for our advertising campaigns 

We may show you Based Upon adverts when you visit other websites or use social media platforms 

 

Advertising platforms we work with: 

  • Google Ads and Google Display Network 

  • Facebook/Meta Ads 

  • Instagram Ads 

  • LinkedIn Advertising 

  • Pinterest Advertising 

Tracking Technologies We Use: 

We employ various tracking technologies to deliver personalised advertising: 

Cookies: Small text files stored on your device that remember your preferences and track interactions 

  • First-party cookies: Set by our website 

  • Third-party cookies: Set by our advertising partners 

Pixels and Tags: Invisible tracking elements on our website and in marketing emails that monitor page visits, email opens, and actions taken 

Device Fingerprinting: Information about your device that creates a "fingerprint" to identify your device across websites 

Cross-Device Tracking: Technology that recognises you across different devices for a seamless advertising experience 

Full details of cookies we use can be found in our cookie policy <add link here> 

Retargeting/Remarketing: Shows you Based Upon adverts on other websites after you've visited our site 

These tracking technologies typically remain active for up to 24 months unless you clear them or opt out. 

Legal Basis for Marketing Activities 

Under UK data protection law, we rely on the following legal grounds for our marketing activities: 

 

Consent: For most electronic communications where you've explicitly agreed to receive marketing 

Legitimate Interest: For existing customer communications, postal marketing, and some digital advertising where we've balanced our interests against your privacy rights 

Contractual Necessity: To communicate about products you've purchased, warranties, or care instructions 

Soft Opt-in: For existing customers, we may send marketing about similar products, always with an opt-out option 

Controlling Your Marketing Preferences 

You have several options to control how your data is used: 

Browser settings: Adjust your browser to block cookies (see your browser's help section) 

Advertising platform opt-outs: 

  • Google: https://adssettings.google.com 

  • Facebook/Meta: Ad Preferences in your account settings 

  • LinkedIn: Privacy Controls in your account settings 

Industry-wide tools: 

  •  Your Online Choices: https://www.youronlinechoices.com/uk/your-ad-choices 

  •  Digital Advertising Alliance: https://optout.aboutads.info 

Alternatively, please email tom@basedupon.com with "Advertising Opt-Out" in the subject line 

If you opt out, you may still see Based Upon advertisements, but they will not be personalised. Please note it may take up to 30 days for all platforms to process your request. 

We respect your privacy choices and regularly review our practices to ensure we're respecting your rights while delivering relevant communications. 

Data management and retention 

UK data protection regulations require us to actively manage data ensure it is retained for the minimum period possible. 

Our legal obligations require us to retain financial data for 7 years for audit purposes.  

Our contracts include a statute of limitation which requires us to retain data relating to product sales for 12 years 

Customer data is retained for the life of the business relationship and subject to the retention periods above. 

We often have relationships with prospective clients for some years via our marketing channels and email marketing systems.  Options to unsubscribe from communications are always provided. 

How to complain 

If you have any concerns about our use of your personal data, you can make a complaint to us using the contact details at the top of this privacy notice. 

If you remain unhappy with how we’ve used your data after raising a complaint with us, you can also complain to the ICO. 

The ICO’s address:            

Information Commissioner’s Office 
Wycliffe House 
Water Lane 
Wilmslow 
Cheshire 
SK9 5AF 

Helpline number: 0303 123 1113 

Website: https://www.ico.org.uk/make-a-complaint 

Updates 

This privacy notice is regularly reviewed and may be revised at any point.  Please check this notice to ensure you understand the current position. 

This notice was last updated in April 2025.