Privacy & Cookie Notice
- UK General Data Protection Regulation (UK GDPR)
- Data Protection Act 2018
- Privacy and Electronic Communications (EC Directive) Regulations (PECR)
(together, “applicable data protection legislation”)
2. Who we are (Data Controller)
Data Controller: ebblo UK Limited
Registered office: Brook Suite, Ground Floor Bewley House, Marshfield Road, Chippenham, England, SN15 1JW
Company number: 06960657
ICO registration number: ZB406220
Data privacy contact:
[email protected]
Our website is hosted by a third-party acting as a data processor on our behalf.
3. Scope – B2B Data Processing
This website is intended for business users.
We do not knowingly collect personal data from children, and this website is not intended for consumer or domestic use.
3. What is Personal Data?
Personal data means any information relating to an identified or identifiable individual, including business contact details such as names, work email addresses and job titles.
Information that has been anonymised, and individuals can no longer be identified, is not personal data.
4. Personal Data We May Collect
Business Contact Information – “Get in touch” or “Contact form”
- First and Last Name
- Company name
- Business email address
- Business telephone number
- Enquiry content provided in the ‘Message’ text box
Careers – Applying for a Vacancy
By clicking “careers” or “your journey begins here” to apply for a vacancy on our website:
We will collect the details within your Resume, should you choose to autofill and apply, or click LinkedIn to apply and provide us with your chosen LinkedIn information to support your application.
Should you click our link “create a Trapeze jobsite account” and apply manually, processing of your personal data is detailed in the Recruitment Privacy Statement which you will be asked to read and tick a box to agree to.
Website Usage Data
When you visit our website, we process limited technical information as part of standard server operations to ensure the security and availability of the site.
We do not currently use cookies or similar technologies for analytics or marketing. See further information in the “Cookies and similar technologies” section below.
5. How we use personal data and our lawful bases
| Purpose | Personal data | Lawful basis |
|---|---|---|
| Responding to business enquiries | Business contact details, messages | Legitimate interests (UK GDPR)* |
| Providing product or service information | Business contact details | Legitimate interests (UK GDPR) |
| Managing business to business relationships | Contractual data and contact | Contract, where a contract exists or is being performed. Legitimate interests (UK GDPR) |
| B2B marketing communications | Business email, preferences | Legitimate interests (UK GDPR) Marketing conditions, soft opt-in, where applicable (PECR)** |
| Events and webinars | Business contact details | Legitimate interests (UK GDPR) |
| Legal and regulatory compliance obligations | Personal data to satisfy the purpose, including responding to regulatory or law enforcement requests and managing legal claims. | Legal obligation |
*UK General Data Protection Regulation
**Privacy and Electronic Communications (EC Directive) Regulations 2003
Where consent is required (e.g. cookies), it can be withdrawn at any time.
You may withdraw consent by using the relevant website controls or contacting us.
6. B2B Marketing Communications
We may send B2B marketing communications about our products, services, events, or insights where:
- the communication relates to your professional role; and
- you have been given a clear opportunity to opt out; or
- you have explicitly opted in.
Where you contact us using our website, we may use your business contact details to send you relevant follow-up information about our products and services that relate to your website enquiry. This may be sent by email or phone in line with Privacy and Electronic Communications (EC Directive) Regulations (PECR).
We may contact you by email or telephone for B2B marketing purposes where permitted by law. We will not make marketing calls to numbers registered with the Telephone Preference Services (TPS) or Corporate TPS, unless we have your consent. We screen marketing calls against TPS and Corporate TPS registers as required by law.
Marketing communications are sent by email or phone in line with PECR.
You can opt out of these communications at any time by using the “contact us” details in section 14 below.
We do not sell personal data or share it with third parties for their own marketing purposes.
7. Who We Share Personal Data With
We may share personal data with trusted third-party service providers acting as data processors, including:
- Website and cloud hosting providers
- CRM and marketing platforms
- Event and webinar platforms
- IT, security, and support providers
All processors act under written agreements and are required to apply appropriate confidentiality and security controls.
We may also disclose data where required by law or regulatory authorities.
8. International Data Transfers
Some service providers, including our Workday career website, may process personal data outside the UK. Where this occurs, we ensure appropriate safeguards are in place, including:
- UK International Data Transfer Agreements (IDTA)
- UK Addendum to EU Standard Contractual Clauses
- Adequacy regulations, where applicable
9. Data Retention
We retain personal data only for as long as necessary for legitimate business purposes and legal obligations. Retention periods may be extended where necessary to establish, exercise or defend legal claims.
Typical retention periods include:
- Business enquiries and sales leads: up to 24 months.
- Marketing data: until you opt out.
- Event and webinar data: up to 24 months.
- Customer and supplier records: in line with contractual and statutory requirements.
10. Cookies and Similar Technologies (PECR)
We use cookies and similar technologies on our website to ensure it functions, and to support marketing activities. You can accept or reject non-essential cookies when you first visit our website via our cookie banner. You can change your preferences at any time by clearing cookies in your browser.
We use essential cookies to ensure the website functions correctly and securely. These cookies are set based on our legitimate interest in operating this website. Consent is not required for these cookies.
11. Third-Party Websites
Our website may include links to third-party websites. We are not responsible for their privacy practices and recommend reviewing their privacy notices.
12. Information Security and ISO 27001
ebblo UK Limited operates an Information Security Management System aligned with recognised best practice. We are certified to ISO/IEC 27001 and apply appropriate technical and organisational security measures, including:
- access controls and authentication
- encryption where appropriate
- monitoring and incident management
- staff training and security awareness
These measures are designed to protect personal data in accordance with UK GDPR Article 32. However, no method of transmission over the internet or electronic storage is completely secure.
13. Your Data Protection Rights
Under UK GDPR, you have the right to:
- access your personal data
- request rectification
- request erasure
- restrict processing
- object to processing
- data portability (where applicable)
- withdraw consent at any time
- lodge a complaint with the Information Commissioner’s Office
There is no fee for exercising your rights.
14. How to Contact Us
If you have any questions about this notice or how we handle personal data, please contact:
Email:
[email protected]
Post: The Data Protection Officer, ebblo UK Limited, Brook Suite, Ground Floor Bewley House, Marshfield Road, Chippenham, England, SN15 1JW.