Skip to main content
BespokeCRMs

Legal

Privacy Policy

This policy explains what personal data we collect, how we use it, and the rights you have under UK data protection law.

Last updated: 13 April 2026

1. Introduction

BespokeCRMs (“we”, “us”, “our”) is committed to protecting the privacy of everyone who visits our website, contacts us, or engages our services. This policy sets out how we collect, use, store, and share personal data in accordance with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and the Privacy and Electronic Communications Regulations (PECR).

By using our website or providing us with personal data, you confirm that you have read and understood this policy.

2. Who we are

BespokeCRMs is the data controller responsible for your personal data. We are a company registered in England and Wales.

  • Company name: BespokeCRMs
  • Company number: 12552942
  • Registered address: 18 St Cross Street, London EC1N 8UN, United Kingdom

For any questions about this policy or how we handle your personal data, please get in touch via our contact page.

3. Personal data we collect

Depending on how you interact with us, we may collect the following categories of personal data:

Information you provide to us

  • Contact details such as your name, email address, telephone number, job title, and the organisation you represent, when you submit an enquiry, request a demo, or engage our services.
  • Correspondence content, including any information you share with us by email, contact forms, or during discovery calls and project meetings.
  • Account details if you or your team use any client-facing areas of our platforms.

Information collected automatically

  • Technical data, including IP address, device type, browser type and version, operating system, time zone, and referring URLs.
  • Usage data describing how you interact with our website, such as pages viewed, time spent on each page, links clicked, scroll depth, and the sequence of actions taken during your visit.
  • Approximate location information derived from your IP address (typically country or region level only).

We do not knowingly collect any special category personal data (such as health, ethnicity, or political opinions) through our website. If you voluntarily disclose such information to us, we will only process it where we have a valid lawful basis to do so.

4. How we use your personal data

We process personal data only where we have a lawful basis under UK GDPR. The bases we rely on are:

  • Legitimate interests: to respond to your enquiries, operate and improve our website, understand how visitors use our content, diagnose technical issues, and protect our systems from fraud or abuse.
  • Performance of a contract: to deliver the services you or your organisation have engaged us to provide, including project management, client communications, and support.
  • Consent: to place non-essential cookies and similar technologies on your device, and to send you marketing communications where required by law. You can withdraw your consent at any time.
  • Legal obligation: to comply with accounting, tax, regulatory, and record-keeping requirements.

5. Cookies and similar technologies

Our website uses cookies and similar technologies (such as local storage and pixel tags) to make our site work, remember your preferences, and understand how it is used. A cookie is a small text file stored on your device when you visit a website.

We use the following categories:

  • Strictly necessary: required for core functionality such as security, network management, and accessibility. These are always on.
  • Analytics and performance: help us understand how visitors interact with the site so we can improve content, usability, and performance. These are only loaded with your consent.
  • Functional: remember choices you make (such as language or region) to provide a more personalised experience. These are only loaded with your consent.

You can manage your cookie preferences at any time through our cookie settings, and you can also control cookies through your browser. Blocking certain cookies may affect how the site functions.

6. Analytics and product experience tools

To improve our website and understand how visitors engage with our content, we use third-party analytics and product experience tools. These services help us:

  • Measure aggregate traffic, including the number of visitors, popular pages, referral sources, and device types.
  • Understand how users navigate our pages, including clicks, scrolling, and time spent on each section, so we can identify usability issues and improve our content.
  • Generate anonymised heatmaps and session replays that show how visitors interact with our pages. Session replays capture on-page actions such as mouse movement, clicks, and scrolling. They do not record audio or video of you, and sensitive inputs such as form fields and text you type are automatically masked by default.
  • Diagnose technical errors and performance issues so we can deliver a reliable experience.

These tools are only loaded after you have given consent via our cookie banner. Where possible we rely on anonymised or pseudonymised data, and we do not use this information to build advertising profiles about you.

7. Sharing your personal data

We do not sell your personal data. We may share it with the following categories of recipient, always under appropriate contractual safeguards:

  • Service providers and processors that help us run our business, including hosting and infrastructure, email delivery, customer support, analytics, error monitoring, and payment processing.
  • Professional advisers such as lawyers, accountants, and auditors, where required for legitimate business purposes.
  • Public authorities and regulators when we are legally required to disclose information, for example to comply with a court order or regulatory request.
  • Successors in a corporate transaction such as a merger, acquisition, or sale of assets, subject to confidentiality obligations.

All our processors are bound by written data processing agreements that require them to handle personal data only on our instructions and to keep it secure.

8. International data transfers

Some of our service providers are based outside the United Kingdom or may process data in other jurisdictions. Where we transfer personal data outside the UK, we ensure that an appropriate safeguard is in place, such as an adequacy decision issued by the UK government, the UK International Data Transfer Agreement, or the UK Addendum to the EU Standard Contractual Clauses.

If you would like more information about the specific safeguards used for any transfer of your personal data, please contact us through our contact page.

9. How long we keep data

We only keep personal data for as long as is necessary for the purpose it was collected, or as required to meet our legal, accounting, or regulatory obligations. Typical retention periods are:

  • Website analytics data: up to 26 months in identifiable form, after which it is aggregated or deleted.
  • Enquiries and correspondence: up to 3 years from the date of last contact, unless a longer period is justified by an ongoing client relationship.
  • Client project and billing records: up to 7 years after the end of the engagement, to comply with tax and accounting requirements.

When personal data is no longer needed, we securely delete or anonymise it.

10. Your rights under UK GDPR

You have a number of rights in respect of your personal data, which you can exercise free of charge:

  • Right of access: to request a copy of the personal data we hold about you.
  • Right to rectification: to ask us to correct inaccurate or incomplete information.
  • Right to erasure: to ask us to delete your personal data where there is no valid reason for us to continue processing it.
  • Right to restrict processing: to ask us to pause processing while you raise a concern about how we handle your data.
  • Right to data portability: to receive your data in a structured, commonly used, and machine-readable format.
  • Right to object: to object to processing based on our legitimate interests, including direct marketing.
  • Right to withdraw consent: where processing is based on consent, you can withdraw it at any time.
  • Rights in relation to automated decision-making: we do not use your personal data for automated decision-making that produces legal or similarly significant effects on you.

To exercise any of these rights, please get in touch via our contact page. We will respond within one month, as required by law.

11. Data security

We take the security of personal data seriously. We implement appropriate technical and organisational measures to protect against unauthorised access, loss, alteration, or disclosure, including encryption in transit, access controls, regular backups, and staff training. While no method of transmission over the internet is completely secure, we work continuously to maintain industry-standard protections.

12. Children’s privacy

Our website and services are not directed at children under 16, and we do not knowingly collect personal data from children. If you believe that a child has provided us with personal data, please contact us and we will take steps to delete it.

13. Changes to this policy

We may update this policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors. When we make material changes, we will update the “last updated” date at the top of this page and, where appropriate, notify you by email or through a notice on our website.

14. How to complain

If you have any concerns about how we handle your personal data, we would like the opportunity to resolve them. Please contact us in the first instance via our contact page.

You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection matters.

  • Website: ico.org.uk
  • Helpline: 0303 123 1113
  • Post: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF, United Kingdom

Looking for our terms of service? Visit our Terms of Service page.