1. Who we are
This website (costmybusiness.co.uk) is operated by CostMyBusiness ("CMB", "we", "us", "our"), an industrial profit engineering consultancy. CostMyBusiness is the data controller for all personal information collected through this website.
If you have any questions about this policy or about how we handle your personal data, please contact us at:
Email: privacy@costmybusiness.co.uk
2. What personal data we collect and why
When you submit the discovery call form on this website, we collect the following personal data:
- Your name
- Your work email address
- Your company name
- Your business sector
- Your approximate number of employees
- Your phone number (optional)
- Your location
- A brief description of your main business problem
We use this information for one purpose only: to respond to your enquiry and, where appropriate, to arrange a discovery call to discuss how CostMyBusiness may be able to help your business. The additional detail you provide helps us understand your situation before we speak, so we can make better use of your time.
We do not collect any other personal data through this website. We do not track visitors, run analytics, or use advertising technologies. We do not build profiles of visitors or make automated decisions about you.
3. Our lawful basis for processing
We rely on legitimate interests under Article 6(1)(f) of the UK GDPR as our lawful basis for processing your enquiry data.
Our legitimate interest is responding to inbound business enquiries from prospective clients. We have assessed that this interest is not outweighed by your privacy rights: you have voluntarily provided your details in a professional capacity for the express purpose of receiving a reply, the data involved is limited and non-sensitive, and you have a clear and easy route to object at any time.
Where your enquiry leads to a client engagement, we also rely on Article 6(1)(b) — processing necessary to take steps prior to entering a contract, and to perform that contract.
Your right to object: You can object to our processing of your data at any time by emailing privacy@costmybusiness.co.uk. We will stop processing your data unless we have a compelling legitimate reason to continue or a legal obligation to retain it.
4. Who we share your data with
We use the following third-party services to operate this website and handle your enquiry. Each acts as a data processor on our behalf and is contractually bound to handle your data only on our instructions and to UK GDPR standards.
| Provider | Role | Data location |
|---|---|---|
| Google LLC | Receives form submissions via Google Apps Script; stores enquiry data in Google Sheets; delivers email notifications to us | United States |
| Cloudflare, Inc. | Provides spam protection (Turnstile) on the contact form | United States |
| Bluehost (Newfold Digital, Inc.) | Hosts this website; their servers process visitor IP addresses as a standard function of serving web pages | United States |
We do not sell your personal data. We do not share it with any other third party for marketing, profiling, or any other purpose.
5. International transfers
All of our processors are based in the United States. We rely on the following safeguards for transfers of your personal data to the US:
Google LLC and Cloudflare, Inc. are certified under the UK Extension to the EU–US Data Privacy Framework (the UK-US Data Bridge), which has been recognised by the UK Government as providing an adequate level of protection for personal data transferred from the UK to certified US organisations. You can verify their certification status at dataprivacyframework.gov.
Bluehost (Newfold Digital, Inc.) hosts this website and processes visitor IP addresses only transiently as a standard function of serving web pages. Newfold Digital is not currently certified under the UK-US Data Bridge. This transfer is safeguarded by the UK International Data Transfer Addendum to the EU Standard Contractual Clauses (the UK IDTA). You can request a copy of the relevant safeguards by emailing privacy@costmybusiness.co.uk.
6. How long we keep your data
We do not keep your personal data for longer than is necessary.
- If your enquiry does not lead to an engagement: we retain your data for 12 months from your last contact with us. After this period, your data is deleted from our systems, including our email inbox and our Google Sheets log.
- If you become a client: we retain your data for the duration of our engagement and for 6 years after it ends, in line with HMRC record-keeping requirements and the limitation period for contract claims under the Limitation Act 1980.
7. Your rights under UK GDPR
You have the following rights in relation to the personal data we hold about you:
- The right to be informed — to be told clearly how we use your data (which is the purpose of this policy).
- The right of access — to request a copy of the personal data we hold about you.
- The right to rectification — to ask us to correct inaccurate or incomplete data.
- The right to erasure — to ask us to delete your data, in certain circumstances.
- The right to restrict processing — to ask us to limit how we use your data, in certain circumstances.
- The right to data portability — to receive your data in a structured, commonly used, machine-readable format, in certain circumstances.
- The right to object — to object to our processing, including an absolute right to object to any use of your data for direct marketing.
- Rights related to automated decision-making and profiling — we do not carry out any automated decision-making or profiling, but you have the right to raise this if your situation changes.
To exercise any of these rights, please email privacy@costmybusiness.co.uk. We will respond within one calendar month of receiving your request. There is no charge for making a request.
8. Cookies
This website does not use analytics cookies, advertising cookies, or social media tracking technologies. We do not set any non-essential cookies, which is why you do not see a cookie consent banner.
Cloudflare Turnstile, our spam protection service on the contact form, processes certain browser signals to verify that you are a human visitor. This does not involve persistent tracking cookies or the collection of personal data beyond what is necessary to provide the spam-protection function.
If we introduce analytics or any other technology that uses non-essential cookies in future, we will update this policy and add an appropriate consent mechanism before doing so.
For full details of how cookies are used on this site, please read our Cookie Policy.
9. Security
We take appropriate technical and organisational measures to protect your personal data:
- This website is served over HTTPS (TLS encryption) at all times.
- Form submission data is transmitted to Google's servers over an encrypted connection.
- Google encrypts data stored in Google Sheets and Gmail at rest using AES-256 encryption.
- Access to our Google account and email inbox is protected by multi-factor authentication.
No method of electronic transmission or storage is 100% secure. If you have concerns about the security of your data, please contact us at privacy@costmybusiness.co.uk.
10. How to raise a concern or make a complaint
If you are unhappy with how we have handled your personal data, please contact us first at privacy@costmybusiness.co.uk. We will acknowledge your complaint within 30 days and aim to resolve it without undue delay.
If you remain dissatisfied after contacting us, you have the right to lodge a complaint with the Information Commissioner's Office (ICO), the UK's supervisory authority for data protection:
Information Commissioner's Office Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF
Telephone: 0303 123 1113
Website: ico.org.uk/make-a-complaint
11. Do you have to provide your data?
You are not legally required to provide your personal data when using this website. However, without your name, email address, company name, sector, number of employees, location, and a brief description of your situation, we are unable to respond meaningfully to your enquiry or arrange a discovery call. Phone number is optional — you can leave it blank if you prefer to be contacted by email only.
12. Changes to this policy
We review this policy periodically and will update the "Last updated" date at the top when changes are made. If we make a material change to how we use your personal data, we will notify you by email where we hold your contact details and where it is practical to do so.
This website is operated by CostMyBusiness. Email: privacy@costmybusiness.co.uk.