Introduction Broadstones Solutions Ltd. understands that your privacy is important and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, store and protect personal information provided through our website and other business interactions. By using this website, submitting an enquiry, subscribing to communications, or otherwise providing us with your personal information, you acknowledge the practices described in this Privacy Policy. Information About Us Broadstones Solutions Ltd. Company Number: 11656069 Registered Address: Bragborough Hall Business Centre, Welton Road, Braunston, Northamptonshire, NN11 7JG ICO Registration Number: ZA662608 Data Protection Officer: Sarah Henn Email: sarah@broadstones.tech Telephone: 07817 137444 What Information Do We Collect? We may collect and process the following information: Information You Provide Directly When you contact us, submit an enquiry, register for an event, subscribe to updates, or engage with our services, we may collect: • Name • Email address • Telephone number • Company name • Job title • Any information you include in your enquiry or correspondence Information Collected Through Business Development Activities We may collect business contact information from: • Networking activities • Referrals and introductions • Publicly available professional sources • Business enquiries This may include your name, company, role, email address and telephone number. Website Usage Information When you visit our website, we may automatically collect technical information including: • IP address • Browser type and version • Device information • Pages visited • Time spent on the website • Referring websites This information helps us understand how visitors use our website and improve our services. How Do We Use Your Information? We may use your personal information to: • Respond to enquiries and requests • Provide information about our services • Manage client and prospective client relationships • Deliver services requested by you or your organisation • Improve our website, services and user experience • Send newsletters, updates and other communications where you have consented to receive them • Comply with legal, regulatory or contractual obligations Our Lawful Bases for Processing Under UK GDPR, we rely on one or more of the following lawful bases: Legitimate Interests To manage business relationships, respond to enquiries, develop new business opportunities and improve our services. Performance of a Contract Where processing is necessary to provide services requested by you or your organisation. Consent Where you have agreed to receive marketing communications, newsletters or updates. You may withdraw your consent at any time. Legal Obligations Where we are required to process information to comply with applicable laws or regulations. Marketing Communications We will only send marketing communications where we have a lawful basis to do so. Where consent is required, we will obtain your consent before sending communications and you may unsubscribe or withdraw consent at any time. We do not sell personal data to third parties. How Long Do We Keep Your Information? We retain personal information only for as long as necessary for the purposes for which it was collected. Client and Prospect Information Business contact information may be retained for the duration of the relationship and for up to 24 months following the last meaningful interaction, unless a longer retention period is required for contractual, legal or regulatory reasons. Marketing Communications Where processing is based on consent, information will be retained until consent is withdrawn or the information is no longer required. How Do We Protect Your Information? We use appropriate technical and organisational measures to protect personal data against unauthorised access, disclosure, alteration or loss. Access to personal data is restricted to authorised individuals with a legitimate business need. Where third-party service providers process personal data on our behalf, appropriate contractual and security safeguards are in place. Do We Share Your Information? We may share personal information with: • Approved service providers who support our business operations • Professional advisers • Regulatory bodies or law enforcement agencies where required by law • Potential purchasers or successors in the event of a business sale, merger or restructuring Where personal information is shared, we take reasonable steps to ensure it is handled securely and in accordance with applicable data protection legislation. International Transfers Where personal data is transferred outside the United Kingdom or European Economic Area, we will ensure appropriate safeguards are in place and that such transfers comply with applicable data protection legislation. Your Rights Under UK GDPR, you have the right to: • Access your personal data • Correct inaccurate personal data • Request deletion of personal data in certain circumstances • Restrict or object to processing in certain circumstances • Withdraw consent where processing relies on consent • Request portability of certain personal data To exercise any of these rights, please contact us using the details below. Contact Us If you have any questions about this Privacy Policy or how we process your personal data, please contact: Sarah Henn Data Protection Officer Email: sarah@broadstones.tech Telephone: 07817 137444 Complaints If you have concerns about how we have handled your personal data, please contact us first so that we can try to resolve the matter. You also have the right to lodge a complaint with the Information Commissioner's Office (ICO). For further information, visit: https://www.ico.org.uk Changes to This Policy We may update this Privacy Policy from time to time to reflect changes in legislation, business practices, or our services. The latest version will always be available on this website. This website Privacy Policy forms part of Broadstones' wider data protection framework. Additional privacy notices may apply to employees, associates, clients, suppliers and other business relationships where relevant. Policy Last Updated 16th June 2026