Privacy Policy

We only collect personal data that is necessary for the purposes described in this policy. The types of personal data we may collect include:

We do not collect any special category data (such as health information, racial or ethnic origin, political opinions or religious beliefs) and we do not knowingly collect data from children under the age of 16.

We collect personal data in the following ways:

We use website analytics software to understand how visitors use Business Handbook. This helps us identify which content is most useful, where visitors encounter difficulties, and how to improve the platform.

Our analytics software collects anonymised data including pages visited, session duration, the general location of visitors (at country or region level — not precise location), the device and browser used, and how visitors arrived at the site (for example, from a search engine or a link).

We configure our analytics to anonymise IP addresses so that individual visitors cannot be identified from analytics data alone. We do not use analytics data to build profiles of individual users or for advertising purposes.

Our legal basis for collecting analytics data is our legitimate interest in understanding how our website is used so we can improve it. You can opt out of analytics tracking by adjusting your cookie preferences — see the Cookies section below.

Cookies are small text files that are placed on your device when you visit a website. They are widely used to make websites work, to remember your preferences, and to provide information to website owners about how their site is being used.

We use the following types of cookies:

You can control cookies through your browser settings or through our cookie consent tool. For more detail on the specific cookies we use, see our Cookie Policy.

When you use our contact form, we collect the information you provide — typically your name, email address and the content of your message. We use this information solely to respond to your enquiry.

Our contact forms are hosted by JotForm. When you submit a form, your data is processed by JotForm in accordance with their privacy policy, as well as by us. We do not use the information you submit through contact forms for marketing purposes unless you have separately opted in to receive marketing communications.

We retain records of contact form submissions for up to 24 months, after which they are deleted unless there is an ongoing matter that requires us to retain them for longer.

Our legal basis for processing contact form data is our legitimate interest in responding to enquiries from visitors and customers.

If you sign up for our newsletter, we collect your email address and, where provided, your name. We use this information to send you our newsletter and other updates about Business Handbook content, features and offers.

Our legal basis for sending marketing emails is your consent. By signing up for our newsletter, you are giving us your consent to send you marketing communications. You can withdraw this consent at any time by clicking the "unsubscribe" link in any email we send you, or by contacting us at [email protected].

Withdrawing your consent will not affect the lawfulness of any processing we carried out before you withdrew it. It will not affect your ability to use the website or your membership account.

We track email opens and clicks to understand which content is most useful to our subscribers. This data is used only to improve our newsletter — it is not shared with third parties or used for advertising purposes.

When you create a membership account, we collect your name, email address and a password (which is stored in encrypted form — we cannot see your password). We use this information to create and manage your account, provide access to premium content, and communicate with you about your membership.

When you purchase a membership subscription, payment is processed by Stripe. We receive confirmation of your payment and retain a record of your purchase for accounting and customer service purposes. We do not store your full payment card details — these are held securely by Stripe.

We may send you transactional emails related to your account — such as payment confirmations, renewal reminders and account notifications. These are necessary for the operation of your account and are not marketing communications. You cannot opt out of transactional emails while your account is active, but you can close your account at any time.

Our legal basis for processing membership account data is the performance of a contract — we need to process your data in order to provide the service you have subscribed to.

Business Handbook includes a Business AI tool that allows you to ask questions and receive AI-generated responses about UK business topics. When you use this tool, the text of your query is processed by our AI model provider in order to generate a response.

We recommend that you do not include sensitive personal information, financial details, or confidential business information in queries you submit to the Business AI tool. Treat it as you would a general internet search — useful for general guidance, but not the right place for sensitive specifics.

AI query data may be retained for a limited period for the purposes of improving the tool and monitoring for misuse. We do not use AI query data to identify individual users or to build personal profiles.

Responses from the Business AI tool are AI-generated and are not subject to the same editorial review process as our published content. They should be treated as a starting point for research, not as definitive professional advice. See our Disclaimer for more detail.

Our legal basis for processing AI query data is our legitimate interest in providing and improving the Business AI tool.

We use the personal data we collect for the following purposes:

We will not use your personal data for any purpose that is incompatible with the purposes described in this policy without first obtaining your consent or having another lawful basis to do so.

UK GDPR requires us to have a lawful basis for processing your personal data. We rely on the following legal bases:

We retain your personal data only for as long as is necessary for the purposes for which it was collected, or as required by law. Our retention periods are as follows:

When your data is no longer needed, we delete it securely or anonymise it so that it can no longer be linked to you.

We share personal data with a small number of trusted third-party service providers who help us operate the website and deliver our services. We only share the data that is necessary for each provider to perform their function, and we require all providers to handle data securely and in accordance with UK data protection law.

We do not sell your personal data to third parties. We do not share your data with third parties for their own marketing purposes.

All third-party providers we use are either based in the UK or the EEA, or operate under appropriate data transfer safeguards (such as Standard Contractual Clauses) where data is transferred outside these areas.

Some links on Business Handbook are affiliate links. When you click an affiliate link, you are taken to a third-party website. That website may set its own cookies and collect its own data about your visit, in accordance with its own privacy policy.

We do not receive personal data about you from affiliate partners as a result of you clicking an affiliate link. We may receive aggregated, anonymised data about the number of clicks and conversions generated through our affiliate links, but this data does not identify individual users.

We are not responsible for the privacy practices of third-party websites you visit through affiliate links. We recommend reading the privacy policy of any website before providing your personal data to it.

For more information about how we handle affiliate relationships, see our Affiliate Disclosure.

We take the security of your personal data seriously and have put in place appropriate technical and organisational measures to protect it against unauthorised access, loss, disclosure or destruction.

No method of data transmission or storage is completely secure. While we take all reasonable steps to protect your data, we cannot guarantee absolute security. If you believe your account has been compromised, please contact us immediately at [email protected].

Under UK GDPR and the Data Protection Act 2018, you have the following rights in relation to your personal data. These rights are not absolute — there are some circumstances in which they may not apply — but we will always respond to requests promptly and explain if we are unable to fulfil them.

To exercise any of these rights, contact us at [email protected]. We will respond within one calendar month. There is no charge for making a request, unless requests are manifestly unfounded or excessive.

If you have any questions about this Privacy Policy, want to exercise any of your data protection rights, or have a concern about how we have handled your personal data, please contact us:

We will respond to all data protection requests within one calendar month of receiving them, as required by UK GDPR. In complex cases, we may extend this by a further two months — if we need to do this, we will let you know within the first month.

If you are not satisfied with our response, or if you believe we have handled your data unlawfully, you have the right to lodge a complaint with the Information Commissioner's Office (ICO):

We may update this Privacy Policy from time to time to reflect changes in our practices, the services we offer, or changes in UK data protection law. When we make changes, we will update the "Last updated" date at the top of this page.

If we make material changes — changes that significantly affect how we use your personal data or your rights — we will notify registered members by email before the changes take effect. We will also display a notice on the website.

We encourage you to review this Privacy Policy periodically to stay informed about how we handle your personal data. Your continued use of Business Handbook after any changes to this policy constitutes your acceptance of those changes.

If you have any concerns about changes to this policy, please contact us at [email protected].