Contact details: name, business email, phone, job title, company, country/region.
Account & event data: login credentials, registrations, preferences, dietary/access needs.
Content interactions: forms, demo requests, survey responses, support queries.
Recruitment: CV/resumé, cover letter, work history, right‑to‑work information.

b) Data collected automatically

Usage/technical data: IP address, device identifiers, browser type/version, pages viewed, timestamps, referral URLs, approximate location (derived from IP), and similar.
Cookies and similar tech: pixels, tags, local storage used for essential site functions, analytics, and (if enabled) advertising/retargeting. See Cookies below.

c) Data from third parties

B2B data providers and public sources: professional/business contact information from sources such as LinkedIn, company websites, event organizers, or licensed lead‑gen providers.
Partners & analytics: information about engagement with our campaigns (e.g., email opens, ad impressions, form fills) and event attendance records.

We do not intentionally collect special category data (e.g., health data) via the Site, nor do we seek data from children.

3) Why we use your data (purposes) and our lawful bases (UK/EU)

Purpose	Examples	Lawful basis
Operate the Site & deliver content	security, load balancing, remembering cookie choices	Legitimate interests (running a secure, functional website) or consent where required
Respond to enquiries & provide downloads/demos	fulfilling your requests	Contract or legitimate interests
Marketing & ABM (B2B)	sending relevant updates; tailoring content by role/industry; LinkedIn audiences	Legitimate interests (B2B direct marketing) and/or consent where required (e.g., email opt‑in in some countries)
Analytics & improvement	understanding Site performance and content effectiveness	Legitimate interests; consent where required
Events & webinars	registrations, attendance management	Contract; legitimate interests
Recruitment	evaluate applications; communicate about roles	Legitimate interests; legal obligation
Legal & compliance	record‑keeping, exercise/defend legal claims, fraud prevention	Legal obligation; legitimate interests

Where we rely on consent (e.g., non‑essential cookies or certain email marketing), you can withdraw it at any time.

4) Cookies, analytics, and ads

We use:

Essential cookies (strictly necessary) to run the Site.
Analytics cookies to measure and improve performance ([e.g., Google Analytics 4]).
Advertising/retargeting technologies on some pages to reach business audiences ([e.g., LinkedIn Insight Tag], [Google Ads])—only if enabled and subject to your choices.

Your choices:

Our cookie banner lets you accept/reject non‑essential cookies by category. You can also adjust browser settings to block or delete cookies.
We recognize Global Privacy Control (GPC) signals where legally required and will treat them as an opt‑out of sale/sharing for targeted advertising under applicable U.S. laws.
If you prefer, email us at privacy@changeb2b.com for help with cookie choices.

For more detail, see our separate Cookie Notice (or insert cookie table here if you won’t publish a separate notice).

5) How we share personal data

We may share personal data with:

Service providers (processors): hosting, security, analytics, email/SMS platforms, webinar/event tools, customer support, CRM/marketing platforms, lead‑verification services.
Business partners: resellers, referral partners, and event co‑hosts when you interact with joint content or events.
Professional advisors & compliance: auditors, insurers, lawyers; government or law‑enforcement where required.
Corporate transactions: if we merge, sell, or reorganize our business, data may transfer to new owners.

We require processors to safeguard data and use it only per our instructions. We do not sell personal information for money. Under some U.S. laws, our use of advertising cookies may be considered “sharing” for cross‑context behavioral advertising; see Section 11 for opt‑out rights.

6) International data transfers

We may transfer personal data outside the UK/EEA (e.g., to providers in the U.S.). Where we do, we use appropriate safeguards, such as:

UK International Data Transfer Agreement (IDTA) or the UK Addendum to the EU Standard Contractual Clauses,
EU Standard Contractual Clauses (SCCs), and
additional technical/organizational measures where appropriate.

You can request a copy of relevant transfer mechanisms by contacting us (with redactions where necessary).

7) Data retention

We keep personal data only as long as needed for the purposes set out above, including to meet legal, accounting, or reporting requirements. Typical examples:

Marketing/lead data: [12–24 months] from last meaningful interaction or until you opt out.
Event records: [up to 12 months] after the event.
Recruitment data: [6–12 months] after a hiring decision unless you consent to a longer talent‑pool period.
Website logs/security: [up to 12 months] unless needed longer for security or legal reasons.

We then delete or anonymize data.

8) Security

We use administrative, technical, and physical safeguards appropriate to the nature of the data (e.g., encryption in transit, access controls, least‑privilege, monitoring). No system is 100% secure; if we become aware of a breach involving your data, we will act in line with applicable laws.

9) Your rights (UK/EU/EEA & similar jurisdictions)

Subject to conditions and exemptions, you may have rights to:

Access your data and get a copy,
Rectify inaccurate or incomplete data,
Erase your data,
Restrict or object to processing (including B2B direct marketing),
Data portability,
Withdraw consent where processing relies on consent.

To exercise your rights, email privacy@changeb2b.com. We may ask for information to verify your identity. You also have the right to complain to your local authority:

UK: Information Commissioner’s Office (ICO) – ico.org.uk
EEA: contact your local Data Protection Authority.

We do not use solely automated decision‑making that produces legal or similarly significant effects.

10) Marketing preferences

You can opt out of marketing emails at any time via the unsubscribe link or by emailing privacy@changeb2b.com. We may still send non‑marketing messages (e.g., transactional or service notices).

11) U.S. State privacy disclosures (including California)

This section supplements the policy for residents of states with consumer privacy laws (e.g., California (CCPA/CPRA), Colorado, Connecticut, Virginia, Utah).

a) Categories we collect (from the last 12 months)

Identifiers & contact info: name, email, phone, IP address, device IDs.
Commercial/interaction info: downloads, demo requests, event registrations, content views.
Internet/technical activity: browsing history on our Site, interactions with emails/ads.
Professional information: job title, employer, industry.
Inferences: interest segments or audience groupings for B2B marketing.

b) Purposes

As described in Sections 3–4 (operate Site, respond to requests, analytics, B2B marketing, security, legal compliance).

c) Sources

You, your devices, cookies/pixels, business contact providers, partners, and publicly available sources.

d) Disclosure for business purposes

We disclose personal information to service providers and contractors for business purposes (hosting, analytics, marketing operations), and to partners when you engage with joint content/events.

e) Sale/Share

We do not sell personal information for money. We may “share” personal information (as defined in CPRA) with advertising/analytics partners for cross‑context behavioral advertising. You can opt out of sale/sharing by:

Using our cookie banner to disable Advertising cookies,
Enabling a Global Privacy Control (GPC) signal in your browser (we honor it where required), or
Emailing [privacy@changeb2b.com] with “Do Not Sell/Share” in the subject.

We do not use or disclose sensitive personal information for purposes that require a “limit use” link under CPRA.

f) Your U.S. rights

Subject to exceptions, you may request to know/access, correct, or delete your personal information, and to opt out of sale/sharing. We will not discriminate against you for exercising your rights.
How to submit: email privacy@changeb2b.com. If we deny your request, some states allow you to appeal by replying to our decision email with “Appeal” in the subject.

g) Authorized agents

Where permitted, you may use an authorized agent; we may require proof of authorization and verification of your identity.

12) Children

Our Site is not intended for children under 13 (or under 16 in some regions). We do not knowingly collect children’s personal data. If you believe a child has provided data to us, contact privacy@changeb2b.com and we will take appropriate steps.

13) Third‑party links

Our Site may link to third‑party websites or services. Their privacy practices are their own; please review their policies.

14) Changes to this policy

We may update this policy from time to time. We’ll post the new version on this page and update the “Effective date” above. If changes are material, we’ll take additional steps required by law.

ChangeB2B Ltd – Website Privacy Policy

1) Scope of this policy

2) The personal data we collect

a) Data you provide directly