Capital Exchange

Privacy Policy

Updated: 8th February 2025

CapitalExchangeHQ is a registered trademark owned and operated by CEX HQ Ltd, a company registered in England and Wales (Company Number: 13028700). CapitalExchangeHQ.com is hosted on Dorik (https://dorik.com/). Dorik’s User Analytics is GDPR compliant and does not track users across websites, use cookies, or collect personal information from users.

We are committed to safeguarding the privacy of our clients and website visitors in compliance with the UK General Data Protection Regulation (UK GDPR) and other applicable data protection laws. This privacy policy explains how we collect, store, and process personal information in our sales and marketing activities.

1. Personal Data We Collect

We collect the following personal data for marketing and sales purposes:

    • First name, last name 

    • Business email address 

    • Social media profiles (if publicly available) 

    • Business name & job function 

    • Business address & business IP address 

We do not collect or process special category (sensitive) personal data, nor do we knowingly process data of children under 18.

2. Legal Basis for Processing Personal Data

We process personal data under the legal basis of Legitimate Interests (Article 6(1)(f) GDPR), as we believe individuals whose data we process have a legitimate interest in our services.

To ensure compliance:

    • We have conducted a Legitimate Interests Assessment (LIA) and documented our decision. 

    • We only process data in ways individuals would reasonably expect. 

    • We provide a clear opt-out option for all communications. 

    • We review our LIA every six months. 

Your Rights

If you do not want your data to be processed under Legitimate Interests, you can object at any time by contacting us via the details below.

3. How We Collect Your Data

We may collect data in the following ways:

    • You requested information from us. 

    • Someone referred you to us or requested information on your behalf. 

    • You shared your details with us at an event or business meeting. 

    • You visited our website, and we identified your business as a potential client. 

    • You previously engaged with our team about our services. 

    • Publicly available data was collected from sources such as business directories or LinkedIn, where we determined a legitimate interest in our services. 

We ensure that data collected from public sources is used in accordance with GDPR and provide an opt-out option for all individuals.

4. How We Use Your Data

We process personal data for the following purposes:

    • To administer our website and personalize your experience. 

    • To communicate marketing and sales messages about our services. 

    • To send non-marketing business communications. 

    • To respond to inquiries or complaints. 

    • To prevent fraud and keep our website secure. 

Marketing Communications

    • We may send communications via email, telephone, social media, or post. 

    • You can unsubscribe at any time using the opt-out links in our emails or by contacting us directly.

5. Data Sharing & Third Parties

We never sell or rent your data to third parties. However, we may share your data with:

    • Employees, officers, and agents involved in providing our services. 

    • Service providers such as CRM platforms, email marketing tools, or website hosts. 

    • Legal authorities, where required by law. 

    • A potential buyer, in the event of a business sale or merger. 

International Transfers

If data is transferred outside the UK/EU, we ensure appropriate safeguards (e.g., Standard Contractual Clauses or UK IDTA agreements) are in place.

6. Data Retention & Security

We take reasonable technical and organizational precautions to protect your data, including:

    • Encryption & access controls to prevent unauthorized access. 

    • Secure storage on trusted platforms (e.g., Kit CRM, Formaloo). 

    • Regular audits to review security risks. 

Data Retention

We retain data only for as long as necessary:

    • Sales & marketing data: Up to 2 years from the last interaction. 

    • Client records: Up to 6 years for legal and compliance reasons. 

    • If you request deletion, we will erase your data unless required for legal purposes.

7. Your GDPR Rights

You have the right to:

    • Access your personal data (Subject Access Request). 

    • Correct inaccuracies in your data. 

    • Request deletion (Right to be Forgotten). 

    • Restrict processing of your data. 

    • Object to processing, particularly for marketing purposes. 

    • Request data portability in a machine-readable format. 

How to Exercise Your Rights

To exercise any of these rights, contact us at:

📧 Email: theteam@capitalexchangehq.com

✉️ Address: CEX HQ Ltd, 105 High Street, Brentwood, Essex CM14 4RR.

If you are unsatisfied with our response, you have the right to lodge a complaint with the UK Information Commissioner’s Office (ICO):

🔗 ICO Website

8. Updates & Contact Information

We may update this policy periodically. The latest version will always be available on our website.

If you have any questions about this policy, please contact us at theteam@capitalexchangehq.com.

CapitalExchangeHQ is a registered trademark owned and operated by CEX HQ Ltd, a company registered in England and Wales. Company Number: 13028700.

I Quick Links