Privacy Policy

Last updated: May 2025. This Privacy Policy explains how The Business Circles (“we”, “us”, “our”) collects, uses, and protects your personal data when you use our website at thebusinesscircles.com. We are committed to protecting your privacy in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

Who We Are

The Business Circles is the data controller for personal data collected through this website. We are a structured networking membership for founders and entrepreneurs, operating weekly Thursday sessions for UK-based business owners.

You can contact us at: team@thebusinesscircles.com

What Data We Collect

We collect only the data you provide directly to us. Specifically:

• Name and email address — when you submit the contact form on our website to make a membership enquiry or ask a question.
• Payment data — we do not collect or store payment card information on our servers. All payments are processed directly by Stripe. When you click a membership sign-up link, you are taken to Stripe's hosted checkout page, where Stripe collects and processes your payment data under their own privacy policy.

We do not currently use analytics cookies or tracking scripts. We do not collect data through social media logins or third-party sign-in services.

Legal Basis for Processing

We process your name and email address on the following legal bases under UK GDPR:

• Contractual necessity — to respond to your enquiry or to fulfil a membership agreement with you.
• Legitimate interests — to maintain records of contact enquiries and to manage our membership communications. Our legitimate interest is in running an effective membership business; this does not override your rights.

How We Use Your Data

We use your name and email address solely to respond to your contact enquiry and to communicate with you about your membership or potential membership with The Business Circles. We do not sell your data to third parties. We do not use your data for automated decision-making or profiling.

Third-Party Processors

We use the following third-party services that may process your data on our behalf:

• Stripe — payment processing. Stripe operates its own privacy policy and PCI DSS-compliant infrastructure. Card data never touches our servers. See: stripe.com/gb/privacy
• Resend — transactional email delivery. When you submit the contact form, your name and email are transmitted to Resend to deliver your message to our team. Resend is based in the United States and operates under Standard Contractual Clauses for data transfers.
• Vercel — website hosting. Our website is hosted on Vercel's infrastructure. Vercel may process request data (IP addresses, user agents) as part of normal web server operation. Vercel is based in the United States and operates under Standard Contractual Clauses for UK-to-US data transfers.

Data Retention

We retain contact enquiry data (your name and email) for up to 12 months unless a legal obligation requires us to keep it longer or you request earlier deletion. After this period, data is securely deleted.

International Data Transfers

Resend and Vercel are based in the United States. When your data is transferred to these services, it is protected by Standard Contractual Clauses (SCCs) approved by the UK Information Commissioner's Office (ICO) as a lawful transfer mechanism under UK GDPR.

Cookies

We do not currently use analytics or marketing cookies. Our website may use essential session cookies required for normal web server operation. We do not currently use Google Analytics, Facebook Pixel, or any third-party tracking scripts. If this changes, we will update this policy and, where required, seek your consent.

Your Rights Under UK GDPR

You have the following rights regarding your personal data:

• Right of access — you can request a copy of the data we hold about you.
• Right to rectification — you can request that we correct inaccurate data.
• Right to erasure — you can request deletion of your data where there is no legal basis for continued retention.
• Right to restriction — you can request that we restrict processing of your data in certain circumstances.
• Right to data portability — you can request your data in a structured, machine-readable format.
• Right to object — you can object to processing based on legitimate interests.

To exercise any of these rights, contact us at team@thebusinesscircles.com. We will respond within 30 days. You also have the right to lodge a complaint with the UK Information Commissioner's Office (ICO) at ico.org.uk.

Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be noted with an updated “Last updated” date at the top of this page. Continued use of the website after changes constitutes acceptance of the updated policy.

Contact

For any privacy-related questions or to exercise your rights, contact The Business Circles at: team@thebusinesscircles.com