Privacy Notice
Introduction
This Privacy Notice for Buzzacott (‘Buzzacott’, ‘we’, ‘us’, or ‘our’,) describes how and why we collect, store, use, and/or share (‘process’) your personal data and information when you use our services (‘Services’) such as when you:
Visit our website at www.buzzacott.co.uk
Express an interest in or take up one of our Services.
You, your employer or our clients engage us to provide our Services and during the provision of those Services.
Engage with us in other related ways, including any form of communication for enquiries, sales, marketing, or events.
Buzzacott is responsible for the data we collect and process for our own purposes therefore making us the Data Controller. We’re committed to maintaining the security and privacy of the personal data we process, both through our website or through our interactions with clients, prospects, or industry partners.
Buzzacott will, in some cases, act as a Data Processor. This means that we process personal data on behalf of a Data Controller and in accordance with their instructions. When acting as a Data Processor this will be communicated to you and the Data Controller will provide you with information on how your personal data is being processed.
This Privacy Notice applies only when Buzzacott is a Data Controller.
Whether we are supporting our clients or managing our own data, privacy and security are at the heart of our operations, so it is imperative we operate in accordance with and, where possible, above industry and regulatory requirements.
Contacting us
Should you wish to contact us to find out more about how we process personal data, exercise your data protection rights, or make a complaint, please use the following details:
Email: privacy@buzzacott.co.uk
Post: Data Protection Officer, 130 Wood Street London EC2V 6DL
Telephone: 020 7556 1200
What personal data will we collect about you
‘Personal data’ means any information about an individual from which that person can be identified. It does not include data where all identifiers have been completely removed (i.e. ‘anonymous data’). Some types of personal data require specific protection under applicable data protection laws. These are special category data and data relating to criminal convictions, offences, or allegations, or security measures. ‘Special category data’ refers to: data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership; genetic data; biometric data when used for the purpose of uniquely identifying someone; data concerning health; or data concerning a natural person’s sex life or sexual orientation.
We may collect, use, store and transfer different kinds of personal data and personal information which have been grouped together below:
Identity and Contact Data | This includes name, alias, prefix (otherwise termed ‘courtesy title’, honorific’), nationality, unique personal identifier (such as an ID number), postal address, email address, telephone numbers, driving licence, passport, other forms of ID (such as a government issued ID), photographs, video and audio. This also includes age, gender, marital status, signature, date of birth, and dietary requirements. | |
Financial Data | This includes income, salary, payroll number, bonus, taxation, benefits, deductions such as pension contributions, investments (including property information and dividends), shareholdings, beneficiaries, bank information and power of attorney documentation. | |
Technical Data | This includes device identifiers such as internet protocol (IP) address, browser and device characteristics, operating system, language preferences, referring URLs, device name, country and location. This also includes online behaviour and interactions with our websites, applications, systems, and advertisements. You can read more about this in our Cookie Notice. | |
Special Category and Criminal Offence Data | This includes ethnic origin, race, religion and data concerning health and medical requirements (including medical conditions, disabilities, accessibility requirements and dietary requirements). This also includes criminal and civil offence data, such as convictions for financial crimes. This may also include information about vulnerability or circumstances affecting an individual’s ability to engage with our services, such as physical or mental health conditions, significant life events, or resilience and capability factors, including where these relate to children or dependants. | |
Professional and Personal Development Data | This includes business contact details, job title and data surrounding time recording (hours worked) and working arrangements. Also, information contained within a CV such as employment history, education, interview notes, reasonable adjustments, professional licenses and certifications and references. Also includes information held on a personnel file such as leave records, performance reviews, grievance and disciplinary information. | |
Family and Minors’ Data | This includes family information such as names, date of birth and address of children and other family members (such as spouse) and birth certificates. This may also include information relating to a child’s health or care needs where shared by a client and relevant to financial planning or safeguarding considerations. |
How will we collect your personal data
We use different methods to collect data from and about you including:
Personal data and information provided by you: The personal data and information that we collect depends on the context of your interactions with us and the Services, the choices you make, and the products you use. We will typically collect personal data directly from you via our website (e.g. Mailing List and Contact Us), via correspondence, or in-person (e.g. at events and functions).
Personal data and information provided by your representatives: In certain circumstances, we may collect personal data and information about you from a family member, trusted friend or appointed representative, for the purposes of supporting with the contract for the supply of services.
Personal data and information provided by your employer: The personal data and information that we collect depends on the context of our interactions with your employer or our client. We will typically collect personal data directly from your employer or our client via correspondence, via approved and secure data sharing platforms or in-person.
Third parties or publicly available sources: To enhance our ability to provide the Services to you we may obtain information about you from other sources, such as public databases (e.g. Companies House, LinkedIn, Google) and from other third parties such as investment brokers and solicitors.
CCTV Imagery: For your safety and security, we may capture your image on CCTV devices which are located at our offices.
Information automatically collected: We automatically collect certain information when you visit, use, or navigate the Services. This information does not reveal your specific identity (like your name or contact information) without combining it with other data but may include device and usage information, such as your IP address, browser and device characteristics, operating system, language preferences, referring URLs, device name, country, location, information about how and when you use our Services, and other technical information. This information is primarily needed to maintain the security and operation of our Services, and for our internal analytics and reporting purposes. Like many businesses, we also collect information through cookies and similar technologies, which you can read more about in our Cookie Notice.
If you do not provide certain personal data when requested, we may be unable in some circumstances to comply with our obligations.
How your information will be used
The following section provides further information about why we process your personal data and our lawful bases for doing so. Depending on the context of the processing activity, we may rely on more than one lawful basis.
When processing special category data or criminal conviction data we will obtain your explicit consent unless:
this is not required by applicable data protection laws, and we process it for another lawful purpose; or,
the information is required to protect your wellbeing, or the wellbeing of others, in an emergency and you or they are incapable of providing consent.
As a firm providing tailored, specialist expertise, advice and consultancy services in a range of professional sectors, we may sometimes need to process your data to pursue our legitimate business interests, for example to prevent fraud, administrative purposes or reporting potential crimes. We will not process personal data based on our legitimate interests, or those of a third party, if our assessment determines that the individual’s interest or fundamental rights or freedoms override those interests.
Where we provide financial planning and employee benefit services , we may process special category data, including health or vulnerability‑related information, where this is necessary to provide appropriate advice, safeguard clients’ economic wellbeing, or make reasonable adjustments to our services. This processing may be carried out under contractual necessity, substantial public interest, defence of legal claims, or explicit consent, depending on the context.
To provide our Services: We will process personal data to fulfil our contractual obligations. This includes management of contracts and fulfilment of our Services. | - This processing may be necessary for the performance of a contract, or to take steps prior to entering a contract, which Buzzacott and our clients are subject to. | - Identity and Contact Data - Financial Data - Professional and Personal Development Data - Family and Minors’ Data - Special Category Data - Criminal Offence Data |
To handle website enquiries: We have a Contact Us page on this website, which allows individuals to ask questions about our Services, the Contact Us page and any correspondence sent via email is monitored by our internal teams, to ensure we identify and handle your request effectively. | - This processing is carried out for our legitimate interests, enabling Buzzacott to facilitate your enquiry. | - Identity and Contact Data - Professional and Personal Development Data |
To engage with prospective clients: We process basic business contact information of prospective clients, which may initially be collected via sales meetings, business cards, verbally, events we may host, speak at, or attend. We may obtain information from third parties or publicly available sources, including those outlined under the section ‘How will we collect your personal data?’. | - This processing is carried out for our legitimate interests in promoting our Services to your organisation. This information may also be processed for the performance of a contract, or to take steps prior to entering a contract, when you are a named signatory within the contract. | - Identity and Contact Data - Professional and Personal Development Data |
To manage Financial Accounting and Administration: Our financial management and accounting Services process basic client contact information to fulfil our accounting requirements. This ranges from invoices, account details, timesheet approvals, statement of works, terms and conditions and bank details. | - This processing is necessary for the performance of a contract with you, or to meet our legal obligations for financial reporting. | - Identity and Contact Data - Financial Data - Professional and Personal Development Data |
To sign up to our mailing list, send marketing and promotional communications and attending events: From time to time, we may email you about our Services or events which may be of interest to you or your organisation. We will only ever contact you with these communications if the content is relevant to your role as an employee at the organisation you work for. | - This processing is carried out either with your consent, or for our legitimate interests to promote our Services or events to your organisation. You can tell us not to contact you by following the unsubscribe instructions on any communications sent to you. | - Identity and Contact Data - Financial Data - Professional and Personal Development Data - Family and Minors’ Data (for events only) - Special Category Data (for events only) |
To identify usage trends and understand our customer journeys: We will process information about how you use our Services and your experiences with us to undertake analysis and internal reporting. | - This processing is carried out either with your consent or for our legitimate interests to analyse and improve your user experience. | - Identity and Contact Data - Technical Data - Special Category Data (in specific circumstances) - Family and Minors’ Data (in specific circumstances) |
To verify identify and conduct requisite financial checks, such as for anti-money laundering: We will process your information to fulfil legal requirements and to protect the business and our clients. | - This processing is carried out to comply with our legal obligations. | - Identity and Contact Data - Financial Data - Professional and Personal Development Data - Criminal Offence Data - Family and Minors’ Data (in specific circumstances) |
To fulfil our compliance requirements: We will process your personal data to ensure that our business is acting to appropriate measures and standards, such as reviewing contractual agreements and conducting internal and external audits. This may include providing certain high-level data to our regulators. | - This processing is carried out to protect and support our legitimate interests and, in some cases, to meet our legal obligations. | - Identity and Contact Data - Financial Data - Professional and Personal Development Data - Special Category Data (in specific circumstances) - Family and Minors’ Data (in specific circumstances) |
To fulfil our health and safety requirements: We will process your personal data for the purpose of your health and safety when on our sites. This includes incident reporting, CCTV surveillance, and data concerning your access to our sites. | - This processing is carried out to comply with our legal obligation and for the purpose of CCTV surveillance because we have a legitimate interest. | - Identity and Contact Data - Special Category Data |
To fulfil our security requirements: We monitor our internal systems and physical sites to ensure that we protect you and your personal data against potential security threats. | - This processing is carried out to protect and support legitimate interests. | - Identity and Contact Data - Technical Data - Special Category Data |
How long will we keep your personal data?
Buzzacott only processes personal data for as long as necessary to meet our legal obligations or where we have a legitimate business reason for keeping it. We review the need to retain certain personal data on a case-by-case basis and document the period of retention for each.
If in the future we intend to process your personal data for a purpose other than that which it was collected, we will provide you with information on that purpose and any other relevant information.
In some cases, particularly where personal data relates to financial advice, vulnerability, or health‑related circumstances that informed decision‑making, information may be retained beyond the end of our relationship to meet regulatory expectations or to establish, exercise or defend legal claims.
For further information on how long personal data is likely to be kept before being removed from our systems and databases, please contact us via: privacy@buzzacott.co.uk.
Sharing your personal data
In certain circumstances, we may share your personal data with other companies. Buzzacott will only ever do so where there is a lawful basis for us to and where the third party has evidenced that they can protect and secure your personal data.
The categories of recipients we may transfer personal data to include:
Other Buzzacott firms. Where, by the nature of your role and our relationship, your information may be transferred to these entities.
Sub-processors. We use third parties to support us in providing our Services (e.g., provision of information technology, cloud-based software, website management, data storage, and customer relationship management). You can obtain information about these measures by contacting the DPO at privacy@buzzacott.co.uk.
Government and other regulatory agencies. We may disclose your personal information to government and regulatory agencies where legally required or where we suspect unlawful conduct.
Additionally, there are circumstances where we will share your data with other third parties who may provide elements of, or add value to, our services.
We may also share your personal data with a third party who has purchased or merged with our organisation, in which case personal data held by us, about you, will be transferred to that third party to carry on our business.
International transfers of your personal data
Although our systems and Services are primarily located within the United Kingdom and European Economic Area, there may be occasions where your personal data will be processed in countries not deemed as having an adequate level of data protection as the UK/EEA by the UK Secretary of State or EU Commission.
Buzzacott has implemented appropriate measures to ensure an adequate level of protection of your personal data, if it is transferred outside of the UK or EEA. These measures include our processors entering standard contractual clauses or by way of derogations for specific circumstances.
You can obtain information about these measures by contacting the DPO at privacy@buzzacott.co.uk.
Security of your personal data
At Buzzacott we take the security of personal data extremely seriously. We assess security for confidentiality, integrity, and availability to ensure that data remains protected, accurate and available for its intended purposes. Some of the core controls we have implemented as part of these certifications are:
Multi-Factor Authentication (“MFA”) on all internet-based systems
Encryption of data at rest and in transit
Technical assessments of our systems for vulnerabilities and configuration weaknesses
Controlled access to only approved individuals
Screening of all employees
Data handling training for all employees
Policies and procedures on secure operations and configuration of systems
Information representing Special Category and Criminal Offence Data is subject to additional access controls and is only available to staff who require it to support the delivery of our services.
Automated decision-making, profiling and Artificial Intelligence
Automated decisions are where a computer makes decisions about you without a person being involved. Profiling is the recording and analysis of a person's psychological and behavioural characteristics, to assess or predict their capabilities or to assist in identifying categories of people.
We also use artificial intelligence and machine learning technologies. Artificial Intelligence (“AI”) focuses on creating systems that can perform tasks typically requiring human intelligence, such as learning, reasoning, problem-solving, perception, and language understanding. Machine learning is a type of AI that teaches machines to learn and interpret from information and then provide a response. One type of artificial intelligence that we use is natural language processing. Natural language processing involves reading, understanding and analysing speech and text.
The models, algorithms, and tools we use do several things including:
helping colleagues draft, refine and improve written content;
summarising information to support day‑to‑day work (as part of productivity support use);
transcribing meetings and workshops to produce notes and
extracting and structuring key information from documents to reduce manual effort.
Buzzacott does not profile or make any automated decisions about its clients or customers without meaningful human oversight and review.
Your rights
Under UK and EEA data protection laws, you have a number of rights that are focused on placing you in control of how your personal data is processed.
When you exercise these rights, we may seek clarification from you about the scope of your request, to ensure our teams can provide you with appropriate support.
You have the following data protection rights in relation to the processing of your personal data:
Right to be informed | A right to be informed about the personal data we hold about you. | |
Right of access | A right to obtain: - confirmation of whether we process your personal data; - access to the personal information held by us; - a copy of the personal data held by us; and, - information about how and why we process your personal data (similar to the information provided in this Privacy Notice). | |
Right to rectification | A right to request that your personal data be amended or rectified where it is inaccurate, and to have any incomplete data completed. | |
Right to erasure | A right to request the deletion of your personal data in certain circumstances: - We no longer need to use the personal data to achieve the purpose we collected it for. - Where you withdraw your consent if we are using your personal data based on your consent. - Where our legal basis for processing is legitimate interests and you object to the way we process your data (see the right to object described below) and we do not have any overriding legitimate grounds. - Where your personal data has been unlawfully processed; or - Where your data must be deleted to comply with a legal obligation to which we are subject. If you request us to delete your data, we will retain minimal personal data to document these requests and thereby avoid using your personal data for any other purpose. | |
Right to restrict processing | In certain circumstances, a right to restrict our processing of the personal data we hold about you: - For a period enabling us to verify the accuracy of the personal data held by us where you have contested it. - Where you would have the right to ask us to delete the personal data but would prefer that our processing is restricted instead. - Where we no longer need to use the personal data to achieve the purpose, we collected it for, but you need the data for the purposes of establishing, exercising, or defending legal claims. - Where you have objected to our processing and for a period enabling us to undertake an assessment of whether we have legitimate grounds to continue processing your personal data that would override your interests. | |
Right to data portability | In certain circumstances, a right to receive the personal data you have given us, in a structured, commonly used, and machine-readable format. You also have the right to require us to transfer this personal data to another organisation, at your request. | |
Right to object | A right to object to our processing of your personal data in certain circumstances: - Where our lawful basis is for the purpose of our legitimate interests or those of a third party; or - We are processing your personal data for direct marketing purposes. You can exercise your right to object to marketing communications being sent to you by utilising opt-out mechanisms in emails we send to you. | |
Right related to automated decision-making and profiling | In certain circumstances, you have a right to request that we review any decisions made about you that produce legal or similarly significant effects concerning you, which are made solely through automated means, and to receive certain additional explanatory information about the logic involved in the decision-making. | |
Right to withdraw your consent | A right to withdraw your consent, where we are relying on it to use your personal data. | |
Right to complain | If you have any questions or complaints about how we’re using your personal data, you have the right to complain to us. You can do this by: - Emailing us: privacy@buzzacott.co.uk - Writing to us: Data Protection Officer, 130 Wood Street London EC2V 6DL If you remain unhappy with our response, you may escalate your complaint to a Data Protection Authority. In the UK, the Data Protection Authority is the Information Commissioner’s Office who can be contacted by: - Visiting their website: www.ico.org.uk - Telephone: 030 3123 1113 - Post: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF |
Additional Information for US Residents
If you reside in the United States of America, this section supplements the information contained in the Privacy Notice. US residents have specific rights regarding their personal information which are set out in applicable data privacy legislation (e.g., California Consumer Privacy Act (“CCPA”) became effective on January 1, 2020 and is supplemented by the California Privacy Rights Act (“CPRA”) which became effective on January 1, 2023 (applicable to personal data collected from January 1, 2022).
Please note that in the preceding twelve (12) months, we have not sold your personal information. We may disclose certain personal information, such as your first and last name, email address, job title/position, and other similar contact data, financial information, and employment details with our subsidiaries and affiliates and other third parties, including service providers who provide Services on behalf of Buzzacott LLP. When personal information is disclosed to a subsidiary, affiliate or other third party the recipient entity will be obligated to provide the same level of privacy protection required under applicable data protection laws.
You have the following rights in relation to the processing of your personal data:
Notice and access | A right to notice of and access to certain information about our collection and use of your information. | |
Correction | A right to ask for inaccurate personal information to be corrected. | |
Deletion | A right to ask that we delete your personal information relating to you, subject to certain exceptions. | |
Objection to the sale of or sharing of personal information | A right to ask for your personal information to not be sold or shared with a third party, subject to certain exceptions. | |
Transmission of personal information to another entity | A right to ask for your personal information to be transferred, in a readily useable format, to another entity. |
None of these rights are absolute and there may be circumstances in which we are required or permitted under applicable law not to address your request.
Only you or an authorised agent (that you authorise to act on your behalf), may make a verifiable request related to your personal information.
Any verifiable request (including those to delete data) must:
Provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal information or an authorised representative (such as by requiring you to provide a signed written authorisation that the agent is authorised to make a request on your behalf); and,
Describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.
We cannot respond to your request or provide you with personal information if we cannot verify your identity or authority to make the request and confirm the personal information relates to you.
Changes to our Privacy Notice
We recognise that transparency is an ongoing responsibility, so we keep this notice under regular review. When we update our notice, we will take appropriate measures to inform you, which will be consistent with the significance of the changes we make.
Last updated: 17/06/2026