Privacy Policy

broadbean complies with the principles of the General Data Protection Regulation (GDPR), enforced from 25th May 2018, when processing personal data.

We only hold personal data for as long as necessary. Once data is no longer needed it is deleted from our files.

For administrative reasons email subscription data may be passed to and stored securely with a third party service provider. This provider is subject to and complies with the GDPR.

We never sell, rent or exchange mailing lists.

Personal Data Stored

This section outlines the various types of data we store and any pertinent information relating to the way in which it is processed.

Details of Leads, Clients & Projects

Concerns data provided by individuals to broadbean.

What we hold

  • Name
  • Company Name
  • Address (for invoices)
  • Email Address
  • Telephone Numbers (landline and/or mobiles)
  • Enquiry Details
  • Project Details (including client data on individuals if relevant to the project in question)

Where it came from

  • Online Enquiry
  • Direct Contact (Email/Telephone)

Where it is held

  • Address Books & Email (local computers and mobile devices all synchronised with Google’s secure cloud-based G Suite platform)
  • Some encrypted content stored on Microsoft’s cloud-based OneDrive storage platform
  • File Servers on Secure Local Network
  • Name and email address stored on MailChimp’s secure email campaign platform

Who it is shared with

  • broadbean has access to all data
  • broadbean’s clients’ names and email addresses are stored on MailChimp’s secure email campaign platform for email-based service announcements

How long it is held

  • Until no longer required or deletion is requested (whichever is sooner) except where it may be necessary for the legal operation of our business e.g. keeping a record of quotes/invoices provided.

Why it is used

  • To follow up new business enquiries
  • To carry out day-to-day business as agreed with the client in question
  • Delivery of critical service announcements (e.g. office closures or hosting maintenance notifications)
  • Delivery of relevant announcements (e.g. advertising deadlines, service enhancements & recommendations)

Legal basis for processing personal data

Contract – To provide a quote to prospective clients. To discuss, deliver and invoice a project or support work to existing clients. To notify existing clients of critical service announcements.

Legitimate interests – To provide existing clients with relevant and beneficial announcements regarding a service we provide e.g advertising deadlines or industry-wide recommendations such as security improvements. Requires us to process clients’ name and email address, minimal privacy impact.

Client Website Data

Concerns data managed/hosted by us on behalf of our clients.

What we hold

  • Any data stored on our clients’ websites:
    • Contact details from enquiry form submissions
    • Appointment booking information
    • Order Details (but not credit/debit card information)

Where it came from

  • Clients’ websites

Where it is held

  • Secure VPS hosting platform & datacentre provided by Linode LLC – VPS managed by broadbean
  • Email hosting platform & datacentre provided by  Krystal Hosting Ltd –  managed by broadbean
  • File Servers on Local Network (immutable data format)

Who it is shared with

  • broadbean has access to all data
  • Clients have access only to their data and the data belonging to their customers (via their websites’ interface)

How long it is held

Live data is retained according to a clients’ data retention policy. Live data can be deleted by each client except for backup data which is immutable. Backup data is held for a minimum of 3 months on our backup file servers on the local network. Backup data is held on the live environment for a maximum of 1 year.

Why it is used

Data is for use by our clients, not by broadbean and is subject to their privacy policies. Although we may have access to client data we do not use it in any way except to assist our clients with the necessary operation of their business.

Legal basis for processing personal data

Contract – As part of the hosting service we provide for our clients it is necessary that we store all data that relates to the successful operation of the websites we host for them, including the safeguarding of that data through ongoing backups.

Individuals’ Rights & Subject Access Requests

In general, all personal data can be accessed / rectified / erased on request. Exceptions apply to the rectification or erasure of data where it is necessary for the legal operation of our business e.g. keeping a record of quotes/invoices provided or where data is immutable (e.g. backups).

Requests will be handled within a month (usually much sooner) free of charge except where unfounded or excessive. Please contact us via email with your request and we will be happy to assist.


We never send bulk unsolicited emails (Spam) to email addresses. All emails sent by us will be clearly marked as originating from us.


Cookies used by broadbean

We use cookies to ensure that we give you the best experience on our website.

Our cookies do not contain or pass any personal, confidential or financial information or any other information that could be used to identify individual visitors.

The tracking cookies that we use are for Google Analytics. These allow us to count page visits and traffic sources, so we can measure and improve the performance of our site. These are anonymous and so don’t hold any private data about you. Nor can they be used to share information about you with third parties.

What exactly is a Cookie?

Cookie is technical term for a tiny text file left on your computer by websites you visit. Each cookie is accessible only by the website that created it, and is used to store useful information on how you use that particular site.

If you know where to look, you’ll find hundreds, perhaps even thousands of cookies stored on your computer’s hard disk. Each one is unique, and relates to a specific website. Don’t panic, a cookie cannot contain viruses or malware and cannot install anything on your computer.

Cookies are useful. When you do an online shop on an ecommerce site and it greets you by name, it’s because it detected the cookie stored on your computer from your last visit. Equally, when you click a “Like” button and your Facebook account automatically opens up showing your profile, Facebook cookies on your computer have allowed this to happen.

Why we tell you about our cookies

It’s the law. The Privacy and Electronic Communications Regulations state that site users should be fully informed about the information being stored in cookies on websites they visit.

What should you do?

If you’re happy with the above then please continue to use our website without changing your settings and we will assume that you are happy to receive all cookies on the broadbean website. However, if you would like to you can change your cookie settings at any time.

To find out more about cookies, including how to see previous cookies have been set on your machine, and how to manage or delete them, please visit

Further Information

If you have any questions relating to our Privacy Policy please contact us.