GDPR & Data Protection

Last updated: June 2026

Our commitment

BizHive is built and operated in the UK, for UK customers. We are fully committed to compliance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

Lawful basis for processing

We process your data under these lawful bases:

  • Contract— to deliver the services you've subscribed to
  • Legitimate interest — to operate, secure, and improve the Service
  • Consent — for any marketing communications (you can unsubscribe at any time)
  • Legal obligation — for tax, accounting, and regulatory requirements

Data hosting & transfers

All primary customer data is hosted in the EU. Where data is transferred outside the UK/EEA (e.g. to AI inference providers), we use only providers that offer adequate safeguards via Standard Contractual Clauses or are covered by adequacy decisions.

We maintain a record of all sub-processors. The current list is available on request.

Your rights

Under UK GDPR, you have the right to:

  • Access a copy of your data (Subject Access Request)
  • Rectify inaccurate data
  • Request deletion (“right to be forgotten”)
  • Restrict or object to processing
  • Data portability (machine-readable export)
  • Withdraw consent at any time
  • Lodge a complaint with the ICO (Information Commissioner's Office)

To exercise any of these rights, email hello@bizhive.io. We respond within 30 days, usually much faster.

Data Protection Officer

For formal data protection enquiries, contact our DPO at dpo@bizhive.io.

Data Processing Agreement

If you're a business using BizHive to process your customers' data (e.g. collecting leads on your website), we'll sign a Data Processing Agreement (DPA) with you. Request a DPA at hello@bizhive.io.

Breach notification

In the event of a personal data breach, we will:

  • Notify the ICO within 72 hours of becoming aware (where required)
  • Notify affected customers without undue delay
  • Provide details of the breach, likely consequences, and mitigation steps

Retention periods

We retain customer data for the duration of your subscription plus 30 days (for cancellation recovery). After that, data is permanently deleted. Anonymised usage analytics may be retained indefinitely.

Financial records are retained for 7 years as required by HMRC.

International customers

If you're outside the UK, we still apply GDPR-equivalent protections to your data. We do not target or market to customers outside the UK.

Placeholder note: This GDPR notice is a working draft and should be reviewed by a qualified data protection consultant before being used in production with real customer data.