Call: 01229 520 250
Furness Business Hub: 84 Dalton Road, Barrow-in-Furness
Menu
close

Privacy Policy

Furness Business Hub - Data Protection & Privacy Policy

Effective date: 14 Nov 2025
Last updated: 12 Dec 2025
Controller: Furness Business Hub (“we”, “us”, “our”) is the data controller of personal data processed in connection with our products, services, websites, and network.

Contact:

  • General privacy enquiries:  data@furness.net
  • Complaints: If you are unhappy with how we handle your data, you may contact the Information Commissioner’s Office (ICO) (Wycliffe House, Water Lane, Wilmslow, SK9 5AF; 0303 123 1113). [gov.uk]

1) Scope & Legal Basis

This policy explains how we collect, use, disclose, and protect personal data under:

  • UK GDPR and the Data Protection Act 2018; and
  • PECR (Privacy and Electronic Communications Regulations) for electronic marketing and cookies;
  • with updates and guidance under the Data (Use and Access) Act 2025.

We follow the seven data protection principles: lawfulness, fairness & transparency; purpose limitation; data minimisation; accuracy; storage limitation; integrity & confidentiality; accountability.

2) What Personal Data We Collect

We collect personal data necessary to deliver and support our services, including:

  • Identity & professional details: company name, size and sector, contact names, job titles.
  • Contact details: postal addresses, email addresses, telephone numbers.
  • Account & service data: order records, delivery/installation details, support tickets, billing and payment information.
  • Network & telemetry: IP addresses, device identifiers, email headers/metadata (for routing and security), and network usage logs generated on our infrastructure.
  • Marketing & preferences: records of communication preferences, event registrations, and interest in our products.
  • Risk & credit checks (where applicable): limited financial information from reputable third parties to assess credit terms.
  • Website interaction data: cookies/analytics, consent choices, and log files.
    We do not seek to collect special category data. Where such data is necessary (e.g., health accessibility needs for onsite work), we will apply enhanced safeguards and conditions.

3) How We Obtain Personal Data

  • Directly from you (orders, emails, phone, support requests, web forms, event sign‑ups).
  • Via our websites and network services (logs, security tools, cookies/analytics).
  • From resellers and partners (where they lawfully share end‑user data with us).
  • From third‑party sources (e.g., credit reference agencies) for risk management.

4) Purposes & Lawful Bases for Processing

We process personal data only when we have a lawful basis:

Purpose Examples Lawful basis
Provide and support services Order processing, provisioning, installation, customer support, invoicing Contract (to perform or enter a contract); Legitimate interests (service quality)
Service improvement & analytics Usage statistics, capacity planning, service reliability Legitimate interests (improving and securing services)—balanced against your rights
Security & fraud prevention Access controls, logs, threat detection, abuse investigations Legitimate interests; Legal obligation (where applicable)
Direct marketing Product updates, newsletters, event invites Consent (email/SMS under PECR); Legitimate interests for B2B communications where permitted; always offer opt‑out
Credit & risk assessment Assessing credit terms, fraud checks Legitimate interests
Legal and regulatory Tax records, responding to lawful requests Legal obligation

We will explain any additional conditions if we ever need to process special category or criminal offence data.

5) Data Minimisation, Accuracy & Retention

We collect only what is necessary, keep it accurate and up‑to‑date, and store it no longer than needed for the purposes stated:

Data category Typical retention
Customer account & contractual records Contract term + 6 years (statutory limitation)
Billing & transactional data 6 years (tax/audit)
Support tickets & operational logs 12–24 months, unless needed for legal/security reasons
Marketing preferences & consents Until you withdraw consent or after 2 years of inactivity
Network logs (IP, headers) 90–365 days for security/operational purposes

Retention periods may vary to meet legal obligations or defend legal claims. We then delete or anonymise the data.

6) Sharing Your Data (Recipients)

We may share personal data with:

  • Internal teams (sales, operations, support, finance) to fulfil orders and support you.
  • Service providers (delivery, installation, hosting, analytics, security) under GDPR‑compliant contracts with confidentiality and security obligations.
  • Resellers/partners (where necessary to provide services you’ve requested).
  • Regulators or law enforcement (where legally required).
    We do not sell your personal data.

7) International Transfers

If we transfer personal data outside the UK, we use approved safeguards (e.g., UK IDTA or the UK Addendum to EU SCCs) and conduct transfer risk assessments, ensuring an adequate level of protection.

8) Security

We take confidentiality and security seriously and implement appropriate technical and organisational measures, including:

  • Role‑based access controls and least privilege
  • Encryption in transit and at rest (where appropriate)
  • Network monitoring, vulnerability management, and incident response
  • Secure development and change controls
  • Staff training and awareness
  • Vendor due diligence and contractual security requirements
    We review and test our controls regularly.

9) Your Rights

You have the following rights (subject to certain exceptions):

  • Right to be informed (transparent privacy information)
  • Right of access (Subject Access Request)
  • Right to rectification
  • Right to erasure (“right to be forgotten”)
  • Right to restrict processing
  • Right to data portability
  • Right to object (including to direct marketing)
  • Rights related to automated decision‑making and profiling
    We will respond within one month of receiving a valid request. To exercise your rights, contact us via the details above. If we cannot comply, we will explain why.

10) Direct Marketing

  • We will send electronic marketing only with your consent (or as permitted for B2B communications under PECR) and always provide an easy opt‑out.
  • You can change your preferences or opt‑out at any time via data@furness.net .

11) Cookies & Similar Technologies

We use cookies to operate our websites, measure performance, and improve user experience.

  • Strictly necessary cookies: required for core site functions (you cannot opt out through our banner).
  • Analytics/performance cookies (e.g., Google Analytics): only set with your consent; we do not use them to identify you directly. You can withdraw consent at any time via our cookie controls or your browser settings.
  • Third‑party embedded content (e.g., YouTube, social widgets): these parties may set their own cookies. See their privacy/cookie notices for details.
    Full details are in our Cookie Policy and cookie banner.

12) Automated Decision‑Making

We do not make decisions producing legal or similarly significant effects solely by automated means. If we introduce such processing, we will provide meaningful information, your rights to request human review, and an opt‑out where required.

13) Children’s Data

Our services are intended for business users. We do not knowingly collect data from children. If you believe a child has provided us personal data, please contact us to remove it.

14) Governance, DPIAs & Documentation

We maintain appropriate accountability measures, including:

  • Record of Processing Activities (ROPA)
  • Data Protection Impact Assessments (DPIAs) for high‑risk processing
  • Data breach log and incident procedures
  • Contracts with processors and vendor audits
  • Training and policies for staff privacy awareness

15) Data Breaches

If a personal data breach occurs, we will assess risk, record the incident, take remedial actions, and notify the ICO within 72 hours where required. We will inform affected individuals when the breach is likely to result in a high risk to their rights and freedoms.

16) Changes to This Policy

We may update this policy to reflect changes in law, guidance, or our operations. We will post updates on our website with a revised “Last updated” date and, where appropriate, notify you via email or service notices. Guidance is currently being updated by the ICO following the Data (Use and Access) Act 2025.

17) Contact Us

For privacy questions, to exercise your rights, or to make a complaint:
Email: data@furness.net
Address: Furness Business Hub, 84 Dalton Road, Barrow-in-Furness, Cumbria, U.K. LA14 1JH.
Phone: +44 (0)1229 808050
If unresolved, you can contact the ICO (see above).

Annex: Definitions

  • Personal data: information relating to an identified or identifiable individual (e.g., names, emails, IP addresses).
  • Processing: any operation on personal data (collecting, storing, using, disclosing, etc.).
  • Controller: the organisation determining the purposes and means of processing.
  • Processor: a supplier processing data on our behalf.

    References.
    ico.org.uk

Meeting Room

Our light and airy conference room offers a comfortable and professional space for your meetings. 

Book Now

Memberships

We have a membership to suit every user. Our pricing is designed to be affordable and simple.

Membership

Contact us

Call: 01229 520 250Email: businesshub@furness.co.uk

Address: 84 Dalton Road,

Barrow-in-Furness, LA14 1JH

Social media

Visit our FacebookVisit our InstagramVisit our LinkedIn

Registered in England and Wales: Company No. 3225605 

© Copyright Furness Business Hub
linkedin facebook pinterest youtube rss twitter instagram facebook-blank rss-blank linkedin-blank pinterest youtube twitter instagram