Privacy Notice
Privacy Notice
1. NOTICE
1.1. This Notice is issued by the Controller entity listed below ("Cobrief Limited", "we", "us", and "our") and is addressed to individuals outside our organisation with whom we interact or who have been referred to us, including customers, individual customers of the organisations we primarily interact with, visitors to our Site, other users of our services, personnel of our customers and vendors, individual business contacts, and visitors to our premises (together, "you"). Defined terms used in this Notice are explained in Clause 13 below.
1.2. This Notice may be amended or updated from time to time to reflect changes in our practices with respect to the Processing of Personal Data, or changes in applicable law. We encourage you to read this Notice carefully and to check this page regularly to review any changes we may make in accordance with the terms of this Notice.
1.3. This Notice was last updated on 22 February 2026.
2. COLLECTION OF PERSONAL DATA
2.1. We collect or obtain Personal Data about you from the following sources:
2.1.1. Data provided to us: We obtain Personal Data when such data are provided to us or to any of our service providers acting on our behalf (e.g. provided by you, payment service providers, outsourced service providers, your employer, by way of referral from our existing customers, or by any other means).
2.1.2. Data we obtain in person: We obtain Personal Data during meetings, at trade shows, or at events we attend.
2.1.3. Collaborations: We obtain Personal Data when you collaborate with us in research or in an advisory or consultancy capacity.
2.1.4. Relationship data: We collect or obtain Personal Data in the ordinary course of our relationship with you (e.g. where we provide a service to you or to your employer).
2.1.5. Site data: We collect or obtain Personal Data when you visit any of our Sites or use any features or resources available on or through a Site, including when you use, or register to use, any of our Sites.
2.1.6. Third party information: If you interact with any third party content or advertising on a Site (including third party plugins and cookies), we receive Personal Data from the relevant third party provider of that content or advertising.
3. CREATION OF PERSONAL DATA
We also create Personal Data about you in certain circumstances, such as records of your interactions with us. We may also combine Personal Data from any of our Sites or software services, including where those data are collected from different devices or sources.
4. CATEGORIES OF PERSONAL DATA WE PROCESS
4.1. We Process the following categories of Personal Data about you:
4.1.1. Personal details: given name(s) and preferred name.
4.1.2. Contact details: correspondence address; telephone number; email address; details of Personal Assistants, where applicable; and social media details, where applicable.
4.1.3. Demographic information: gender and language preferences.
4.1.4. Purchase details: records of purchases and prices; consignee name; address; contact telephone number; and email address.
4.1.5. Payment details: invoice records; payment records; billing address; payment method; bank account number or credit card number; cardholder or accountholder name; card or account security details; card “valid from” date; card expiry date; BACS details; SWIFT details; IBAN details; payment amount; payment date; and records of cheques.
4.1.6. Data relating to our Sites: device type; operating system; browser type; browser settings; IP address; language settings; registration details; usage data; and aggregate statistical information.
4.1.7. Content and advertising data: records of your interactions with our online advertising and content and records of the specific content displayed to you.
4.1.8. Security information: your password(s); login attempt details; security settings; and other security-related information.
4.1.9. Views and opinions: any views and opinions that you choose to send to us, or publicly post about us on social media platforms.
5. SENSITIVE PERSONAL DATA
We do not seek to collect or otherwise Process Sensitive Personal Data in the ordinary course of our business. Where we need to Process Sensitive Personal Data for a legitimate purpose, we do so in accordance with applicable law, or where we have obtained your express consent prior to Processing your Sensitive Personal Data.
6. PURPOSES OF PROCESSING AND LEGAL BASES FOR PROCESSING
6.1. The purposes for which we Process the categories of Personal Data identified in Clause 4 above, subject to applicable law, and the legal bases on which we perform such Processing, are as follows:
Purpose of Processing | Categories of Personal Data | Legal basis for Processing |
|---|---|---|
Provision of Sites and software services: providing promotional items upon request; and communicating with you in relation to those Sites or software services. | Personal details; contact details; correspondence; demographic information; purchase details; payment details; data relating to our Sites; content and advertising data; security information; and views and opinions. | Processing is necessary for the performance of a contract to which you are a party, or to take steps prior to entering into a contract; or we have a legitimate interest in providing and operating our Sites and software services; or we have obtained your prior consent. |
Operating our business: operating and managing our Sites and software services; providing content to you; displaying advertising and other information; and communicating and interacting with you via our Sites or software services. | Personal details; contact details; correspondence; demographic information; purchase details; payment details; data relating to our Sites; content and advertising data; security information; and views and opinions. | Processing is necessary for the performance of a contract, or to take steps prior to entering into a contract; or we have a legitimate interest in operating and improving our business and services; or we have obtained your prior consent. |
Improving our Sites and software services: identifying issues; planning improvements; and creating new Sites or software services. | Personal details; contact details; correspondence; demographic information; purchase details; payment details; data relating to our Sites; content and advertising data; security information; and views and opinions. | We have a legitimate interest in improving and developing our Sites and software services; or we have obtained your prior consent. |
Communications and marketing: communicating with you via email, telephone, text message, post, social media, or in person; personalising our Sites and software services; and maintaining and updating your contact information where appropriate. | Personal details; contact details; correspondence; demographic information; purchase details; payment details; data relating to our Sites; content and advertising data; security information; and views and opinions. | Processing is necessary for the performance of a contract, or to take steps prior to entering into a contract; or we have a legitimate interest in communicating with you and promoting our services; or we have obtained your prior consent. |
7. DISCLOSURE OF PERSONAL DATA TO THIRD PARTIES
7.1. We may disclose Personal Data for legitimate business purposes and the operation of our Sites or software services, in accordance with applicable law. In addition, we may disclose Personal Data to:
7.1.1. You and your appointed representatives.
7.1.2. Third party Processors (such as payment service providers).
7.1.3. Relevant third party providers where our Sites use third party advertising, plugins, or content. If you interact with such advertising, plugins, or content, your Personal Data may be shared with the relevant third party provider. We recommend that you review the third party’s privacy policy before interacting with such content.
7.2. Where we engage a third-party Processor to Process Personal Data on our behalf, the Processor will Process the Personal Data in accordance with our instructions and applicable contractual terms, and will implement appropriate technical and organisational measures to protect the confidentiality and security of the Personal Data.
8. PROFILING
8.1. We do not Process Personal Data for the purposes of automated decision-making or profiling.
9. INTERNATIONAL TRANSFERS OF PERSONAL DATA
We do not transfer Personal Data to recipients in other countries.
10. DATA SECURITY
10.1. We have implemented appropriate technical and organisational security measures designed to protect your Personal Data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure, unauthorised access, and other unlawful or unauthorised forms of Processing, in accordance with applicable law.
10.2. Because the internet is an open system, the transmission of information via the internet is not completely secure. Although we implement reasonable measures to protect your Personal Data, we cannot guarantee the security of Personal Data transmitted to us via the internet. Any such transmission is at your own risk, and you are responsible for ensuring that any Personal Data you send to us are transmitted securely.
11. YOUR LEGAL RIGHTS
11.1. Subject to applicable law, you may have a number of rights, including:
11.1.1. The right not to provide your Personal Data to us (however, please note that we may be unable to provide you with the full benefit of our Sites or software services if you do not provide your Personal Data).
11.1.2. The right to request access to your Relevant Personal Data.
11.1.3. The right to request rectification of any inaccuracies in your Relevant Personal Data.
11.1.4. The right to request, on legitimate grounds, the erasure of your Relevant Personal Data or restriction of Processing of your Relevant Personal Data.
11.2. You may also have the following additional rights:
11.2.1. The right to object to Processing of your Relevant Personal Data where such Processing is based on Article 6(1)(f) of the UK GDPR.
11.2.2. The right to object to Processing of your Relevant Personal Data for direct marketing purposes.
12. TERMS AND CONDITIONS
Our Terms (as defined therein) govern all use of our Sites and software services. We recommend that you review our Terms of Use regularly to stay informed of any changes.
13. DEFINITIONS
"Controller" means the entity that determines the purposes and means of the Processing of Personal Data. In many jurisdictions, the Controller has primary responsibility for complying with applicable data protection laws.
"Personal Data" means any information relating to an identified or identifiable individual, including identification by reference to an identifier such as a name, identification number, location data, online identifier, or one or more factors specific to that individual’s physical, physiological, genetic, mental, economic, cultural, or social identity.
"Process", "Processing", or "Processed" means any operation performed on Personal Data, whether or not by automated means, including collection, recording, organisation, structuring, storage, adaptation, alteration, retrieval, consultation, use, disclosure, dissemination, alignment, restriction, erasure, or destruction.
"Processor" means any natural or legal person or entity that Processes Personal Data on behalf of the Controller (other than employees of the Controller).
"Relevant Personal Data" means Personal Data for which we act as the Controller.
"Sensitive Personal Data" means Personal Data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, biometric data, health data, sexual life or orientation, criminal offences or convictions, national identification numbers, or other data classified as sensitive under applicable law.
"Site" means any website operated or maintained by us or on our behalf.
"UK GDPR" means the General Data Protection Regulation as incorporated into UK law by the European Union (Withdrawal) Act 2018 and the Data Protection Act 2018, as amended from time to time.