32,481 verified businesses 48 English counties covered List free in under 5 minutes 4.8★ trusted by buyers New: AI-assisted listings 32,481 verified businesses 48 English counties covered List free in under 5 minutes 4.8★ trusted by buyers New: AI-assisted listings
32,481 businesses live 📅 —
☁ Light rain · 8°C Help
List your business
Legal

Privacy Policy

How Advertise England collects, uses, stores, and protects your personal data — and how to exercise your rights.

Effective: 1 January 2026 Last updated: 24 May 2026 Version 1.0

1. Data controller

The data controller for personal data processed through Advertiseengland.com is:

Advertise England Ltd
[Registered address — update before going live]
England & Wales

Email: data@advertiseengland.com
ICO Registration No: [Your ZA/ZB number — add before going live]
Companies House No: [Your company number]

If you have any questions about how we handle your data, contact us at data@advertiseengland.com. We aim to respond within 3 working days.

2. What we collect

We collect personal data in the following circumstances:

When you create a listing account

DataWhy collected
Email addressAccount creation, login, transactional emails, security alerts
Mobile numberAccount verification, urgent security notifications
Password (hashed)Authentication — stored as a bcrypt hash, never in plain text

When you create a business listing

DataWhy collected
Business nameDirectory listing display
Business address & postcodeMap display, local search, county filtering
Website URLDirectory listing display (optional)
Business descriptionDirectory listing display & search indexing
Photos & logoDirectory listing display (optional)
Industry & specialityCategory search & filtering
Companies House numberVerified badge (optional — checked against Companies House API)

When you make a payment

DataWhy collected
Payment card details Processed entirely by Stripe — we never see, receive, or store card numbers, CVV codes, or sort codes. Card data never touches our servers.
Billing postcode Passed to Stripe for VAT rate calculation and fraud prevention. We do not store this after it is passed to Stripe.
VAT receipts & purchase history Generated and held by Stripe Tax on our behalf. We do not store VAT receipts. Customers can access their full purchase history (date, package, amount, VAT) directly from the Stripe billing portal at any time.
Transaction ID only The only payment-related data we retain is a transaction reference ID linking the order to Stripe. Retained 7 years for HMRC Making Tax Digital compliance. Contains no financial or personal data beyond a reference number.

Automatically collected data

DataWhy collected
IP addressSecurity, fraud detection, approximate geolocation for weather widget
Browser & device typeTechnical compatibility and analytics (with your consent)
Pages visited & time on siteAnalytics to improve the directory (with your consent)
Referrer URLUnderstanding how visitors find us (with your consent)

3. Lawful basis

Under UK GDPR Article 6, every processing activity must have a lawful basis. We rely on three:

Contract Processing necessary to fulfil your listing subscription — account creation, listing publication, and payment processing. VAT receipts are issued automatically by Stripe on our behalf.

Consent Marketing emails, analytics cookies, and marketing cookies — you can withdraw consent at any time via your account settings or our cookie manager.

Legitimate Interests Security monitoring, fraud prevention, abuse detection, site performance improvement, and non-marketing communications (e.g. critical service updates). We have conducted a Legitimate Interests Assessment (LIA) for each activity; copies available on request.

4. How we use your data

We use your personal data only for the purposes stated at collection:

  • Publishing and maintaining your business listing on the directory — you can edit or delete your listing and account yourself from your dashboard at any time
  • Processing subscription payments via Stripe. VAT is calculated by Stripe Tax and receipts are emailed by Stripe automatically — we do not handle or store any VAT, card, or billing data
  • Sending transactional emails (receipt, listing live confirmation, renewal reminders)
  • Sending marketing emails only if you have explicitly opted in
  • Verifying your business against Companies House (if you provide a company number)
  • Detecting and preventing fraud, spam, and content that violates our policies
  • Complying with legal obligations (HMRC, court orders, law enforcement requests)
  • Improving the directory using aggregated, anonymised analytics data

We do not sell, rent, or trade your personal data to any third party for their own marketing purposes.

Self-service: Most personal data we hold can be corrected or deleted by you directly from your account dashboard — see your data rights for the full list.

5. Third-party processors

We share data only with processors who handle it on our behalf under a Data Processing Agreement (DPA). All processors are contractually bound to use data only for the specified purpose.

ProcessorPurposeData sharedLocation
Stripe Inc. Payment processing, VAT calculation (Stripe Tax), VAT receipt generation & delivery, fraud prevention, subscription management Card details, billing postcode, email, purchase history, VAT receipts. We pass billing details to Stripe and do not retain them. Customers can access their full payment history via the Stripe billing portal. USA (SCCs in place)
Cloudflare Inc. CDN, DNS, DDoS protection, AI proxy IP address, request headers USA/EU (SCCs in place)
Google Analytics (if consent given) Website analytics Anonymised usage data, IP (truncated) USA (SCCs in place)
Open-Meteo Weather widget — IP-based weather lookup IP address (used to determine approximate location, not stored) Germany (EU)
Companies House API Business verification Company number (queried, not stored beyond verification) UK
Email service provider [name before go-live] Transactional & marketing emails Email address, first name [Confirm location]

We will disclose data to law enforcement or regulatory bodies only where legally required and, where permitted, will notify you before doing so.

6. Retention periods

We keep personal data only as long as necessary for the purpose it was collected, or as required by law.

Data typeRetention periodReason
Account & login dataDuration of account + 2 years after closureFraud prevention, dispute resolution
Active listing contentDuration of subscriptionContractual obligation
Listing content after cancellation90 daysRecovery window for accidental cancellations
Transaction ID (reference only)7 years from transactionHMRC Making Tax Digital requirement. This is a reference number only — no card, bank, or billing data is stored by us. Full records held by Stripe.
Marketing consent records3 years from last contactICO guidance on consent proof
Server access logs (IP)90 daysSecurity incident investigation
Analytics data26 months (aggregated, anonymised)Trend analysis
Content moderation logs12 monthsAbuse pattern detection

At the end of each retention period, data is securely deleted or anonymised in line with our Data Deletion Standard Operating Procedure.

7. Your rights

Under UK GDPR you have eight data subject rights. You can exercise any of them by emailing data@advertiseengland.com. We will respond within 30 days (extendable by a further 60 days for complex requests — we will notify you if this applies).

1. Right of access

Request a copy of all personal data we hold about you (a Subject Access Request / SAR). We will provide it in a commonly used electronic format at no charge.

2. Right to rectification

Ask us to correct inaccurate or incomplete data. Most listing data can be corrected directly in your dashboard.

3. Right to erasure

Ask us to delete your personal data ("right to be forgotten"). This right applies where there is no overriding legal obligation to retain the data.

4. Right to restriction

Ask us to pause processing while accuracy or legitimacy is disputed, without deleting the data.

5. Right to portability

Receive your data in a structured, machine-readable format (JSON or CSV) so you can transfer it to another service.

6. Right to object

Object to processing based on legitimate interests or for direct marketing. Objection to direct marketing is absolute — we must stop immediately.

7. Automated decision-making

We do not use fully automated decision-making (including profiling) that produces legal or similarly significant effects on you.

8. Withdraw consent

Withdraw marketing or cookie consent at any time via your account settings or our cookie manager. Withdrawal does not affect processing already carried out.

⚖️

Complaints to the ICO If you are unhappy with how we have handled your data, you have the right to lodge a complaint with the UK Information Commissioner's Office (ICO). Visit ico.org.uk/make-a-complaint or call 0303 123 1113. We would welcome the opportunity to resolve any concern directly before you contact the ICO.

8. Cookies

We use cookies and similar technologies to operate the site, measure performance, and (with your consent) deliver relevant promotions. A full list of cookies is available in our Cookie Policy.

CategoryExamplesConsent required?
Strictly necessary Session ID, CSRF token, cookie-consent choice No — required to operate the site
Analytics Google Analytics (_ga, _gid) Yes — opt-in via cookie banner
Marketing Ad pixels, remarketing tags Yes — opt-in via cookie banner

You can change your cookie preferences at any time using the or the "Manage cookies" button in the footer.

9. Children

Advertiseengland.com is a B2B directory intended for use by businesses and people aged 18 or over. We do not knowingly collect personal data from anyone under 18.

If you believe a child under 18 has provided us with personal data, please contact data@advertiseengland.com and we will delete the data promptly.

10. Security

We take the security of your personal data seriously and implement technical and organisational measures including:

  • Encryption in transit — all data is transmitted over HTTPS/TLS 1.3
  • Encryption at rest — databases and backups are encrypted at rest
  • Password hashing — passwords are hashed with bcrypt (min cost factor 12)
  • Payment security — card data is processed by Stripe (PCI DSS Level 1 certified); we never handle raw card numbers
  • Access control — staff access to personal data is role-based and logged
  • Breach response — we maintain a documented breach response procedure; the ICO will be notified within 72 hours of a qualifying breach and affected users will be notified where the risk is high

If you discover a security vulnerability, please report it responsibly to security@advertiseengland.com.

11. Changes to this policy

We may update this Privacy Policy from time to time. When we make material changes we will:

  • Update the "Last updated" date at the top of this page
  • Send a notification to all registered users by email at least 30 days before the changes take effect
  • Display a notice on the site for 30 days

Continued use of the directory after the effective date constitutes acceptance of the updated policy.

Previous versions of this policy are available on request by emailing data@advertiseengland.com.

12. Contact us

For any questions, requests, or concerns about this policy or our data practices:

Data queries & subject access requests:
data@advertiseengland.com

Security vulnerabilities:
security@advertiseengland.com

Postal address:
Data Protection Officer
Advertise England Ltd
[Registered address — update before going live]

We aim to acknowledge all data-related emails within 3 working days and to fully resolve requests within 30 days.

🇬🇧

Supervisory authority The UK supervisory authority for data protection is the Information Commissioner's Office (ICO). ICO registration number: [Your ZA/ZB number]. You have the right to lodge a complaint with the ICO at any time at ico.org.uk/make-a-complaint.