Burnham Management Limited (“BML”, “we”, “us”, “our”) is committed to protecting and respecting your privacy. This Privacy Policy explains how we collect, use, store and share your personal data when you visit burnhammanagement.co.uk (the “Site”), contact us or engage with our lead generation and outbound sales services (“Services”). It also sets out your rights and how to exercise them under the UK General Data Protection Regulation (“UK GDPR”), the Data Protection Act 2018 and the Privacy and Electronic Communications Regulations 2003 (“PECR”).
Burnham Management Limited is a private company registered in England and Wales under company number 16411547, with its registered office at Unit 2, Station Road, Alton, Hampshire, GU34 2PZ, United Kingdom. Our main telephone number is 0330 043 7101 and you can reach our data protection team by email at privacy@burnhammanagement.co.uk.
We collect personal data in several ways. When you complete a form on our Site or speak to us by telephone, you provide information such as your name, company, email address, phone number and any details relevant to your enquiry or project. We may also obtain business contact details from publicly available sources such as Companies House, LinkedIn and industry directories, and we gather technical information such as IP addresses, browser type and cookie identifiers through automated technologies when you browse our Site.
The data we process include identity details (for example, your name, title and job role, property ownership status), contact details (postal address, email and phone numbers), enquiry content, marketing preferences, lead and sales notes, technical information like IP addresses and device IDs, and call recordings with associated metadata. We do not intentionally collect special category data or information about children.
We use your data to respond to enquiries and provide quotes, to run lead generation and telesales campaigns for ourselves and our clients, to record calls for quality and training purposes, to send service updates and marketing where permitted, to secure and analyse our website, and to comply with legal obligations. Our lawful bases include consent (for example, for non essential cookies and electronic direct marketing where PECR requires it), the performance of a contract (when you request our Services) and legitimate interests (such as efficient B2B marketing, improving service quality and protecting our systems).
We do not sell your personal data. However, we may share it with trusted third parties where necessary for the delivery of our services. This includes broadband providers if you choose to switch through us, as well as platforms such as Phonexa, which handles call routing and lead tracking. We also work with cloud-based analytics and marketing platforms including Google and Meta, as well as email delivery systems, customer support tools, and secure cloud hosting services.
We may also share your data with our professional advisors, contractors, or development partners, but only where required for the functioning and improvement of our services. In certain situations, we may be required to disclose data to regulators, supervisory authorities such as the ICO, or law enforcement if legally compelled to do so by valid warrant. Additionally, in the event of a business transfer, merger, or acquisition, relevant data may be disclosed to successor entities.
As of 11th July 2025, our broadband provider partners include Earth Broadband, Sky, Vodafone, Fusion Fibre, Currys, Cuckoo, Zoom Fibre and BeFibre. These providers only receive the minimum data necessary to process your request or complete your switch and are contractually obligated to handle that data securely, lawfully, and solely under our instructions.
In all cases, we ensure that appropriate contracts and data protection safeguards are in place to prevent misuse and to maintain compliance with all applicable legal requirements.
Where possible, we keep data on servers located in the United Kingdom with secure, geo-redundant backup infrastructure located in Germany. If a supplier stores or accesses data in a country without an adequacy decision, we rely on an appropriate safeguard such as the UK Addendum to the Standard Contractual Clauses to ensure your information remains protected to UK GDPR standards.
We retain enquiry emails and CRM records for up to twenty four months from your last interaction so we can manage follow up conversations and sales cycles. Call recordings are kept for twelve months for training and dispute resolution purposes. Lead data supplied to clients are stored for the period specified in each contract, usually thirty six months, to allow campaign reporting and validation, while financial records are held for seven years to meet HMRC and statutory accounting requirements. Cookies expire as described in Section 10. Once a retention period ends, data are either securely deleted or anonymised.
BML protects personal data with technical and organisational safeguards. All public facing services use HTTPS/TLS encryption, access to internal systems is restricted by role and secured with multi factor authentication, and regular vulnerability scans and penetration tests are carried out. Back ups are encrypted with AES 256 and stored in geographically separate UK locations with geo-redundant copies held in Germany. Every member of staff receives data protection and social engineering awareness training.
Our Site sets essential cookies that manage sessions and security functions. We also use Google Analytics to understand user behaviour; its cookies (_ga, _gid and _gat) collect anonymised statistics and remain active for between one minute and thirteen months. A first party cookie records whether you have accepted or rejected non essential cookies and expires after six months. When you first visit, a banner gives you the choice to accept, reject or customise non essential cookies. You can change your decision at any time by deleting cookies in your browser settings.
We do not use automated decision making that produces legal or similarly significant effects. We may segment business contacts by factors such as industry, company size or region to ensure that our outreach is relevant; you can object to this profiling at any time.
The Site may contain links to websites operated by our clients or partners. We are not responsible for their privacy practices and recommend that you read each external privacy notice before providing personal data.
You have the right to access, rectify or erase your personal data, to restrict or object to its processing, to receive a copy in a structured, machine readable format, to withdraw any consent you have given and to complain to the Information Commissioner’s Office.
To make a request, email privacy@burnhammanagement.co.uk or write to the Data Protection Lead at our registered address. We may ask for proof of identity and aim to respond within one month. If a request is particularly complex, we will inform you and may extend the deadline by up to two additional months. If you believe we have not handled your request correctly, you may lodge a complaint with the ICO at ico.org.uk or by calling 0303 123 1113.
You may opt out of our marketing at any time. For email or SMS messages, use the “unsubscribe” link or contact us by email. If we call you, you can ask the agent to place your number on our do not call list. We also screen our outbound numbers against the Corporate Telephone Preference Service and the Telephone Preference Service and honour all opt out requests promptly.
We may update this Privacy Policy to reflect changes in law, guidance or our business practices. Any significant changes will be highlighted on the Site, and the “last updated” date at the top of this notice will be amended accordingly. We encourage you to review this policy regularly to stay informed about how we protect your data.
