Privacy Policy

Who we are

"Business Central Help" (“we”, “us”, “our”), a trading name of Rapid Business Systems Limited (company number: 08875297, registered office: Rapid Business Systems Limited, Dock 209, 75 Exploration Drive, Leicester, LE4 5NU), is the data controller for the personal data described in this policy and collected via the businesscentral.help domain and associated services, unless stated otherwise. We are responsible for determining the purposes and means of processing that personal data.

Our contact details:

Email: dpo@businesscentral.help
Postal: The Data Protection Officer, Rapid Business Systems Limited, Dock 209, 75 Exploration Drive, Leicester, LE4 5NU.

What personal data we collect

In the course of operating a business‑listing website and engaging with businesses in the UK and internationally, we may collect and process the following categories of personal data about employees of other businesses:

Identity and professional details: name, job title, employer / company name.
Contact details: business email address (and, where provided, business phone number).
Listing metadata: who submitted or verified a listing and related correspondence.
Technical data: IP address, device and browser data, and cookies/consent preferences (see Cookies section).

We do not intentionally collect special category data. If you submit such information inadvertently, we will delete or minimize it unless a lawful basis and condition under UK GDPR and DPA 2018 applies.

How we obtain personal data

Directly from you (e.g., submitting or updating a listing, contacting us).
From your employer or another business contact (e.g., listing verification, referrals). Where we obtain data from third parties, we will provide privacy information to you within one month (or earlier if we contact you), unless an exemption applies.

Purposes and lawful bases

We only process personal data where we have identified a specific purpose and a lawful basis under Article 6 UK GDPR. We document the basis for each activity and include it in this notice.

Cookies and similar technologies

We use cookies and similar storage/access technologies for:

Strictly necessary functions (e.g., security, login, load balancing);
Preferences and analytics (only with consent);
Advertising/third‑party tags (only with consent, where used).

We obtain prior consent for non‑essential cookies and provide granular controls. Our banner and settings allow you to withdraw consent easily.

Data sharing and recipients

We may share personal data with:

Service providers (processors) who host our website, provide analytics (with consent), email delivery, security, or support. We use written contracts that require appropriate security and processing only on our documented instructions.
Other businesses and website users via the public listing (limited professional details only), consistent with our legitimate interests and transparency obligations.
Professional advisers (legal/accounting) and authorities where required by law.
Subcontractors who provide Business Central Support & Consultancy services to our customers on our behalf.

We do not sell personal data.

International Transfers

Because we interact with businesses internationally and may use globally distributed cloud or email services, personal data may be transferred outside the UK.

Where a destination country does not benefit from a UK adequacy regulation, we put in place appropriate safeguards—typically the ICO’s International Data Transfer Agreement (IDTA) or the UK Addendum to the EU Standard Contractual Clauses, and we perform a Transfer Risk Assessment (TRA). We review these arrangements periodically.

Data Retention

We keep personal data only for as long as necessary for the purposes set out above (and to comply with legal obligations), and then delete or anonymise it. We maintain a retention schedule—for example:

Listing records: kept while the business is listed and for a limited period after removal to handle disputes and audit trail.
Correspondence: typically 24 months from last interaction, unless legally required longer.

Security

We implement appropriate technical and organisational measures to protect personal data (e.g., access controls, encryption in transit, secure configuration, staff awareness, processor due‑diligence, breach procedures). We record and, where necessary, report personal data breaches in line with UK GDPR requirements.

Your rights

Under UK data protection law, individuals have rights that may apply to the personal data we process, including:

Right to be informed;
Right of access;
Right to rectification;
Right to erasure;
Right to restrict processing;
Right to data portability;
Right to object;
and Rights related to automated decision‑making including profiling (we do not make solely automated decisions that have legal or similarly significant effects).

To exercise these rights, contact us using the details above. We will respond within one month, subject to statutory extensions for complex requests.

How to complain

If you are unhappy with how we handle your personal data, please contact us first so we can try to resolve it. You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO):

ICO, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF
Tel: 0303 123 1113
ico.org.uk

Our Accountability Framework

We operate a privacy management framework consistent with the UK GDPR accountability principle, including policies, records of processing, contracts with processors, DPIAs where high risk exists, and regular reviews of this notice.

Childrens Data

Our services are business‑to‑business and not directed to children. We do not knowingly collect children’s personal data. If we become aware of such data, we will delete it promptly.

Changes to this policy

We may update this policy to reflect legal, technical, or business changes (including developments following the Data (Use and Access) Act 2025). We will post the new version and update the effective date; in material changes we will provide prominent notice.